CLOUD SECURITY USING FOG COMPUTING

CLOUD SECURITY USING FOG COMPUTING
1
SAYALI RAJE, 2NAMRATA PATIL, 3SHITAL MUNDHE, 4RITIKA MAHAJAN
Abstract- Cloud Computing assures to protect the data on cloud from the data theft attacks, especially insider attacks. A
major amount of professional and personal data is stored on Cloud. Cloud storage is being used enormously in various
industrial sectors. In spite of the abundant advantages of storing data on cloud, Security still remains a major hurdle which
needs to be conquered. Computers are used to access the data on Cloud, with the new communication and computing
paradigms arise new data security challenges. The subsisting methods of protecting data on cloud have failed in preventing
data theft attacks. An altered approach is carried out for securing the data, in addition to the previous standard encryption
mechanisms. The technologies are – 1) User Behaviour Profiling and 2) Decoy Technology. The users using the Cloud are
monitored and their access patterns are recorded. Every User has a distinct profile which is monitored and updated. When an
abnormal activity such as unauthorised access or random and untargeted search for data is detected which is not likely to be
of the real user, a disinformation attack is launched. The person who is trying to access the data is made to answer the
security questions. A large amount of Decoy data is provided to the attacker which in turn protects the user’s real data.
on Multi-keyword Ranked Search which cannot
protect against insider attacker.
I. INTRODUCTION
Cloud storage is a model of networked enterprise
storage where data is stored in virtualised pools of
storage. Outsourcing data and storing in on Cloud
has become an extremely convenient option for the
business sector. In spite of an excellent operational
efficiency, storing data on cloud has its own set of
drawbacks which cannot be ignored. Masqueraders
mimic legitimate users after stealing their credentials
when they access of Cloud. When the masqueraders
logs in with the stolen credentials, he acts as the
legitimate user with the same access rights as the real
users. This type of attack is an insider attack [2]. The
data theft attacks carried out by an insider is one of
the top threats to Cloud security. Given the headlines
over the past couple of years, there remains a concern
about outages, loss of control over security policies,
exposing data to attack or privacy breaches.
We propose a distinct approach to secure cloud
known as Fog Computing. We use decoy information
and user behaviour profiling to secure data on Cloud.
We launch a disinformation attack against malicious
insiders using these two technologies thus preventing
them from distinguishing the real sensitive
information from the fake data.
II. SYSTEM MODEL
There are three different entities as illustrated in Fig.
1: the data owner, the Cloud service provider and the
Cloud server. During the registration procedure the
client requests for space on the Cloud. The CSP
processes this request and grants access to the client
on the Cloud sends an email to the client consisting of
a system created password. Once the client is
registered, he can upload, download and access his
data on the Cloud.
One of the latest examples being the credit card data
breach at Marriot, Sheraton and other hotels. The
company said information subject to potential theft
by cyber criminals included names and numbers on
consumers' debit or credit cards, security codes and
card expiration dates.
Another example is the one which happened in
Berlin. Cell phone and broadband provider Vodafone
Deutschland says it was the target of a large-scale
data theft affecting the personal details of 2 million
German customers. Spokesman Alexander Leinhos
says the attack was conducted by an unidentified IT
systems administrator who worked for a company
.Vodafone said in a statement Thursday that the
stolen data included customers' names, addresses, etc
and was done by an insider attacker.
Various security mechanisms have focused on ways
of preventing illegal and unauthorised access to data
present on the Cloud. This has been done through
various encryption techniques. Ning Cao, Cong Wang
and others proposed an encryption technique based
Fig.1: System model
Proceedings of IRF International Conference, 30th March-2014, Pune, India, ISBN: 978-93-82702-69-6
5
Cloud Security using Fog Computing
with a one class modelling technique, namely oneclass support vector machines. This was done to
maintain the privacy of user and secure the users data.
III. SECURING CLOUD WITH FOG
Many proposals were put forward for securing data
on the Cloud using various encryption techniques.
These techniques have been unsuccessful in securing
data from insider attackers. Other reasons are misconfigured services, faulty implantation, and buggy
code.
A pattern of the normal user behaviour is modelled
.this model is then compared to the behaviour of the
person accessing the system, to check whether the
person is a real user or a masquerade [1].
1) User behaviour profiling: User behaviour profiling
is a reputable technique that is used to determine
when and how frequently the user accesses his data
on the Cloud. The way of access to a user’s
information on the Cloud is predictable. This
behaviour of the user is checked continuously to
detect an abnormal activity. Each user has a distinct
profile consisting of the number of times he has
accessed his files on the Cloud. These profiles
maintain a count of the number of times a file is
accessed. If there is any deviation in the user
behaviour profile which is already stored in database
then an attack is detected.
2) Decoys: The file system is packed together with
traps these traps are upload on the system by the
Cloud service provider. These traps can contain
documents like credit card details, tax returns, bank
statements. These documents are places in highly
egregious places. A masquerader who is not
acquainted with the system and who has an ill intent
may is likely to click on these false documents. They
may believe that he has ex-filtrated important
information, when they have not. When a decoy
document is downloaded an alert can be generated.
Thereby the system can be notified of masquerade
activity.
2) Decoy Technology: The file system is packed
together with traps these traps are upload on the
system by the Cloud service provider. These traps can
contain documents like credit card details, tax returns,
bank statements. These documents are places in
highly egregious places.
A masquerader who is not acquainted with the system
and who has an ill intent may is likely to click on
these false documents. Thereby the system can be
notified of masquerade activity.
The hash code of all the legitimate and decoy
documents upload on the system is calculated. The
hash code of every document downloaded is matched
with the hash code of the decoy document. If a match
is found then the document is deemed to be a decoy
document and an alert is generated. An insider
attacker would not be able to escape detection if they
access a decoy document.
The hash code is based on keyed-Hash Message
Authentication Code (HMAC).
HMAC code:
HMAC that is keyed hashed message authentication
code which is used for calculating a message
authentication code. It involves a cryptographic hash
function along with a secret key. We are calculating
the HMAC code of the document by using the MD5
Algorithm.MD5 processes a document of variable
length into a fixed length output of 128 bits.
 Variable length to fixed length output.
 Input n-bit blocks
 Input divided into 512 bit blocks
 Padding is done
 Buffer initialization
 Output 128 bit
This technology is incorporated along with User
behaviour profiling. When illegal access is suspected
and later verified through various means, such as
security question, a disinformation attack may be
launched. In this attack, the attacker is provided with
false information and made to believe that the
information that he has received is true. This secures
the users actual data.
IV.
COMBINING
USER
BEHAVIOUR
PROFILING AND DECOY TECHNOLOGY
FOR MASQUERADE DETECTION
1) User Behaviour Profiling: Legitimate Users of the
Cloud system are acquainted with the documents and
information on the Cloud system they have stored.
The search for documents is to the point and limited.
A masquerade gets access to the victim’s system
illegitimately, is unlikely to be acquainted with the
structure and contents of the file system. Their search
is not to the point and widespread.
The user search behaviour is profiled and developed
based on this key assumption, user models trained
Fig. 2: MD5 algorithm
Proceedings of IRF International Conference, 30th March-2014, Pune, India, ISBN: 978-93-82702-69-6
6
Cloud Security using Fog Computing
The advantages of placing decoys in a file system are
threefold:
(1) The detection of masquerade activity
2) The insider attack can be detected.
3) The accuracy of detection of a masquerader a
great by combining the technique.
(2) The confusion of the attacker and the additional
costs incurred to identify the real information from
bogus information.
4) The confusion of the attacker through decoy
documents safeguards the actual data of the user.
3) The combination of the two techniques: The
combination of user behaviour profiling with decoy
technology provides a strong evidence of illegal
access and helps improve accuracy of detection. Only
user one technique can produce false positive results.
By combining the two techniques the rate of detecting
illegal access increases.
V. FUTURE SCOPE

