secured cloud banking transactions using two-way ...€¦ · use 2fa system for users in the cloud...
TRANSCRIPT
http://www.iaeme.com/IJCIET/index.asp 531 [email protected]
International Journal of Civil Engineering and Technology (IJCIET) Volume 9, Issue 1, January 2018, pp. 531–540, Article ID: IJCIET_09_01_053
Available online at http://http://www.iaeme.com/ijciet/issues.asp?JType=IJCIET&VType=9&IType=1
ISSN Print: 0976-6308 and ISSN Online: 0976-6316
© IAEME Publication Scopus Indexed
SECURED CLOUD BANKING TRANSACTIONS
USING TWO-WAY VERIFICATION PROCESS
A. Anitha, M. Varalakhshmi, A. Mary Mekala, Subashanthini, M. Thilagavathy
School of Information Technology and Engineering
VIT University, Vellore, India
ABSTRACT
The emergence of computer and computer networks made the people life very
simple on one touch. But, is the network really secured? Do our transactions are done
in a trusted manner? These thoughts lead us to network security. For the past few
decade, network security places vital role in ensuring safe and secured
communication over the Internet. In our day to day life, most of the communication
are carried out to ensure safe account transactions. Thus security in banking domain
should be highly secured and user-friendly to have the smooth communication. An
effort has been taken in this paper to provide a better security model by adapting ABE
and AES than existing security systems. Every user registers and gets a username and
password for authentication. We deploy four admin for the overall control of data
access. The proposed model provides great security to various access policies based
on different scenarios. Every admin is provided with user-id, password, challenge-key
and its corresponding challenge response key, ABE key and MAC and IP Address
captured in Cloud. Every admin is assigned with certain access privilege & ABE key
is assigned. Servers generate a new key and divided with the available numbers of
administrators. This key is sent as Email alert to every administrator. If any query
requested by the user beyond the permitted privilege of the corresponding
administrator then that admin will the permission from rest of the administrators by
getting everyone's Joint Threshold key and finally concatenated and verified by the
server then access permission is provided
Key words: ABE Key, Fine-Grained, Attribute-Based Encryption, AES, OTP, Email
ID Key Verification.
Cite this Article: A. Anitha, M. Varalakhshmi, A. Mary Mekala, Subashanthini and
M.Thilagavathy, Secured Cloud Banking Transactions using Two-Way verification
process, International Journal of Civil Engineering and Technology, 9(1), 2018, pp.
531–540.
http://www.iaeme.com/IJCIET/issues.asp?JType=IJCIET&VType=9&IType=1
Secured Cloud Banking Transactions using Two-Way verification process
http://www.iaeme.com/IJCIET/index.asp 532 [email protected]
1. INTRODUCTION
Cloud computing is a broad area in which the services such as buy, sell, or rent and other
resources are shared in a on-demand process. There are many applications of cloud
computing, such as data sharing data storage immensely colossal data management, on
various applications. One of the risk, is that the end users access applications stored on cloud,
using app's which is cracked easily. The use of cloud computing are immensely colossal,
which include the facileness of accessing the resources with less cost and increase the
operational efficiencies, can accommodate for very large number of services, compatible and
approachable to the market. Even though there are various advantages of cloud computing,
privacy and security is a very big challenge. Cloud stores various insightful data for
opportune access; authenticating the user becomes and essential task to provide the service.
The traditional method of authenticating an user by providing username and password is not
an efficient as the intruder can easily guess the information authenticated. Another limitation
is that, since many people are involved in sharing the same resources, lead to unsecured
transactions.
Using attribute-based access system, each user has been provided by a secret key issued
by the ascendancy. In practice, the user secret key is stored on the personal computer. On
considering the second limitation, it is mundane that the resources are shared by many at
many time in a huge organization. For example in real-time applications such as health care,
marketing and finance, education system, and lot more, the computes are shared by various
people on day/night shift basis. In this situation, In order to avoid such situations, one of the
best way is to utilize two-factor authentication (2FA), which is used for secured transactions.
Along with traditional authentication process, the utilizer is additionally should have a
contrivance either mobile or mail-id to exhibit a one-time password. The security is upgraded
as two level process gives more confident towards our day-to-day transactions. It is better to
use 2FA system for users in the cloud accommodations in order to increase the secure level of
transaction in the system. In this paper, we propose a secured way of accessing web-based
cloud services using two-factor access protocol. First, the user should have a secret key
(which is conventionally stored). In integration, security contrivance is additionally linked to
the computer for authentication to he user to access the cloud data. Effort has been taken to
have a secured transaction with concern to the comfortable and convenient with confident
transaction using cloud computing.
