Security in data communication is a very important concern today. Cloud computing is a revolutionary mechanism that changing way to enterprise hardware and software design and procurements. Because of cloud simplicity everyone is moving data and application software to cloud data centre. The Cloud service provider (CSP) should ensure integrity, availability, privacy and confidentiality but CSP is not providing reliable data services to customer and to stored customer data. Securely sending and receiving data in the above area is an important as the data is crucial. In today’s world the password security is very important. If the confidentiality of the information of very high value, it should be protected. If you want to stop the unauthorised disclosure or alteration of the information, secure it. Unauthorised persons access should be controlled and security for the files in the cloud should be provided. The main focus of this paper is to combine the graphical password technique for login security and cryptography for file security, thereby providing the user with highly secured file securing system.Cryptography is a technique which is used to protect the important data. Encryption is the science of changing data so that it is unrecognisable and useless to an unauthorised person. Decryption is changing it back to its original form. For password protection various techniques are available. Cued Click Points are a click-based graphical password scheme, a cued-recall graphical password technique. Cryptography and graphical password technique are well known and widely used techniques that manipulate information (messages) in order to cipher or hide their existence respectively. Cryptography scrambles a message so it cannot be understood. In this paper we will focus to develop one system, which uses both cryptography and graphical password technique for better confidentiality and security. Presently we have very secure methods for both cryptography and graphical password authentication – AES algorithm is a very secure technique for cryptography and Cued Click Points (CCP) is a proposed click-based graphical password scheme for graphical password authentication. Even if we combine these techniques straight forwardly, there is a chance that the intruder may detect the original message. Therefore, our idea is to apply both of them together with more security levels and to get a very highly secured system for data hiding. This paper mainly focuses on to develop a new system with extra security features where a meaningful piece of text message can be hidden by combining security techniques like Cryptography and graphical password authentication.Authentication is the process of determining whether a user should be allowed to access to a particular system or resource. User can’t remember strong password easily and the passwords that can be remembered are easy to guess. A password authentication system should encourage strong and less predictable passwords while maintaining security. This password authentication system allows user choice while influencing users towards stronger passwords. The task of selecting weak passwords (which are easy for attackers to guess) is more tedious, avoids users from making such choices. In effect, this authentication schemes makes choosing a more secure password the path-of-least-resistance. Rather than increasing the burden on users, it is easier to follow the system’s suggestions for a secure password — a feature absent in most schemes. Various graphical password schemes have been proposed as alternatives to text-based passwords. Research has shown that text-based passwords are filled with both usability and security problems that make them less desirable solutions. Studies revealed that the human brain is better at recognizing and recalling images than text. Graphical passwords are meant to capitalize on this human characteristic in hopes that by reducing the memory burden on users, coupled with a larger full password space offered by images, more secure passwords can be produced and users will not resort to unsafe practices in order to cope.
Graphical passwords may offer better security than text-based passwords because most of the people, in an attempt to memorize text-based passwords, use plain words (rather than the jumble of characters). A dictionary search can hit on a password and allow a hacker to gain entry into a system in seconds. But if a series of selected images is used on successive screen pages, and if there are many images on each page, a hacker must try every possible combination at random. Cued Click Points (CCP) is a graphical password scheme. In CCP, users click one point on each image rather than on four points on one image. It offers cued-recall and introduces visual cues that instantly alert valid users if they have made a mistake when entering their latest click-point. It also makes attacks based on hotspot analysis more challenging.
The Cued Click-Point method is very usable and provides great security using hotspot technique. By taking advantage of user’s ability to recognize images and the memory trigger associated with seeing a new image. Cued Click Point is more secure than the previous graphical authentication method such as Pass Point Graphical Password. CCP increases the workload for attackers by forcing them to first acquire image sets for each user, and then analyze for hotspot on each of these images. Cued Click-Points method has advantages over other password schemes in terms of usability, security and memorable authentication mechanism. The system designed consists of three modules: user registration module, picture selection module and system login module.
In user registration module user enters the user name in user name. When user entered the all user details in registration phase, this user registration data is stored in data base and used during login phase for verification. In picture selection phase the pictures are selected by the user from the database of the password system.
In picture selection phase user select any image as passwords and consist of a sequence of four click-points on a given image. Users may select any pixels in the image as click-points for their password. Users must select a click-point in the image and proceed on the next image. During system login process, images are displayed normally, without shading or the viewport, and repeat the sequence of clicks in the correct order, within a system-defined tolerance square of the original click-points.
CLOUD DATA STORAGE CHALLENGES & ISSUES The cloud computing does not provide control over the stored data in cloud data centers. The cloud service providers have full of control over the data, they can perform any malicious tasks such as copy, destroying, modifying, etc. The cloud computing ensures certain level of control over the virtual machines. Due to this lack of control over the data leads in greater security issues than the generic cloud computing model.
The only encryption doesn’t give full control over the stored data but it gives somewhat better than plain data.
