secured cloud banking transactions using two-way ...€¦ · use 2fa system for users in the cloud...

http://www.iaeme.com/IJCIET/index.asp 531 [email protected]

International Journal of Civil Engineering and Technology (IJCIET) Volume 9, Issue 1, January 2018, pp. 531–540, Article ID: IJCIET_09_01_053

Available online at http://http://www.iaeme.com/ijciet/issues.asp?JType=IJCIET&VType=9&IType=1

ISSN Print: 0976-6308 and ISSN Online: 0976-6316

© IAEME Publication Scopus Indexed

SECURED CLOUD BANKING TRANSACTIONS

USING TWO-WAY VERIFICATION PROCESS

A. Anitha, M. Varalakhshmi, A. Mary Mekala, Subashanthini, M. Thilagavathy

School of Information Technology and Engineering

VIT University, Vellore, India

ABSTRACT

The emergence of computer and computer networks made the people life very

simple on one touch. But, is the network really secured? Do our transactions are done

in a trusted manner? These thoughts lead us to network security. For the past few

decade, network security places vital role in ensuring safe and secured

communication over the Internet. In our day to day life, most of the communication

are carried out to ensure safe account transactions. Thus security in banking domain

should be highly secured and user-friendly to have the smooth communication. An

effort has been taken in this paper to provide a better security model by adapting ABE

and AES than existing security systems. Every user registers and gets a username and

password for authentication. We deploy four admin for the overall control of data

access. The proposed model provides great security to various access policies based

on different scenarios. Every admin is provided with user-id, password, challenge-key

and its corresponding challenge response key, ABE key and MAC and IP Address

captured in Cloud. Every admin is assigned with certain access privilege & ABE key

is assigned. Servers generate a new key and divided with the available numbers of

administrators. This key is sent as Email alert to every administrator. If any query

requested by the user beyond the permitted privilege of the corresponding

administrator then that admin will the permission from rest of the administrators by

getting everyone's Joint Threshold key and finally concatenated and verified by the

server then access permission is provided

Key words: ABE Key, Fine-Grained, Attribute-Based Encryption, AES, OTP, Email

ID Key Verification.

Cite this Article: A. Anitha, M. Varalakhshmi, A. Mary Mekala, Subashanthini and

M.Thilagavathy, Secured Cloud Banking Transactions using Two-Way verification

process, International Journal of Civil Engineering and Technology, 9(1), 2018, pp.

531–540.

http://www.iaeme.com/IJCIET/issues.asp?JType=IJCIET&VType=9&IType=1

Secured Cloud Banking Transactions using Two-Way verification process


1. INTRODUCTION

Cloud computing is a broad area in which the services such as buy, sell, or rent and other

resources are shared in a on-demand process. There are many applications of cloud

computing, such as data sharing data storage immensely colossal data management, on

various applications. One of the risk, is that the end users access applications stored on cloud,

using app's which is cracked easily. The use of cloud computing are immensely colossal,

which include the facileness of accessing the resources with less cost and increase the

operational efficiencies, can accommodate for very large number of services, compatible and

approachable to the market. Even though there are various advantages of cloud computing,

privacy and security is a very big challenge. Cloud stores various insightful data for

opportune access; authenticating the user becomes and essential task to provide the service.

The traditional method of authenticating an user by providing username and password is not

an efficient as the intruder can easily guess the information authenticated. Another limitation

is that, since many people are involved in sharing the same resources, lead to unsecured

transactions.

Using attribute-based access system, each user has been provided by a secret key issued

by the ascendancy. In practice, the user secret key is stored on the personal computer. On

considering the second limitation, it is mundane that the resources are shared by many at

many time in a huge organization. For example in real-time applications such as health care,

marketing and finance, education system, and lot more, the computes are shared by various

people on day/night shift basis. In this situation, In order to avoid such situations, one of the

best way is to utilize two-factor authentication (2FA), which is used for secured transactions.

