Defence Mechnisms By Using Decoy Technology

MS. NIKITA K. BOKDE

DEPARTMENT OF CSE

SRM. COLLEGE OF ENGINEERING  FOR WOMEN, India , Nagpur

nikitabokde21@gmail.com

MS. SHEEBA SHEIKH

DEPARTMENT OF CSE

SRM. COLLEGE OF ENGINEERING FOR WOMEN, India,Nagpur

shibasheikh3842@gmail.com

MS. SHUBHANGI B. LANJEWAR

DEPARTMENT OF CSE

SRM. COLLEGE OF ENGINEERING  FOR WOMEN, India ,Nagpur

Shubhangilanjewar96@gmail.com

MS. VARSHA D. BAGHELE

DEPARTMENT OF CSE

SRM. COLLEGE OF ENGINEERING FOR WOMEN, India, Nagpur

varshabaghele1998@gmail.com

MR. A. M. KUTHE

India ,Nagpur

a.kuthe@gmail.com

Abstract:

Data computing promises to significantly change the way we use computers and access and store our personal and business information. Existing data protection mechanisms such as encryption have failed in preventing data theft attacks, especially those perpetrated by an insider to the data provider. We propose a different approach for securing data in the data using offensive decoy technology. We monitor data access in the data and detect abnormal data access patterns. When unauthorized access is suspected and then verified using psychosomatic test, we launch a disinformation attack by returning large amounts of decoy information to the attacker. This protects against the misuse of the user’s real data. Experiments conducted in a local file setting provide evidence that this approach may provide unprecedented levels of user data security in a Data environment.

Keyword: – data computing, fog computing, decoy technique, insider theft attacks.

I . INTRODUCTION

Businesses, especially startups, small and medium businesses (SMBs), are increasingly opting for outsourcing data and computation to the Data. This obviously supports better operational efficiency, but comes with greater risks, perhaps the most serious of which are data theft attacks.

Data theft attacks are amplified if the attacker is a malicious insider. This is considered as one of the top threats to data computing by the Data Security Alliance . While most Data computing customers are well-aware of this threat, they are left only with trusting the service provider when it comes to protecting their data. The lack of transparency into, let alone control over, the Data provider’s authentication, authorization, and audit controls only exacerbates this threat. The Twitter incident is one example of a data theft attack from the Data. Several Twitter corporate and personal documents were ex-filtrated to technological website Tech Crunch and customers’ accounts, including the account of U.S. President Barack Obama, were illegally accessed. The attacker used a Twitter administrator’s password to gain access to Twitter’s corporate documents, security problem that, to date, has not provided the levels of assurance most people desire. Many proposals have been made to secure remote data in the Data using encryption and standard access controls. It is fair to say all of the standard approaches have been demonstrated to fail from time to time for a variety of reasons, including insider attacks, mis-configured services, faulty implementations, buggy code, and the creative construction of effective and sophisticated attacks not envisioned by the implementers of security procedures . Building a trustworthy data computing environment is not enough, because accidents continue to happen, and when they do, and information gets lost, there is no way to get it back. One needs to prepare for such accidents

1. User Behavior Profiling:

It is expected that access to a user’s information in the Data will exhibit a normal means of access. User profiling is a well known technique that can be applied here to model how, when, and how much a user accesses their information in the Data. Such ‘normal user’ behavior can be continuously checked to determine whether abnormal access to a user’s information is occurring. This method of behavior-based security is commonly used in fraud detection appli cations. Such profiles would naturally include volumetric information, how many documents are typically read and how often. These simple user specific features can serve to detect abnormal Data access based partially upon the scale and scope of data transfer

 2. Decoys:

Decoy information, such as decoy documents, honeyfiles, honeypots, and various other bogus information can be generated on demand and serve as a means of detecting unauthorized access to information and to ‘poison’ the thief’s ex-filtrated information. Serving decoys will confound and confuse an adversary into believing they have ex-filtrated useful information, when they have not. This technology may be integrated with user behavior profiling technology to secure a user’s information in the Data. Whenever abnormal access to a data service is noticed, decoy information may be returned by the Data and delivered in such a way as to appear completely legitimate and normal.

The true user, who is the owner of the information, would readily identify when decoy information is being returned by the Data, and hence could alter the Data’s responses through a variety of means, such as challenge questions, to inform the Data security system that it has inaccurately detected an unauthorized access. In the case where the access is correctly identified as an unauthorized access, the Data security system would deliver unbounded amounts of bogus information to the adversary, thus securing the user’s true data from unauthorized disclosure. The decoys, then, serve two purposes:

1. validating whether data access is authorized when abnormal information access is detected, and
2. confusing the attacker with bogus information. We posit that the combination of these two security features will provide unprecedented levels of security for the Data. No current Data security mechanism is available that provides this level of security.

