[go: up one dir, main page]
Scribd
Upload
51 views15 pages

Second Review

This document proposes a system called Fog Computing to mitigate insider data theft in the cloud. It monitors data access in the cloud and detects abnormal patterns using challenge questions. When unauthorized access is detected, it launches a disinformation attack by returning decoy information to the attacker, protecting the user's real data. Experiments in a local file setting show this approach may provide high levels of user data security in cloud environments.

Uploaded by

immurugappan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
51 views15 pages

Second Review

This document proposes a system called Fog Computing to mitigate insider data theft in the cloud. It monitors data access in the cloud and detects abnormal patterns using challenge questions. When unauthorized access is detected, it launches a disinformation attack by returning decoy information to the attacker, protecting the user's real data. Experiments in a local file setting show this approach may provide high levels of user data security in cloud environments.

Uploaded by

immurugappan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 15

FOG COMPUTING: MITIGATING INSIDER THE

DATA THEFTS IN CLOUD

ABSTRACT:

Cloud computing promises to significantly change the way we


use computers and access and store our personal and business
information. With these new computing and communications
paradigms arise new data security challenges. Existing data
protection mechanisms such as encryption have failed in
preventing data theft attacks, especially those perpetrated by an
insider to the cloud provider. We propose a different approach for
securing data in the cloud using offensive decoy technology. We
monitor data access in the cloud and detect abnormal data access
patterns. When unauthorized access is suspected and then verified
using challenge questions, we launch a disinformation attack by
returning large amounts of decoy information to the attacker. This
protects against the misuse of the users real data. Experiments
conducted in a local file setting provide evidence that this approach
may provide unprecedented levels of user data security in a Cloud
environment.
EXISTING SYSTEM:

Businesses, especially startups, small and medium businesses (SMBs), are


increasingly opting for outsourcing data And computation to the Cloud. This
obviously supports better Operational efficiency, but comes with greater
risks, perhaps the most serious of which are data theft attacks. Data theft
attacks are amplified if the attacker is a malicious insider. This is considered
as one of the top threats to cloud computing by the Cloud Security Alliance.
While most Cloud computing customers are well-aware of this threat, they
are left only with trusting the service provider when it comes to protecting
their data. The lack of transparency into, let alone control over, the Cloud
providers authentication, authorization, and audit controls only exacerbates
this threat. Example: Twitter Incident. While this particular attack was
launched by an outsider, stealing a customers admin passwords is much
easier if perpetrated by a malicious insider. The authors also demonstrated
how Cloud customers private keys might be stolen, and how their
confidential data might be extracted from a hard disk. After stealing a
customers password and private key, the malicious insider get access to all
customer data, while the customer has no means of detecting this
unauthorized access.

DISADVANTAGES:

1. The encryption mechanism failed in preventing the data theft attacks.


2. These attacks was launched by an insider stealing customers admin
passwords and private key and get access to customer data while the
customer has no means of detecting this unauthorized access.
PROPOSED SYSTEM:

To overcome this problem, we propose a completely different approach to


securing the cloud using decoy information technology, that we have come
to call Fog computing. We use this technology to launch disinformation
attacks against malicious insiders, preventing them from distinguishing the
real sensitive customer data from fake worthless data. we monitor data
access in the cloud and detect abnormal data access patterns by
using challenge questions. When unauthorized access is suspected
then we launch a disinformation attack by returning large amounts
of decoy information to the attacker. The decoy documents carry a
keyed-Hash Message Authentication Code (HMAC), which is hidden in the
header section of the document. The HMAC is computed over the files
contents using a key unique to each user. When a decoy document is loaded
into memory, we verify whether the document is a decoy document by
computing a HMAC based on all the contents of that document.
ADVANTAGES:
(1) The detection of masquerade activity
(2) The confusion of the attacker and the additional costs incurred to
distinguish real from bogus information
(3) The deterrence effect which, although hard to measure, plays a
significant role in preventing masquerade activity by risk-averse attackers.
SYSTEM REQUIREMENTS

HARDWARE REQUIREMENTS:

Processor - Pentium III

Speed - 1.1 GHz

RAM - 256 MB (min)

Hard Disk - 20 GB

SOFTWARE REQUIREMENTS:

Operating System :Windows95/98/2000/XP

Application Server : Tomcat5.0/6.X

Front end : HTML, JSP

Scripts : JavaScript.

Server side Script : Java Server Pages.

Database : SQL server.

MODULES:
1. User Authentication

2.Cloud ID Allocation

3. Cloud Server

(i) Cloud Storage

(ii) Cloud Retrieval

4. Decoy Generation

1. User Authentication:

The module deals with authentication of the users .In this


authentication, each of the users are associated with creating new user id
and password because allocating the space in cloud with new user id only
accepted . The user id is unique to each user. After user can login into the
cloud then User can store and retrieve their data into cloud server.

2. Cloud ID Allocation:
In this module, user need to allocate their memory space(100 MB-GB) in
cloud server by giving some amount to buy that particular space. Cloud
server randomly generates cloud id for registered user .After getting the
cloud id, user is allowed to store and retrieve their data in cloud server.

3. Cloud Server:
In cloud server, we store and retrieve our personal and
business information in safe manner.

(i)Cloud Storage:
In this module, we will upload our file using Cloud ID then the uploaded
file will be encrypted (original data is converted to some other format) using
DES algorithm, so that incase some intruder may hack the file at any reason
or at any cost, we generate decoy files using some challenging questions,
after that store our data in cloud server
(ii) Cloud Retrieval:
In the module, we retrieve our files in cloud server. If you are authorized
user, means your cloud id and challenging questions must be same in storing
procedure you will get your original data after decrypted(other format is
converted to original data)using DES algorithm otherwise you will get your
decoy data(fake data)

4. Decoy Generation:
Decoy Technology, allows invalid users to download decoy files which
are placed in a highly conspicuous locations. Monitoring access to the decoy
files should signal masquerade activity of the system. The decoy documents
carry a keyed-Hash Message Authentication code (HMAC) to differentiate
original file from the decoy files.

SYSTEM ARCHITECTURE:
FOG COMPUTING

User Authentication Cloud ID


Allocation

Cloud Server

STORAGE RETRIEVAL

Invalid User
Valid User
File uploading Decoy
usin cloud id generation
& security
questions Decoy
Retrieve
Files
original files

DATAFLOW DIAGRAM
Level 0:
Cloud Storage

User
Authentication Process
Cloud Retrieval

Cloud ID Decoy Generation


Allocation

Level 1:
New User
Registration
Login
User
Authentication

User_reg1

Cloud Server

Level 3

Level 2:
Cloud ID allocation Allocated
space Cloud_reg

Generatin
g cloud ID

Level 3:

Cloud Server Cloud


Storage

Level 4

Cloud
Retrieval

Level 5
Level 4:

Cloud Storage File upload Encryption using


using cloud DES
ID &Security
que

store
Decoy Generati
generation ng fake
files
decoy

Level 5:

Cloud ID
Cloud retrieval
& Security
que

Validate
Decryption authentica
usind DES store
ted user

Invalid
Retrieve Retriev ate
original e fake user
files files

decoy
SCREENSHOTS:

Main page:
About Fog Computing:

You might also like