Along with traditional authentication process, the utilizer is additionally should have a

contrivance either mobile or mail-id to exhibit a one-time password. The security is upgraded

as two level process gives more confident towards our day-to-day transactions. It is better to

use 2FA system for users in the cloud accommodations in order to increase the secure level of

transaction in the system. In this paper, we propose a secured way of accessing web-based

cloud services using two-factor access protocol. First, the user should have a secret key

(which is conventionally stored). In integration, security contrivance is additionally linked to

the computer for authentication to he user to access the cloud data. Effort has been taken to

have a secured transaction with concern to the comfortable and convenient with confident

transaction using cloud computing.

The paper is organized as follows: Section 1 discuss about the secured transaction in cloud

computing using fine-grained two factor authentication process. Literature review was

explained in Section 2. Section 3 discuss about the ABE algorithm whereas Section 4 explains

about the AES encryption and decryption algorithm. Section 5 deals with the proposed cloud

secured architecture model followed by conclusion and future enhancement.

2. LITERATURE REVIEW

Baek, et.al (discussed a smart framework, used for big data in cloud technology environment

[1], to manage the information three hierarchical level of cloud computing is framed : top,

regional and end-users levels. They propose a safe distributed computing based system for

enormous information data administration in secured networks, which we call "Keen Frame".

Bethencourt et.al introduced about CP- ABE algorithm from that user's secret keys are

provided by attributes which are passed by a user and with the user's attribute they decrypted

the secret keys [2]. With the use of several optimization techniques and different policies they

handled the attacks of hackers or unauthorized users. They propose that the verification plot

can't prompt to the conspicuous execution on the VM relocation by examining the movement

dormancy. The validation plan can give more eminent adaptability to cloud clients to control

A. Anitha, M. Varalakhshmi, A. Mary Mekala, Subashanthini and M.Thilagavathy


their own particular VM relocation. To ascertain the relocation of VMs is prognostic able with

client's strategy, they proposes a User-Policy-Confined VM Migration Protocol (UVMP),

which gives another corroboration plot that addresses the impediment and empowers VM

kinetics to be controllable and evident by cloud clients by presenting the Cipher-text-Policy

Attribute-Predicated Encryption(CP-ABE) into validation field. Liang, Liu, Wong, and Susilo

have described model to reduce the complexity of size of re-encrypted Cipher-text and

decryption [3]. The proposed idea has the limitation of the size of decrypted and re-encrypted

cipher text expanded the linearly of the counts of time of periods.

The over-counting problem with LC-sketches induced by the multi-path routing based

aggregation was discussed by Fan and Chen [4]. The LC-sketches based algorithm shows the

low inconsistency of errors, high accuracy, and less overhead over the existing models. An

efficient interactive identification and signature scheme based on discrete logarithms are

suitable for smart cards were discussed by Xu et.al (2004) [5]. An efficient algorithm to pre-

process the exponentiation of random numbers was proposed that sink makes signature

generation very fast. It also improves the efficiency of the other discrete log cryptosystems.

The pre-processing algorithm is based on two fundamental principle such as local

randomization and internal randomization. Various ABE schemes like ABE, KP-ABE,CP-

ABE,ABE with non-monotonic structure, HABE,MA-ABE was discussed by George et. al.

(2012) [6]. The encryption methodologies on the basis of these policies were discussed on

monotonic or non-monotonic related on the types of access control schemes. Tejali et.al

(2012) have proposed a fined grained two variable approval protocol that gets control

structure for electronically distributed cloud computing technologies [7] . In this they

probably distribute the secret key as two segments, where first part is sent to the user and

another part is kept in the security gadget. The point by point security examination was

utilized to control structure stopped security by 2FA. Secure data transmission using

steganography techniques were discussed by Anitha et.al (2014) using mailing systems [9].

Cyber defense using Artificial Intelligence (2016) was discussed to identify the hacker or

intruder in various levels of the network system [10]. An intrusion detection system using

artificial intelligence to improve the cloud security system was discussed by Anitha et.al

(2017) [11].