IDENTITY MANAGEMENT AND ACCESS CONTROL
The integrity and confidentiality of data and services are related with access control and identity management. It is important to maintain track record for user identity for avoiding unauthorized access to the stored data. The identity and access controls are complex in cloud computing because of that data owner and stored data are at different executive platforms. In cloud environment, different organizations use variety of authentication authorization agenda. By using different approaches for authentication and authorization gives a compound situation over a period of time. The cloud resources are dynamic and are elastic for cloud user and IP addresses are continuously changed when services are started or restarted in pay per usage model. That allows the cloud users to join and leave feature to cloud resources when they required i.e., on-demand access policy. All these features need efficient and effective access control and identity management. The cloud has to maintain quickly updating and managing identity management for joining and leaving users over cloud resources. There are many issues in access control and identity management, for example weak credentials may reset easily, denial of service attack to lock the account for a period of time, Weak logging and monitoring abilities, and XML wrapping attacks on web pages. An insider threat can be posed by employees, contractors and /or third party business partners of an organization. In cloud environment i.e., at Cloud Service Provider (CSP) side attacks leads to loss of user’s information integrity, confidentiality, and security. This leads to information loss or breaches at both environments. This attack is precious and it is well known to most of the organization . There is variety of attack patterns performed by insiders because of sophistication about internal structure of an organization data storage structure. Most organizations ignoring this attack because it is very hard to defend and impossible to find the complete solution for this attack. This attack ensures great risk in terms of data breaches and loss confidentiality at both organization and cloud level. Attacks that come from external origins are called outsider attacks. Data security is one of the important issue in cloud computing. Since service providers does not have permission for access to the physical security system of data centre. But they must depend on the infrastructure provider to get full data security. In a virtual private cloud environment, the service provider can only specify the security setting remotely, and we don’t know exactly those are fully implemented. In this Process, the infrastructure provider must reach the following objectives: confidentiality, for secure data transfer and access, and audit ability. So that outside intruders can’t access sensitive data which is stored in cloud.On January 1997 in the US, the National Institute of Standards and TechnologyNISTannounced a contest to develop a new encryption system and asked for some important restrictions. The developed system had to be publicly disclosed, unclassified, free for use worldwide, usable with 128, 192, and 256 bit key sizes, and symmetric block cipher algorithms for blocks of 182 bits. On 26 May 2002, 3DES was replaced by Advanced Encryption standard (AES) . AES and 3DES are commonly used block ciphers, and which one to choose depends on the requirement. AES outperforms 3DES both in software and in hardware. AES is based on the Rijndael algorithm, created by Joan Daemen and Vincent Rijmen, which is a combination of a strong algorithm with a strong key. The Rijndael block cipher can use different block and key lengths, such as 128, 192, and 256 bit. This versatility can produce faster and more secure symmetric block ciphers. Another algorithm which might be considered as an alternative to the Rijndael block cypher is the Twofish algorithm, which can use blocks of 128 bits with keys up to 256 bits. The Rijndael algorithm’s combination of security, performance, efficiency, implementability, and flexibility made it an appropriate selection for AES.When it comes to security, the winner is undoubtedly AES as it is considered unbreakable in practical use. After discussing the flaws of DES, thus of 3DES as well, it may seem that DES is insecure and no longer of any use, but that is not the case. The 1997 attack required a great deal of cooperation and the 1998 machine is too expensive to implement, and so the DES and 3DES algorithms are still beyond the capability of most attacks in the present day. However, the power of computers is increasing and stronger algorithms are required to face hacker attacks. The response to that requirement is AES. It has been designed in software and hardware and it works quickly and efficiently, even on small devices such as smart phones. With a larger block size and longer keys using a 128 bit block and with 128, 192 and 256 bit keys, respectively, AES will provide more security in the long term. This standard specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 128 bits, using cipher keys with lengths of 128, 192, and 256 bits. The input, the output and the cipher key for Rijndael are each bit sequences containing 128, 192 or 256 bits with the constraint that the input and output sequences have the same length. In general the length of the input and output sequences can be any of the three allowed values but for the Advanced Encryption Standard (AES) the only length allowed is 128. There are some of the advantages for the users . They are,Very Secure. Reasonable Cost FlexibilitySimplicity For Crypto work the following steps are considered for encrypting the data: Insert text for encryption. Apply AES algorithm using 128 bit key (Key 1). Generate Cipher Text in hexadecimal form. For Crypto work the following steps are considered for retrieving the original text. Get the above retrieved cipher text. Reverse AES algorithm by using Key 1. Get the original message. For both its Cipher and Inverse Cipher, the AES algorithm uses a round function that is composed of four different byte-oriented transformations: Byte substitution using a substitution table (S-box), Shifting rows of the State array by different offsets, Mixing the data within each column of the State array, and Adding a Round Key to the State.In encryption mode, the initial key is added to the input value at the very beginning, which is called an initial round. This is followed by 9 iterations of a normal round and ends with a slightly modified final round, as one can see in Figure 2. During one normal round the following operations are performed in the following order: Sub Bytes, Shift Rows, Mix Columns, and Add Round key. The final round is a normal round without the Mix Columns stage.Steps in AES Encryption Sub Bytes—a non-linear substitution step where each byte is replaced with another according to a lookup table. Shift Rows—a transposition step where each row of the state is shifted cyclically a certain number of steps. Mix Columns—a mixing operation which operates on the columns of the state, combining the four bytes in each column Add Round Key—each byte of the state is combined with the round key; each round key is derived from the cipher key using a key schedule In decryption mode, the operations are in reverse order compared to their order in encryption mode. Thus it starts with an initial round, followed by 9 iterations of an inverse normal round and ends with an AddRoundKey. An inverse normal round consists of the following operations in this order: AddRoundKey, InvMixColumns, InvShiftRows, and InvSubBytes. An initial round is an inverse normal round without the InvMixColumns.AES Encryption and Decryption has many applications. It is used in cases where data is too sensitive that only the authorized people are supposed to know and not to the rest. The following are the various applications Secure Communication Smart Cards RFID. ATM networks. Image encryption Secure Storage Confidential Cooperate Documents Government Documents FBI Files Personal Storage Devices Person Information Protection