II. PROBLEM  DEFINITION

In traditional way there are so many problems like as

1. Agility :Improves with users’ ability to re-provision technological infrastructure resources.
2. Cost: Cost is claimed to be reduced and in a public data delivery model capital expenditure is converted to operational expenditure. This is purported to lower barriers to entry, as infrastructure is typically provided by a third-party and does not need to be purchased for one-time or infrequent intensive computing tasks. Pricing on a utility computing basis is fine-grained with usage-based options and fewer IT skills are required for implementation. The e-FISCAL project’s state of the art repository contains several articles looking into cost aspects in more detail, most of them concluding that costs savings depend on the type of activities supported and the type of infrastructure available in-house.
3. Virtualization:Virtualization technology allows servers and storage devices to be shared and utilization be increased. Applications can be easily migrated from one physical server to another.
4. Multi tenancy: Multi tenancy enables sharing of resources and costs across a large pool of users thus allowing for
5. Utilization and efficiency: Utilization and efficiency improvements for systems that are often only 10–20% utilized. 
6. Reliability: Reliability is improved if multiple redundant sites are used, which makes well-designed data computing suitable for business continuity and disaster recovery.

III. LITERATURE  SURVEY / RELATED WORK

1. Kaufman L. et al. (2009) has examined some security issues and the associated regulatory and legal concerns that have arisen as cloud computing. Interestingly, a major concern included in the Security Content Automation Protocol is the lack of interoperability between system-level tools. By combining industry best practices with the oversight National Institute of Standards and Technology US and other entities are developing, we can effectively address cloud computing’s future security needs. They also emphasize on the of providing data confidentiality which can impact the incident reporting.
2. Grobauer B. Et al. (2012), provided an overview of vulnerabilities in the security of the cloud. They explained services which use SaaS and PaaS platforms, virtualization and said that there are many such the meaning of the term vulnerability that it it’s the probability that an asset is unable to defend itself against a threat. They said vulnerabilities should always be defined in terms of resistance to attacks or threat. Control challenges typically highlight situations in which otherwise successful security controls are ineffective in a cloud setting. They have discussed the core cloud computing technologies such as web applications and security requirements which are solvable only with the help of cryptographic techniques. Thus, these challenges are of special interest for further cloud computing security research.
3. Sabahi, F. (2011) mentioned threats and response of cloud computing. He presented a comparison of the benefits and risks of compromised security and privacy. In this paper, he has summarized reliability and availability related issues of cloud resources provided by the trusted third party. He discussed the most common attacks nowadays are Distributed Denial of Service attacks. The solution to these attacks can be, cloud technology offering the benefit of flexibility, with the ability to provide resources almost instantaneously as necessary to avoid site shutdown. He said that security is the most argued concern in cloud computing because user’s entire data is stored at a remote location and that location needs to be secure enough that it could deal with data thefts and malicious intruders. 
4. Claycomb, W. R. (2012) has characterized a hierarchy of administrators within cloud service providers and also gave examples of attacks from real insider threat cases. They discussed how cloud architecture let attackers breach the security. They have also presented two additional cloud-related insider risks: the insider who exploits a cloud-related vulnerability to steal information from a cloud system, and the insider who uses cloud systems to carry out an attack on an employer’s local resource. They mentioned the key challenges faced by cloud providers and clients for securing their highly confidential data. 
5. Park, Y. Et al. (2012) developed a technique that was a software decoy for securing cloud data using the software. They proposed a software-based decoy system that aims to deceive insiders, to detect the exfiltration of proprietary source code. The system builds a Java code which appears as valuable information to the attacker. Further static obfuscation technique is used to generate and transform original software. Bogus programs are synthesized by software that is automatically transformed from original source code but designed to be dissimilar to the original. This deception technique confuses the insider and also obfuscation helps the secure data by hiding it and making bogus information for insider. Beacons are also injected into the bogus software to detect the exfiltration and to make an alert if the decoy software is touched, compiled or executed.