3. INTRODUCTION AND IMPLEMENTATION OF ABE-ALGORITHM

ABE stands for Attribute-Based Encryption that is introduced by Goyal et al. (2005) [8]. This

algorithm deals both user secret key and cipher-text with user attributes. It is a type of

asymmetric key encryption scheme in which cipher text and a secret key are dependent upon

various attributes. It is an significant security algorithm scheme that can be useful in any role-

based system to provide data Integrity and confidentiality. An important feature of ABE is

Collusion-resistance. In this type of system, the decryption of a cipher text is achievable only

if the attributes of the user will be matched. There are two main types of Attribute-based

Encryption scheme such as Key-policy Attribute-based Encryption and Cipher text policy

Attribute-based Encryption. It can be used for log encryption based on the attributes. User

stores own data on the internet and the main drawback of traditional encryption algorithm is

that the data can only be shared at coarse-grained level.

3.1. STEPS INVOLVED IN WORKING OF ABE-ALGORITHM

Attribute-predicated encryption (ABE) contains a asymmetric-key predicated for 1-M other

encryptions that sanctions users to encrypt and decrypt data related on utilizer attributes. In

that the secret key of a utilizer and the cipher text are reliant on attributes. The decryption

process of the cipher text can be done only of the utilizer key set of attributes matches with



the attributes of the cipher text. Decryption is only desirable when the number of matching is

at minimum a threshold value. The various steps involved are depicted in Figure 1 below.

Also step by step processing is given in Figure 2.

Figure 1 Processing of ABE algorithm

Figure 2 Step by step Processing of ABE algorithm

3.2. WORKING OF ABE- ALGORITHM IN JAVA

First, we put all the .jar file related to ABE algorithm into the libraries of the project what

have you created in NetBeans like JDBC-API, JDBC-crypto, JDBC-platform etc. After that, I

took all the attributes of user whatever he put in the form and store in the array. After that, I

created one object pub of class BswabePub which I was created before this class and after

that, I created one object mask of class BswabeMsk by passing pub object which is used for

serializing the attribute of the user. After that, I called the setup static method of Bswab class

in that method I created CurveParameter class object by passing. The whole process of data

flow was given in Figure 3.



Figure 3 Data flow using ABE algorithm

The byte array object and load to param object. After that with alpha, beta, duplicate this

method create the curve and load all these in Bswabe object and return to the calling method.

And after that, key-gen method by passing pub, msk and attribute of the user to it then in this

method with all three parameters it created one key and return back to calling method. After

key generation, I called delegate method of Bswabe by pub object, prv object of Bsabeprv

class and subset of the attribute that is going to pairing of each parameter is passed in it. After

delegation, encryption method by passing pub object is called, policy to the enc_ method.

Finally, this method encrypts the attribute in a form of cipher-text and return to the calling

method and then convert into cph object and after encryption The decryption method called

by passing the pub object, prv object and cph object that is public key, private key and cipher-

text and when the decryption method got the parameter of public key, private key and cipher-

text and finally it will be decrypted in a plain text that is in simple text. It's a process of

Encryption and decryption in ABE algorithm and same logic is used in this application. The

execution result of the java program is shown in Figure 4.



Figure 4 Output of ABE Algorithm

4. BASICS OF AES

AES is the incipient standard encryption model authorized to replace DES. This is the best

calculation for cloud security as far as execution and time. The calculation can reinforce any

coalescence of data of 128 bits and the key-length of 128, 192, and 256 bits. The calculation

is suggested as AES-128, AES-192, or AES-256, dependent upon the key length. In the midst

of encryption and decoding process, AES structure encounters 14 rounds for 256-piece keys,

12 rounds for I92-bit keys, and 10 rounds for the keys of 128 bits with a particular true

objective to pass on definite figure message or to the plain content which was unique. AES

licenses a 128 piece length of information that can be isolated into four fundamental

operational squares. The pieces are managed as the exhibit of bytes and dealt with as a lattice

of line and section 4cross 4 kenned as the state. Both the encryption and unscrambling

process, the Figure 5, commences with an AddRoundKey arrange. In any case, afore heading

off to the last round, this yield goes however through nine essential rounds, and amid each of

the rounds four changes are conveyed to activity; 1) Sub bytes, 2) Shiftrows, 3) Commix-

segments, 4) Integrate round Key. Decoding is only the antithesis technique of encryption and

with the utilization of the three elements of rearward: i) Inverse blend segments, ii) Inverse

Shift Rows and iii) Inverse substitute bytes.

