Securing User’s Attributes on Transit to the Cloud using AES-128 bits Cryptography and DCTM3 Steganography Techniques
Authors: Maria M. Abur, Sahalu B. Junaidu, Saleh E. Abdullahi and Afolayan A. Obiniyi
Affiliation: Department of Computer Science, Ahmadu Bello University, Zaria
Keywords: Cloud, Personal Identifiable Information, Security, Identity provider, Network, Steganography, Cryptography techniques and Transit
ABSTRACT. ABSTRACT. Cloud adoption is increasing day by day as such, more and more trades and enterprises are movingtheir vital IT structure and data to the cloud. This move is driven by the remarkable potential of cloud platforms thatpromise exceptional functioning, efficacy, productivity, agility, elasticity and cost-effectiveness. Although everytechnology has its strengths and weaknesses, the nature of the cloud makes it vulnerable to the following issues:Performance, Security and Cloud Interoperability with the main problem being security and to be even more specificare the privacy concern which cloud users really fear. The lack of privacy is the inability to protect user’s attributes(or Personal Identifiable Information (PII)) as a result of data leakage, breaches and loss of data. This had made users’sceptical about sending their sensitive data to the cloud. Although there are other solutions to protect user’s dataduring transit such as securing user’s attribute with the Rivest–Shamir–Adleman (RSA) cryptography. However, RSAhave been practically broken and user’s sensitive information compromised. Also data leakages still hamper thesecurity of user’s data during transmission on the network to the Identity provider (IdP) on the Cloud. This paperpresents an Enhanced PII Privacy Protection solution using Advanced Encryption Standard AES-128 and DiscreteCosine Transform Modulus Three (DCT-M3) Steganography techniques in order to protect user’s attributes frombeing leaked when it is being transmitted and stored on the IdP in the cloud. The supremacy of the proposed modelover the existing model was also measured based on the encryption techniques used, undetectability and robustness ofthe Stego image.
M. M. Abur, S. B. Junaidu, S. Danjuma, S. Arlis, R. Ritonga, T. Herawan (2018): Towards a Privacy Mechanism for Preventing Malicious Collusion of Multiple Service Providers (SPs) on the Cloud. In: V. Bhateja, B. Nguyen, N. Nguyen, S. Satapathy, Le DN. (eds) Information Systems Design and Intelligent Applications. Advances in Intelligent Systems and Computing, Singapore: Springer, vol 672.
M. M. Abur, O. S. Adewale & S. B. Junaidu, (2015): Cloud Computing Challenges: A review on Security and Privacy issues.Proceedings of the ACM International Conference on Computer Science Research and Innovations (CoSRI), Ibadan pp. 89-92.
M. M. Abur, S. B.Junaidu, A. A. Obiniyi and S. E. Abdullahi (2018) “Privacy Protection and Collusion Avoidance Solution for Cloud Computing Users”, 1st International Conference on Education and Development (ITED 2018), Base University, Abuja
Y. A. Aldeen, M. Salleh & M. Abdur Razzaque, (2015): “A Survey Paper on Privacy Issue in Cloud Computing”. Research Journal of Applied Sciences, Engineering and Technology, 10 (3): 328-337.
N. Aleisa (2015): A comparison of the 3DES and AES encryption standards. International Journal of Security and its Applications 9(7):241-246 http://dx.doi.org/10.14257/ijsia.2015.9.7.21.
P. N. Asha, T. Mahalakshmi, S. Archana and S. C. Lingareddy, (2016): Wireless Sensor Networks: A Survey on Security Threats Issues and Challenges. International Journal of Computer Science and Mobile Computing, 5(5), 249- 267
Attaby A. A., Mursi Ahmed F. and Alsammak A. K., (2017) Data hiding inside JPEG images with high resistance to steganalysis using a novel technique: DCT-M3. Ain Shams Engineering Journal http://dx.doi.org/10.1016/j.asej.2017.02.003
Chadwick D. W. (n. d.). Federated Identity Management: Computer Laboratory, University of Kent, Canterbury, CT2, &NF, UK.