The paper is organized as follows: Section 1 discuss about the secured transaction in cloud
computing using fine-grained two factor authentication process. Literature review was
explained in Section 2. Section 3 discuss about the ABE algorithm whereas Section 4 explains
about the AES encryption and decryption algorithm. Section 5 deals with the proposed cloud
secured architecture model followed by conclusion and future enhancement.
2. LITERATURE REVIEW
Baek, et.al (discussed a smart framework, used for big data in cloud technology environment
[1], to manage the information three hierarchical level of cloud computing is framed : top,
regional and end-users levels. They propose a safe distributed computing based system for
enormous information data administration in secured networks, which we call "Keen Frame".
Bethencourt et.al introduced about CP- ABE algorithm from that user's secret keys are
provided by attributes which are passed by a user and with the user's attribute they decrypted
the secret keys [2]. With the use of several optimization techniques and different policies they
handled the attacks of hackers or unauthorized users. They propose that the verification plot
can't prompt to the conspicuous execution on the VM relocation by examining the movement
dormancy. The validation plan can give more eminent adaptability to cloud clients to control
A. Anitha, M. Varalakhshmi, A. Mary Mekala, Subashanthini and M.Thilagavathy
http://www.iaeme.com/IJCIET/index.asp 533 [email protected]
their own particular VM relocation. To ascertain the relocation of VMs is prognostic able with
client's strategy, they proposes a User-Policy-Confined VM Migration Protocol (UVMP),
which gives another corroboration plot that addresses the impediment and empowers VM
kinetics to be controllable and evident by cloud clients by presenting the Cipher-text-Policy
Attribute-Predicated Encryption(CP-ABE) into validation field. Liang, Liu, Wong, and Susilo
have described model to reduce the complexity of size of re-encrypted Cipher-text and
decryption [3]. The proposed idea has the limitation of the size of decrypted and re-encrypted
cipher text expanded the linearly of the counts of time of periods.
The over-counting problem with LC-sketches induced by the multi-path routing based
aggregation was discussed by Fan and Chen [4]. The LC-sketches based algorithm shows the
low inconsistency of errors, high accuracy, and less overhead over the existing models. An
efficient interactive identification and signature scheme based on discrete logarithms are
suitable for smart cards were discussed by Xu et.al (2004) [5]. An efficient algorithm to pre-
process the exponentiation of random numbers was proposed that sink makes signature
generation very fast. It also improves the efficiency of the other discrete log cryptosystems.
The pre-processing algorithm is based on two fundamental principle such as local
randomization and internal randomization. Various ABE schemes like ABE, KP-ABE,CP-
ABE,ABE with non-monotonic structure, HABE,MA-ABE was discussed by George et. al.
(2012) [6]. The encryption methodologies on the basis of these policies were discussed on
monotonic or non-monotonic related on the types of access control schemes. Tejali et.al
(2012) have proposed a fined grained two variable approval protocol that gets control
structure for electronically distributed cloud computing technologies [7] . In this they
probably distribute the secret key as two segments, where first part is sent to the user and
another part is kept in the security gadget. The point by point security examination was
utilized to control structure stopped security by 2FA. Secure data transmission using
steganography techniques were discussed by Anitha et.al (2014) using mailing systems [9].
Cyber defense using Artificial Intelligence (2016) was discussed to identify the hacker or
intruder in various levels of the network system [10]. An intrusion detection system using
artificial intelligence to improve the cloud security system was discussed by Anitha et.al
(2017) [11].
3. INTRODUCTION AND IMPLEMENTATION OF ABE-ALGORITHM
ABE stands for Attribute-Based Encryption that is introduced by Goyal et al. (2005) [8]. This
algorithm deals both user secret key and cipher-text with user attributes. It is a type of
asymmetric key encryption scheme in which cipher text and a secret key are dependent upon
various attributes. It is an significant security algorithm scheme that can be useful in any role-
based system to provide data Integrity and confidentiality. An important feature of ABE is
Collusion-resistance. In this type of system, the decryption of a cipher text is achievable only
if the attributes of the user will be matched. There are two main types of Attribute-based
Encryption scheme such as Key-policy Attribute-based Encryption and Cipher text policy
Attribute-based Encryption. It can be used for log encryption based on the attributes. User
stores own data on the internet and the main drawback of traditional encryption algorithm is
that the data can only be shared at coarse-grained level.