4.1. IMPLEMENTATION OF AES IN JAVA

To start with we have taken one last static variable i.e the best approach to make steady in

java whose name is algo and instated by "algo" name i.e AES on the grounds that we will

actualize AES calculation and take one byte variable whose name is "key esteem" which is



put away "key esteem". After that, we made a constructor of this class which contains one

parameter which is passed by fundamental capacity at the season of production of the protest

of this class as key esteem and here we have changed over the key an incentive as bytes and

put away in the "key-esteem" variable which is byte sort. At that point, we made a "produce

Key" capacity which returns key (Secret key). In this capacity we made the protest of Key

class by calling the constructor of "Mystery Key Specification" class where we have passed

two contentions one is "key Value" which is in byte design and another one is "algo" name on

the premise of "key esteem" and "algo" name it make one mystery key and after that it gives

back the way to the calling capacity. At that point we make the encode work by passing the

String which we need to scramble. In this capacity we call the "generateKey" capacity and

stores the mystery key which the called work returned and put away in the Key sort Variable

and after that we made the occurrence of Cipher by passing the "algo" name which makes the

case on the premise of this calculation to the "getInstance" capacity of Cipher class and put

away in the Cipher sort variable 'c'. At that point, we instate the occasion of Cipher by calling

the init capacity of Cipher class where we have passed two parameters one is MODE here we

have passed ENCRYPT_MODE in light of the fact that we will scramble and another one is

mystery key. Subsequent to introducing we called "doFinal" technique for Cipher class by

passing the string which we need to encode as bytes. "doFinal" technique scramble the string

as bytes. After that, we made the question of BASE64Encoder class since we need to

scramble the message and call it's encoded technique by passing the encoded string as the

byte. Finally, this strategy encodes the string through string which we put away in the String

variable and we made another technique for decoding named "unscramble" by passing one

parameter through string which we need to decode. Nearly the code is same as encryption. In

this technique, we additionally produce mystery key and make an occasion of figure class and

called the init strategy here we changed mode DECRYPT_MODE at the place of

ENCRYPT_MODE on the grounds that we will unscramble the message. After that, we made

the protest of BASE64Decoder and called its capacity "decodeBuffer" by passing the

scrambled string.

Figure 5 AES- encryption and decryption process



This capacity unravels the encoded string as bytes and after that, we called "doFinal"

technique and pass the decoded byte esteem. "doFinal" strategy disentangles the bytes through

the string. At last, we get the plain content. This is the switch procedure of encryption. The

execution result of the java program is shown in Figure 6.

Figure 6 Output of AES Algorithm

5. PROPOSED WORKING MODEL IN REAL-TIME BANKING

APPLICATIONS

In this paper, effort has been taken to provided so many security features like OTP (One Time

Password), EMail-Key verification, User-Id, Password, Random Security Questions and

answers verification, Last Active Time, IP and MAC Address Capture and Verification and

captured activities of user and admin. First of all I created one main admin with their

information and number of security questions and answers when I created password is

randomly created according to Attribute Based Algorithm (Three unique attributes according

to these attributes are sent to the registered mail id of mail id), This process is same for all

admin and users for password creation. After creation of Main admin, He / She is going to log

in, In the login process Main Admin filled User-Id and password if both are correct then

randomly two security questions will come if main admin will fill correct answers then It will

go to next authorization process that is mail Id Key verification (Based on the ABE

Encryption It also pick Unique key and generate ABE key and send to the Registered Mail )

After Mail Verification and Send Abe key to registered Mobile as OTP(Abe key) and if ABE

key is matched then It will check somebody already logged in or not. If nobody already

logged in the Main admin log in process will complete and go to the home page. This Login

process is same for all admin and Users. After Main admin logged in He/ She created four

Admin (They will see the activities or handle the request of every user).This admin will create

user as same as They created by main admin. Admin will see the activities of other admin and

users and They will do the other bank activities. Users will send any request to admin when

they will send one ABE code will generate and divide it into four parts and send to four admin

individually so suppose in the worst case if anyone will hack so he has to hack four admin PC

so it's very difficult for any hacker. All the data stores or fetching process is happening from

the cloud so it needs Internet Connection and It is fully Stand Alone Security-Based Banking

system In the cloud. The working model is given in Figure 7.