IV. METHODS  AND  ALGORITHEM

1. AES Algorithm: Advanced Encryption Standard is a symmetric block cipher. This algorithm uses same keys to encrypt and decrypt. The algorithm expects a block size of 128 bits. The algorithm provides with the choice of three keys – 128, 192, 256 bits. The standard which is used decides the name AES-128, AES-182, AES- 256.Processing for encryption is carried out in 10 rounds for AES-128, 12 rounds for AES-192, and14 rounds for AES-256 bit keys. All the rounds are identical except the last rounds in each case. There are Four rounds involved called SubBytes, ShiftRows, MixColumns and AddRoundKey. In SubByte round entry is kept of which byte is replaced with which into an lookup table. In ShiftRow the rows are shifted cyclically but the first row is kept unchanged. The bytes in the second third and fourth rows are shifted by an offset of one two and three respectively. In MixColumns round each column containing four bytes are mixed using an invertible linear transformation and the output is generated. In AddRound Key, key is added to each byte. Last three steps are repeated again except the last round [14]. Disadvantage: 1. Algorithm requires more processing. 2. It requires more rounds as compared to other algorithms.
2. RSA Algorithm: RSA algorithm is most commonly used to encrypt and to authenticate. It has been also used as Web browser from Microsoft and Netscape. RSA uses public key cryptography; it involves private key and public key. The public key is used to encrypt the messaged and can be known to everybody. RSA algorithm involves three main steps Key Generation, Encryption, Decryption. In this algorithm two large prime numbers are multiplied with additional operations results into a set of two numbers which contains a public key and other set contains a private key. Public and private keys are required to encrypt and decrypt with only the owner should know it. In this algorithm private key is not sent over the internet. The main role of private key is to decrypt the text that has been previously encrypted by a public key.

Disadvantage:

1. Complexity of key generation. .
2.  Security needs to be proved.
3. Slow of the speed.

3. Securing Datas With Fog: Numerous proposals for data-based services describemethods to store documents, files, and media in a remoteservice that may be accessed wherever a user may connectto the Internet. A particularly vexing problem before suchservices are broadly accepted concerns guarantees for securinga user’s data in a manner where that guarantees only the userand no one else can gain access to that data. The problem ofproviding security of confidential information remains a core security problem that, to date, has not provided the levels ofassurance most people desire.

V.EXISTING SYSTEM:

The present system provides only the single authentication which is not much secure and can easily be hacked by a hacker. The system does not provide any additional security like security questions for more security. The hacker can easily get into the data and search for the files that are available. The present system does not verify whether the user is authorized or not. The existing system provides security by encryption but it fails to secure the data. Threats in data:

1. Data breaches – This led to the loss of personal data and credit card information of about 110 million people, it was one of the theft during processing and storage of data.

2. Data loss – Data loss occurs when the disk drive dies without any backup created by the data owner. It occurs when the encrypted key is unavailable with the owner.

3. Account or service traffic hijacking – Account can be hacked if the login credentials are lost.

4. Insecure API’s – Application Programming Interface controls the third party and verifies the user.

5. Denial of service – This occurs when millions of user request of same service and the hackers take this advantage for hacking

6. Malicious insiders – This occurs when a person close to us knows our login credentials.

7. Abuse of data services – By using many data servers hacker can crack the encryption in very less time.

8. Insufficient due diligence- Without knowing the advantages and disadvantages of the data many businesses and firms jump into data thus leading to data loss.

9. Shared technology – This occurs when the information is shared by the many sites.

VI.PROPOSED SYSTEM:

We  propose a completely different approach to securing the data using decoy information technology, that we have come to call Fog computing. We use this technology to launch disinformation attacks against malicious insiders, preventing them from distinguishing the real sensitive customer data from fake worthless data.The decoys, then, serve two purposes:

• validating whether data access is authorized when abnormal information access is detected,
• confusing the attacker with bogus information.

VII. ARCHIECHTURE

1)Data Flow for Fog Computing:

2)User Login

3)Admin Authentication

VIII.  CONCLUSION

In this paper,we present a novel approach to securing personal and business data in the Data. We propose monitoring data access patterns by profiling user behavior to determine if and when a malicious insider illegitimately accesses someone’s documents in a Data service. Decoy documents stored in the Data alongside the user’s real data also serve as sensors to detect illegitimate access. Once unauthorized data access or exposure is suspected, and later verified, with challenge questions for instance, we inundate the malicious insider with bogus information in order to dilute the user’s real data. Such preventive attacks that rely on disinformation technology, could provide unprecedented levels of security in the Data and in social networks.

REFERENCES

1. Cloud Security Alliance, “Top Threat to Cloud Computing V1.0,” March2010. [Online]. Available:https://clodsecurityalliance.org/topthreats/csathreats.v1.0.pdf
2. Hashizume K., Rosado D. G.,Fernandez- Medina E. and Fernandez E. B. “An analysis of security issues for data computing”. Journal of Internet Services and Applications, 2013, 4(1), pp. 1-13.
3. Marinos A. & Briscoe G., Community Data Computing (pp. 472-484). Heidelberg: Springer, 2009, pp. 472-484.
4. Archer, Jerry, et al. “Top threats to data computing v1. 0.” Data Security Alliance (2010).
5. Stolfo, Salvatore J., Malek Ben Salem, and Angelos D. Keromytis. “Fog computing: Mitigating insider data theft attacks in the data.” Security and Privacy Workshops (SPW), 2012 IEEE Symposium on. IEEE, 2012.
6. Madsen, Henrik, et al. “Reliability in the utility computing era: Towards reliable Fog computing.” Systems, Signals and Image Processing (IWSSIP), 2013 20th International Conference on. IEEE, 2013.