Enforcing security in cloud environment using elliptic curve cryptography and third party auditing

Cloud computing is the Internet-Based computing. In cloud computing, the resources will be shared, software and information will be provided to the computers and also other services on demand. The services are broadly classified in to three categories Infrastructure as a service (IAAS), Platform as a service (PAAS) and Software as a service (SAAS). Technical support of the cloud computing includes SOA and virtualization of hardware and software. Cloud service users need to be very curious in understanding the risk of data left in this new environment. Cryptographic algorithmic techniques are implemented to sign the data block before sending in to the cloud to empowering the security of the shared data within the cluster. This proposal supports the inclusion of new users to the cluster and an existing batch person can be discarded by sustaining the privacy including data backup and drop out based on the techniques called automatic key generation the revoked user will no longer have access to the data that he retained formerly. Hence dynamic data operations, public auditing, active group user nullification and data security can be achieved successfully. Thus, we are following the use of login with a secret key along with the security question for the user.


Introduction
Cloud Computing gets its name as an analogy for the internet. The internet is revealing in the network diagrams in the cloud computing, cloud icon is representing "All that other stuff" i.e. it makes the network work [1]. Protracted vision of the computing utility is called cloud computing, it enables the distribution of services over the internet [2]. Security is the major issue in Cloud Computing. Encrypted form of data will be stored in the cloud environment. Key factors for protecting data are Access Control, Data Auditing, Authentication, and Authorization [3]. At sometimes, the cloud service provider will be hiding the data corruption to maintain the repudiation. To avoiding this complication, we are introducing an effective TPA to auditing the user's outsourced data.

TPA-third party auditor
TPA is auditing efficiently in the cloud data storage [4]. It will not have any local copy of the data and it will not providing any additional on-line burden to cloud users. TPA will aid data holder to make sure that his data are safe in the cloud and management of data will be easy and less strain to the data owner [5]. Keys of ECC will be generating by using the properties of the ECC equation. It will not use any classical method of generation as the product of very large prime number. According to (Patel and Patel, 2012) std. TPA in the Cloud Environment should have following Functionalities such as i) No Data Leakage ii) Integrity Verification iii) High Performance iv) Scalability

ECC algorithm (elliptic curve cryptography)
Equation of an elliptic curve is shown below, the terms which are used, E -> Elliptic Curve P -> Point on the curve z -> limit which is maximum (Must be a prime number)

Key generation
Key generation is an essential part in which both public and private key are provoked. The sender wi encrypts the message with Public Key of receiver and the receiver decrypst its with Private Key. Select a number 'S' within the range of 'z'. Using the following equation and generating the public key. Q = S * P S = Selecting the random number from the range (1 -z-1). Consider P a point on the curve. The public key and private key are 'Q' and 'S' respectively.

User login
The set of action that will be executed by the user in the shared data within the cloud are as shown below in the following flowchart diagram.

Registration
In registration, every user is required to be register into the cloud. As a result, these set of users will be permitted to login into the cloud server [6].

File upload
In this process, the user uploads a block of files into the cloud with encryption by using his or her private key. This excludes the illegal access of the cloud files. This module allows the admin or the user to download the required file. The downloaded data needs to be decrypted using the private key of the owner of the corresponding file.

Disadvantages of existing system
The Actual system uses symmetric key algorithms such as AES and DES.AES and DES make use of a private key for cryptography. The bit size of the key in actual algorithms will be larger and takes more time for encryption and decryption. Hence this algorithm has less security.

Advantages of proposed system
ECC algorithm constructs faster, smaller and more efficient keys for Cryptography [6]. The level of security is large with 164-bit key whereas other algorithms use up to 1024-bit key. ECC perform with low computing power and consumes less battery resource [7].

Conclusion and future work
We established and delivered the output for Encryption time based on entropy, generating chart for analysis of Encryption time and graph for analysis of Encryption time. We compared the Encryption time between ECC and DES Algorithm. In future we plan to cover all the points in the Elliptic curve. Because due to time constraints we cannot cover all the points in the Elliptic curve. We also plan to improve the efficiency of the ECC Algorithm and also improve the speed of the algorithm.