Chen D. & Zhao H. (2012): Data Security and Privacy Protection Issues in Cloud Computing. Proc. of the 1st International conference on Computer Science and Electronics Engineering, Hangzhou China. Doi: 10.1036/0071393722.
Hacker News (2017): Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library. Retrieved July 3, 2017 from wiki: https://thehackernews.com/2017/07/gnupg-libgcrypt-rsa-encryption.html
S., Hemalatha, A. U. Dinesh, A. Renuka, & P. R. Kamath (2013). A Secure and High Capacity Image Steganography Technique. Signal & Image Processing: An International Journal (SIPIJ) 4(1), 83-89.
N. P. Kamdar, D. G. Kamdar, D. N. khandhar, (2013). Performance Evaluation of LSB based Steganography for optimization of PSNR and MSE Journal of Information, Knowledge and Research in Electronics and Communication Engineering 2(2), 505-509.
Kaminsky A., Kurdziel M. & Radziszowski S. (2010). An overview of cryptanalysis research for the advanced encryption standard (AES). Military Communications Conference (MILCOM), San Jose, USA. Pp1-8.
Y. Kumar, R. Munjal and H. Sharma, (2011) Comparison of Symmetric and Asymmetric Cryptography with Existing Vulnerabilities and Countermeasures. International Journal of Computer Science and Management Studies (IJCSMS) 11(3), 60-63.
M. A. P. Leandro, T. J. Nascimento, D. Santos, C. M. Westphall & C. B. Westphall (2014). Multi-Tenancy Authorization System with Federated Identity for Cloud-Based Environments Using Shibboleth. In proceeding of the Eleventh International Conference on Networks (NetWare2014), Lisbon, Portugal. pp. 42-67.
U. Lokhande and A. K. Gulve (2014): Steganography using Cryptography and Pseudo random numbers. International Journal of Computer Applications, 96 (19), 41-45.
T. Orawiwattanakul, K. Yamaji, M. Nakamura, T. Kataoka & N. Sonehara (2010): “User-controlled privacy protection with attribute-filther mechanism for a Federated SSO environment using Shibboleth,” in P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), International Conference on IEEE, pp.243-249.
A. S. Seyyed & N. Ivanov (2014). Statistical Image Classification for Image Steganographic Techniques I.J. Image, Graphics and Signal Processing, 8, 19-24 DOI: 10.5815/ijigsp.2014.08.03
J. Song, K. Lee, and H. Lee, (2014). Biclique Cryptanalysis on the Full Crypton-256 and mCrypton-128. Journal of Applied Mathematics. 2014, 1-10, http://dx.doi.org/10.1155/2014/529736
S. Suriadi, E. Foo and A. Josang (2007). A User-Centric Federated Single-On System. IFIP International Conference on Network and Parallel Computing Workshops.
R. Smith: Understanding encryption and cryptography basics (2003) Retrieved August 15, 2018 from wiki https://searchsecurity.techtarget.com/Understanding-encryption-and-cryptography-basics
SWITCH, (2010). “uapprove - user consent module for shibboleth identity providers,” retrieved: [Online]. Retrieved from: https://www.switch.ch/aai/support/tools/uApprove.html/03/03/2016
A. M. Teena and M. Aaramuthan (2017): Federated Cloud Identity Management: A Study on Privacy Tactics, Tools and Technologies. Journal of Computer Engineering (IOSR-JCE) e-ISSN: 2278-0661, p-ISSN: 2278-8727, 19(6), 34- 40.
R. Tripathi & S. Agrawal (2014). Comparative Study of Symmetric and Asymmetric Cryptography Techniques. International Journal of Advance Foundation and Research in Computer (IJAFRC) 1(6), 68-76.
R. Weingartner, C. M. Westphall, (2014) "Enhancing privacy on identity providers", Emerging Security Information Systems and Technologies (SECURWARE). The Eighth International Conference Lisbon, Portugal pp. 1-7.
M. Zhou, R. Zhang, W. Xie, W. Quian & A. Zhou, (2010) Security and Privacy in cloud: Survey. In Proc. Of the 6Th International Conference on Semantics, Knowledge and Grids, IEEE. Pages 105-112.