Figure 7 Proposed model architecture

As experimental results with various attributes and the encryption time are calculated and

the charts are given below for better visualization. Figure 8 discussed about the time

consumption of the file size to be uploaded versus the encryption time, whereas Figure 9

depicts about the number of attributes verses time. Also the model is compared with security

analysis using support vector method proposed by Anitha et. Al [10], and found the proposed

model gives the higher security than the existing one.

Figure 8 Time consumption of the proposed model Vs Support Vector Method

Figure 9 Time Vs number of attributes

Proposed method

Support Vector Method

File Size in KB

En

cryp

tio

nT

ime



6. CONCLUSION AND FUTURE ENHANCEMENT

In this paper, we have proposed used 2FA access control system using user key and the light

weight devices for online cloud computing services. Using the ABE, the privacy is preserved

by enabling the cloud server in a secured manner. Detailed security investigation shows that

the proposed 2FA access control system attains the preferred security requirements.

Experimental analysis shows that the proposed model is a optimal one rather than the existing

system. As future work, it is planned to investigate definitions of proxy re-encryption security

in a multi-user system. To achieve this, more attention is required including the policies held

by the delegates and the proxy systems. Another challenging direction is to allow

transforming the cipher text, so that the non-adaptable of the encrypted message is secured

when the public key is to be changed by the intended recipient.

REFERENCES

[1] J. Baek, Q. H. Vu, J. K. Liu, X. Huang, and Y. Xiang. A secure cloud computing based

framework for big data information management of smart grid, IEEE Trans. Cloud

Comput., 3(2), 2015, 233–244.

[2] J. Bethencourt, A. Sahai, and B. Waters.Ciphertext-policy attribute based encryption, in

Proc. IEEE Symp. Secur. Privacy, 2007, 321–334.

[3] K. Liang, J. K. Liu, D. S. Wong, and W. Susilo. An efficient cloud-based revocable

identity-based proxy re-encryption scheme for public clouds data sharing” in Proc. 5th Int.

Conf. SCN, 2006, 111–125.

[4] Y.-C. Fan and A. L. P. Chen. Efficient and robust schemes for sensor data aggregation

based on linear counting,” IEEE Trans. Parallel Distrib. Syst., 21(11), 2010, 1675–1691.

[5] X. Xu, X.-Y. Li, X. Mao, S. Tang, and S. Wang. A delay-efficient algorithm for data

aggregation in multihop wireless sensor networks ACM Trans. Internet Technol., 4(1),

2004, 60–82.

[6] Minu George, C. Suresh Gnanadhas, and Saranya.K, A Survey on Attribute Based

Encryption Scheme in Cloud Computing. International Journal of Advanced Research in

Computer and Communication Engineering, 2012, 295-301.

[7] Tejali B. Nalawade, Manohar and K. Kodmelwa. A Study on Authentication and Access

Control for Cloud Computing, International Journal of Innovative Research in Computer

and Communication Engineering, 2012, 295-301.

[8] Goyal, V., Pandey, O., Sahai, A and Waters, B. Attribute-based encryption for fine-

grained access control of encrypted data. In Proceedings of the 13th ACM conference on

Computer and communications security, 2006, 89-98.

[9] Anitha A., Sureka S and Jeevitha P, Feature reduction using support vector machine.

International Journal of Applied Engineering and Research, 9(10), (2014), 1461-1467.

[10] Anitha A, Paul G and Kumari S. A Cyber defence using Artificial Intelligence,

International Journal of Pharmacy and Technology, 8(4) 2016, 25352-57.

[11] B. Thamotharan, S. Ramakrishnan, A.N.S.P. Sharan and K. Rajesh, A Two Phase OTP

Based Approach to Achieve Confidentiality, Integrity and Nonrepudiation in Cloud,

International Journal of Mechanical Engineering and Technology 8(8), 2017, pp. 951–957

[12] Anitha, A., Revathi, S. V, Jeevanantham, S and Godwin, E. (2017). Intrusion Detection

System based on Artificial Intelligence. International Journal of Technology, 7(1), 2017,

20-24.

secured cloud banking transactions using two-way ...€¦ · use 2fa system for users in the cloud...

Documents