3.1. STEPS INVOLVED IN WORKING OF ABE-ALGORITHM
Attribute-predicated encryption (ABE) contains a asymmetric-key predicated for 1-M other
encryptions that sanctions users to encrypt and decrypt data related on utilizer attributes. In
that the secret key of a utilizer and the cipher text are reliant on attributes. The decryption
process of the cipher text can be done only of the utilizer key set of attributes matches with
Secured Cloud Banking Transactions using Two-Way verification process
http://www.iaeme.com/IJCIET/index.asp 534 [email protected]
the attributes of the cipher text. Decryption is only desirable when the number of matching is
at minimum a threshold value. The various steps involved are depicted in Figure 1 below.
Also step by step processing is given in Figure 2.
Figure 1 Processing of ABE algorithm
Figure 2 Step by step Processing of ABE algorithm
3.2. WORKING OF ABE- ALGORITHM IN JAVA
First, we put all the .jar file related to ABE algorithm into the libraries of the project what
have you created in NetBeans like JDBC-API, JDBC-crypto, JDBC-platform etc. After that, I
took all the attributes of user whatever he put in the form and store in the array. After that, I
created one object pub of class BswabePub which I was created before this class and after
that, I created one object mask of class BswabeMsk by passing pub object which is used for
serializing the attribute of the user. After that, I called the setup static method of Bswab class
in that method I created CurveParameter class object by passing. The whole process of data
flow was given in Figure 3.
A. Anitha, M. Varalakhshmi, A. Mary Mekala, Subashanthini and M.Thilagavathy
http://www.iaeme.com/IJCIET/index.asp 535 [email protected]
Figure 3 Data flow using ABE algorithm
The byte array object and load to param object. After that with alpha, beta, duplicate this
method create the curve and load all these in Bswabe object and return to the calling method.
And after that, key-gen method by passing pub, msk and attribute of the user to it then in this
method with all three parameters it created one key and return back to calling method. After
key generation, I called delegate method of Bswabe by pub object, prv object of Bsabeprv
class and subset of the attribute that is going to pairing of each parameter is passed in it. After
delegation, encryption method by passing pub object is called, policy to the enc_ method.
Finally, this method encrypts the attribute in a form of cipher-text and return to the calling
method and then convert into cph object and after encryption The decryption method called
by passing the pub object, prv object and cph object that is public key, private key and cipher-
text and when the decryption method got the parameter of public key, private key and cipher-
text and finally it will be decrypted in a plain text that is in simple text. It's a process of
Encryption and decryption in ABE algorithm and same logic is used in this application. The
execution result of the java program is shown in Figure 4.
Secured Cloud Banking Transactions using Two-Way verification process
http://www.iaeme.com/IJCIET/index.asp 536 [email protected]
Figure 4 Output of ABE Algorithm
4. BASICS OF AES
AES is the incipient standard encryption model authorized to replace DES. This is the best
calculation for cloud security as far as execution and time. The calculation can reinforce any
coalescence of data of 128 bits and the key-length of 128, 192, and 256 bits. The calculation
is suggested as AES-128, AES-192, or AES-256, dependent upon the key length. In the midst
of encryption and decoding process, AES structure encounters 14 rounds for 256-piece keys,
12 rounds for I92-bit keys, and 10 rounds for the keys of 128 bits with a particular true
objective to pass on definite figure message or to the plain content which was unique. AES
licenses a 128 piece length of information that can be isolated into four fundamental
operational squares. The pieces are managed as the exhibit of bytes and dealt with as a lattice
of line and section 4cross 4 kenned as the state. Both the encryption and unscrambling
process, the Figure 5, commences with an AddRoundKey arrange. In any case, afore heading
off to the last round, this yield goes however through nine essential rounds, and amid each of
the rounds four changes are conveyed to activity; 1) Sub bytes, 2) Shiftrows, 3) Commix-
segments, 4) Integrate round Key. Decoding is only the antithesis technique of encryption and
with the utilization of the three elements of rearward: i) Inverse blend segments, ii) Inverse
Shift Rows and iii) Inverse substitute bytes.