The user behaviour is detected by using an access
pattern. The access pattern may be determined by the
number of times the document or file is opened or
downloaded. This record is maintained. When a user
access the system, his behaviour is matched with the
user behaviour profile stored in the database. If the
behaviour matches, it is said that the real user is
accessing the data or else it said that a masquerader is
accessing the data.

Unique user behaviour profiles are
maintained for each user, every time the user
logs in, his behaviour is matched with his
own existing profile stored in the database.
If the user behaviour does not coincide with
the one stored in the database then an attack
will be detected.
Study of how attacker behaviour changes
based on their knowledge about the
monitoring mechanisms running on the
victim's system and their perception of risk
and expected financial gain.
Data can also be split up and stored on multiple
Clouds for providing additional security.
Once unauthorized data access or masquerade activity
is verified, with challenge questions for instance, a
decoy document attack is launched. Here the
masquerader is deliberately given false information
and the user documents are secured. A mail is sent to
the real user and the Cloud service provider
informing them about the masquerade activity.
REFERENCES
At the same time, to secure the data if the user
behaviour matched the real user traps or decoy
documents are merged with the user’s data. These
documents are places in highly egregious places. A
masquerader who is not acquainted with the system
and who has an ill intent may is likely to click on
these false documents. Thereby the system can be
notified of masquerade activity [1].
Advantages:
1) The information stored on the Cloud can be
secured commensurable way.
[1]
Ben-Salem M., and Stolfo, Angelos D. Keromytis, “Fog
Computing: Mitigating Insider Data Theft Attacks in the
Cloud,” IEEE symposium on security and privacy workshop
(SPW) 2012.
[2]
Ben-Salem M., and Stolfo, “Decoy Document Deployment
for Effective Masquerade Attack Detection,” Computer
Science Department, Columbia University, New York.
[3]
Ben-Salem, M., and Stolfo, S. J., “Modelling user searchbehaviour for masquerade detection,” In Columbia
University Computer Science Department, Technical Report
# cucs-033-10 (2010).
[4]
Bowen, B. M., Hershkop, S., Keromytis, A. D., and Stolfo,
S. J., “Baiting inside attackers using decoy documents.” in
Department of Computer Science Columbia Universit,
2009.
[5]
Mihir Bellare, Ran Canetti, Hugo Krawczyk. “Message
Authentication using Hash Functions --- The HMAC
Construction ”.In RSA Laboratories’ CryptoBytes, Vol. 2,
No. 1, Spring 1996.

Proceedings of IRF International Conference, 30th March-2014, Pune, India, ISBN: 978-93-82702-69-6
7

Download Report