ABSTRACT: In cloud computing security is amajor issue facedby cloud providers, in existing scheme the security isprovided as follows, the sender is allowed to transmit a data through cloudstorage server protected by double encryption with two security keys, one keyis created based on identity of the receiver or public key at sender side togenerate first-level cipher-text and another key is stored in the securitydevice issued by SDI(Security Device Issuer) shared with cloud storage systemsto originate second-level cipher-text, receiver decrypts the cipher-text usingprivate key and security device provided by PKG(Private Key Generator) and SDIrespectively. In the proposed scheme, sender uploads a file in the cloud andencrypts using the public key, and stored in the cloud. File is being sharedwith other people in the cloud. Receiver is able to access the file only whenthey pass two-step process, user need to select the correct images registeredwhich is stored in encrypted form in the cloud storage, as well as entering thecode which is sent to a mobile application only when they logged into theapplication by scanning the QR code displayed in the cloud.

Once the userpasses these steps the shared document is decrypted using a key generated byKey generator, user can download the shared file. For each step maximumattempts provided are three, if the user is unable to login during theseattempts, the user will be locked. A notification facility is included in thissystem, which notifies an alert message via e-mail to the concerned user ifthey cross more than two attempts or any intruder is trying to access the file.

Performance of the system in the cloud environment is analyzed. In this paper, wepropose also a two-factor data security protection mechanism with factorrevocability for cloud storage system. In our system,  sender allows  to send an encrypted message to a receiverthrough a cloud storage server.

The sender needs to know the identity of thereceiver but no other information (such as its public key or its certificate). Twothings should be done by receiver in order to decrypt the ciphertext. The firstthing is his/her secret key stored in the computer. The second thing is aunique personal security device which is connected to the computer. It isimpossible to decrypt the ciphertext without either piece.

Best services for writing your paper according to Trustpilot

Premium Partner
From $18.00 per page
4,8 / 5
4,80
Writers Experience
4,80
Delivery
4,90
Support
4,70
Price
Recommended Service
From $13.90 per page
4,6 / 5
4,70
Writers Experience
4,70
Delivery
4,60
Support
4,60
Price
From $20.00 per page
4,5 / 5
4,80
Writers Experience
4,50
Delivery
4,40
Support
4,10
Price
* All Partners were chosen among 50+ writing services by our Customer Satisfaction Team

If  security device is stolen or lost, this deviceis revoked. It cannot be used to decrypt any ciphertext. Cloud server willimmediately execute some algorithms to change the existing ciphertext to beun-decryptable by this device. This process is transparent to the sender and  the cloud server cannot decrypt any ciphertextat any time.

Keywords-QR Code, encrypted, decrypted, Key generator,Performance. 1.0 INTRODUCTION Cloud computing is a type ofcomputing over the network, which provides computer processing resources anddata to the cloud consumers on demand. CLOUD  storage is a  networked storage system wheredata is stored in pools of storage which are generally hosted by third parties.There are many benefits to use cloud storage.

The most notable is dataaccessibility. Data stored in the cloud can be accessed at any time from anyplace as long as there is network access. Storage tasks, such as purchasingadditional storage capacity and data sharing between users. If Alice wants toshare a piece of data (e.g., a video) to Bob, it may be difficult for her tosend it by email due to the size of data. Instead, Alice uploads the file to acloud storage system so that Bob can download it at anytime.

Despite itsadvantages, outsourcing data storage also increases the attack surface area atthe same time. For example, when data is distributed, the more locations it isstored the higher risk it contains for unauthorized physical access to thedata. By sharing storage and networks with many other users it is also possiblefor other unauthorized users to access your data. This may be due to mistakenactions, faulty equipment, or sometimes becauseItis a model of on-demand access to the shared resources, can be rapidlydelivered to the users with minimal management effort.

Cloud storage solutionprovides users and enterprises with various facilities such as to store andprocess the data. The data is stored in the third party data centers that maybe located anywhere else from the user. A cloud provider is a company thatoffers services, namely Infrastructure as a Service (IaaS), then Software as aService (SaaS) and Platform as a Service (PaaS) to other enterprises orindividuals.                                            Fig.1             Cloud Service  1.1.  CLOUD SECURITY  The major challenge faced by thecloud providers is to provide security to the confidential data stored in thecloud storage system.

Cloud providers allow the cloud consumers to utilize thestorage capacity allocated to them. Consumers store the file in the cloud byuploading the file into the cloud account created by them. Once the file isuploaded, it can be accessed by the consumer anywhere, at any time fromeverywhere provided the consumer should have connected to the network. Cloudconsumer share the uploaded files to the other users. Sender of the file setsaccess control of the particular file such that it can be accessed by only theauthorized users. This is one of the methodology adopted by the cloud providersto securely access the file. Other technology adopted by the providers areusing the encryption, such as symmetric and asymmetric encryption. The filebeing uploaded by the consumer is encrypted using the public key of thereceiver and stored as an encrypted file in the cloud storage.

When this fileis being shared with other users it will be downloaded by the receiver usingthe secret key generated for that receiver to decrypt the file such that thefile is made readable to the receiver. This methodology is called as asymmetricencryption 4. Symmetric encryption technology adopts the same key forencryption and decryption of the file. In the present trend the factor ofencryption of the data is made wider. Re-encryption (converting the cipher text(first-factor) generated using IBE (Identity Based Encryption) to anothercipher text (second factor), using the suitable key provided in the form of asecurity device such as USB etc.

) is implemented at the cloud server to enhancethe security of the confidential data or to make the intruders feel difficultin order to access the data . This type of re-encryption makes the computationof the cloud side complex, consumes high band-width. So in order to overcomethe difficulties of two-factor system here we are introducing a new system,where the file being uploaded to the Amazon cloud is encrypted by a means ofasymmetric technique. The file can be shared with other users in the Amazoncloud, in such a way that it can be accessed only when the receiver (user)performs a two-step access control process. First-step consists of suitabledecoy images displayed in the form of grid , user needs to select the imageswhich are registered with them .Second-step process consists of entering thesecret code sent to the application installed in the security device (Ex: – AMobile). Unlike the conventional login method (textual-password) designed inthe application, here we are adopting QR (Quick Response) Code (consist ofblack squares arranged in a square grid on a white background, read by theimaging device) displayed in the cloud, in order to login into the application,the user needs to scan the QR code with the built-in camera in the securitydevice through the application.

Once it is complete, the user willautomatically log into the application, then a code will be sent to theapplication, only when login is successful. At last receiver will download thefile when the two-step process is completed.