4.1. IMPLEMENTATION OF AES IN JAVA
To start with we have taken one last static variable i.e the best approach to make steady in
java whose name is algo and instated by "algo" name i.e AES on the grounds that we will
actualize AES calculation and take one byte variable whose name is "key esteem" which is
A. Anitha, M. Varalakhshmi, A. Mary Mekala, Subashanthini and M.Thilagavathy
http://www.iaeme.com/IJCIET/index.asp 537 [email protected]
put away "key esteem". After that, we made a constructor of this class which contains one
parameter which is passed by fundamental capacity at the season of production of the protest
of this class as key esteem and here we have changed over the key an incentive as bytes and
put away in the "key-esteem" variable which is byte sort. At that point, we made a "produce
Key" capacity which returns key (Secret key). In this capacity we made the protest of Key
class by calling the constructor of "Mystery Key Specification" class where we have passed
two contentions one is "key Value" which is in byte design and another one is "algo" name on
the premise of "key esteem" and "algo" name it make one mystery key and after that it gives
back the way to the calling capacity. At that point we make the encode work by passing the
String which we need to scramble. In this capacity we call the "generateKey" capacity and
stores the mystery key which the called work returned and put away in the Key sort Variable
and after that we made the occurrence of Cipher by passing the "algo" name which makes the
case on the premise of this calculation to the "getInstance" capacity of Cipher class and put
away in the Cipher sort variable 'c'. At that point, we instate the occasion of Cipher by calling
the init capacity of Cipher class where we have passed two parameters one is MODE here we
have passed ENCRYPT_MODE in light of the fact that we will scramble and another one is
mystery key. Subsequent to introducing we called "doFinal" technique for Cipher class by
passing the string which we need to encode as bytes. "doFinal" technique scramble the string
as bytes. After that, we made the question of BASE64Encoder class since we need to
scramble the message and call it's encoded technique by passing the encoded string as the
byte. Finally, this strategy encodes the string through string which we put away in the String
variable and we made another technique for decoding named "unscramble" by passing one
parameter through string which we need to decode. Nearly the code is same as encryption. In
this technique, we additionally produce mystery key and make an occasion of figure class and
called the init strategy here we changed mode DECRYPT_MODE at the place of
ENCRYPT_MODE on the grounds that we will unscramble the message. After that, we made
the protest of BASE64Decoder and called its capacity "decodeBuffer" by passing the
scrambled string.
Figure 5 AES- encryption and decryption process
Secured Cloud Banking Transactions using Two-Way verification process
http://www.iaeme.com/IJCIET/index.asp 538 [email protected]
This capacity unravels the encoded string as bytes and after that, we called "doFinal"
technique and pass the decoded byte esteem. "doFinal" strategy disentangles the bytes through
the string. At last, we get the plain content. This is the switch procedure of encryption. The
execution result of the java program is shown in Figure 6.
Figure 6 Output of AES Algorithm
5. PROPOSED WORKING MODEL IN REAL-TIME BANKING
APPLICATIONS
In this paper, effort has been taken to provided so many security features like OTP (One Time
Password), EMail-Key verification, User-Id, Password, Random Security Questions and
answers verification, Last Active Time, IP and MAC Address Capture and Verification and
captured activities of user and admin. First of all I created one main admin with their
information and number of security questions and answers when I created password is
randomly created according to Attribute Based Algorithm (Three unique attributes according
to these attributes are sent to the registered mail id of mail id), This process is same for all
admin and users for password creation. After creation of Main admin, He / She is going to log
in, In the login process Main Admin filled User-Id and password if both are correct then
randomly two security questions will come if main admin will fill correct answers then It will
go to next authorization process that is mail Id Key verification (Based on the ABE
Encryption It also pick Unique key and generate ABE key and send to the Registered Mail )
After Mail Verification and Send Abe key to registered Mobile as OTP(Abe key) and if ABE
key is matched then It will check somebody already logged in or not. If nobody already
logged in the Main admin log in process will complete and go to the home page. This Login
process is same for all admin and Users. After Main admin logged in He/ She created four
Admin (They will see the activities or handle the request of every user).This admin will create
user as same as They created by main admin. Admin will see the activities of other admin and
users and They will do the other bank activities. Users will send any request to admin when
they will send one ABE code will generate and divide it into four parts and send to four admin
individually so suppose in the worst case if anyone will hack so he has to hack four admin PC
so it's very difficult for any hacker. All the data stores or fetching process is happening from
the cloud so it needs Internet Connection and It is fully Stand Alone Security-Based Banking
system In the cloud. The working model is given in Figure 7.
A. Anitha, M. Varalakhshmi, A. Mary Mekala, Subashanthini and M.Thilagavathy
http://www.iaeme.com/IJCIET/index.asp 539 [email protected]
Figure 7 Proposed model architecture
As experimental results with various attributes and the encryption time are calculated and
the charts are given below for better visualization. Figure 8 discussed about the time
consumption of the file size to be uploaded versus the encryption time, whereas Figure 9
depicts about the number of attributes verses time. Also the model is compared with security
analysis using support vector method proposed by Anitha et. Al [10], and found the proposed
model gives the higher security than the existing one.
Figure 8 Time consumption of the proposed model Vs Support Vector Method
Figure 9 Time Vs number of attributes
Proposed method
Support Vector Method
File Size in KB
En
cryp
tio
nT
ime
Secured Cloud Banking Transactions using Two-Way verification process
http://www.iaeme.com/IJCIET/index.asp 540 [email protected]
6. CONCLUSION AND FUTURE ENHANCEMENT
In this paper, we have proposed used 2FA access control system using user key and the light
weight devices for online cloud computing services. Using the ABE, the privacy is preserved
by enabling the cloud server in a secured manner. Detailed security investigation shows that
the proposed 2FA access control system attains the preferred security requirements.
Experimental analysis shows that the proposed model is a optimal one rather than the existing
system. As future work, it is planned to investigate definitions of proxy re-encryption security
in a multi-user system. To achieve this, more attention is required including the policies held
by the delegates and the proxy systems. Another challenging direction is to allow
transforming the cipher text, so that the non-adaptable of the encrypted message is secured
when the public key is to be changed by the intended recipient.
REFERENCES
[1] J. Baek, Q. H. Vu, J. K. Liu, X. Huang, and Y. Xiang. A secure cloud computing based
framework for big data information management of smart grid, IEEE Trans. Cloud
Comput., 3(2), 2015, 233–244.
[2] J. Bethencourt, A. Sahai, and B. Waters.Ciphertext-policy attribute based encryption, in
Proc. IEEE Symp. Secur. Privacy, 2007, 321–334.
[3] K. Liang, J. K. Liu, D. S. Wong, and W. Susilo. An efficient cloud-based revocable
identity-based proxy re-encryption scheme for public clouds data sharing” in Proc. 5th Int.
Conf. SCN, 2006, 111–125.
[4] Y.-C. Fan and A. L. P. Chen. Efficient and robust schemes for sensor data aggregation
based on linear counting,” IEEE Trans. Parallel Distrib. Syst., 21(11), 2010, 1675–1691.
[5] X. Xu, X.-Y. Li, X. Mao, S. Tang, and S. Wang. A delay-efficient algorithm for data
aggregation in multihop wireless sensor networks ACM Trans. Internet Technol., 4(1),
2004, 60–82.
[6] Minu George, C. Suresh Gnanadhas, and Saranya.K, A Survey on Attribute Based
Encryption Scheme in Cloud Computing. International Journal of Advanced Research in
Computer and Communication Engineering, 2012, 295-301.
[7] Tejali B. Nalawade, Manohar and K. Kodmelwa. A Study on Authentication and Access
Control for Cloud Computing, International Journal of Innovative Research in Computer
and Communication Engineering, 2012, 295-301.
[8] Goyal, V., Pandey, O., Sahai, A and Waters, B. Attribute-based encryption for fine-
grained access control of encrypted data. In Proceedings of the 13th ACM conference on
Computer and communications security, 2006, 89-98.
[9] Anitha A., Sureka S and Jeevitha P, Feature reduction using support vector machine.
International Journal of Applied Engineering and Research, 9(10), (2014), 1461-1467.
[10] Anitha A, Paul G and Kumari S. A Cyber defence using Artificial Intelligence,
International Journal of Pharmacy and Technology, 8(4) 2016, 25352-57.
[11] B. Thamotharan, S. Ramakrishnan, A.N.S.P. Sharan and K. Rajesh, A Two Phase OTP
Based Approach to Achieve Confidentiality, Integrity and Nonrepudiation in Cloud,
International Journal of Mechanical Engineering and Technology 8(8), 2017, pp. 951–957
[12] Anitha, A., Revathi, S. V, Jeevanantham, S and Godwin, E. (2017). Intrusion Detection
System based on Artificial Intelligence. International Journal of Technology, 7(1), 2017,
20-24.