Data in Transit Validation for Cloud Computing Using Cloud-Based Algorithm Detection of Injected Objects

ABSTRACT


INTRODUCTION
The 21st-century paradigm shift to information technology is centred on cloud computing (CC).Its enormous benefits such as ease of contents, services and instant resource sharing show no limitation to the interest of both private and public establishments.In due time a total shift, it would be achievable due to the crowd development accessibility, elasticity and virtualisation of cloud computing [1]- [4].The bright future for CC might not come to fruition in good time if major data security vulnerability in areas such as data at rest and data in motion is not adequately curbed [5]- [6].A data siting on a computer, a machine, a server or somewhere in a cloud is referred to as data at rest while the process of exchanging information, moving an object from point a to b between a local and a remote computer or transferring information between severs are considered as data in transit or data in motion [7]- [8].Data in transit are more susceptible to attacks than their counterparts at rest as Packets may be cached on intermediate systems, or temporary files may be created at either endpoint.External object injection at different stages is difficult for administrators to identify the primary source of the application due to the boundary limit access of data in motion [8].As illustrated in Figure 1, the most dangerous threat to data in motion occurs when attacker gain unauthorised access during data transmission via object injection [9]- [10].Algorithms are created to combat CC data security concerns such as MITM.Majority of such algorithms tend to enhance data authorization scheme across access points; however, these attack vulnerabilities persist as access from a different location and device with multi-tendency accessing opportunities exist [6].Hence, this research proposes an algorithm for securing and validating data in motion by auto detection of injected objects using advanced encryption standard and hash functionality algorithm.

RESEARCH METHOD
The algorithm design in this project was based on PHP and VueJS hence factory design pattern shown in Figure 2 was used.Since Vuex design pattern is used for real-time communication via TCP protocol between sender and receiver and Vuex design offers the best matching for state management of transferring data hence used for the front end design.

Algorithm Design
The algorithm functionality for data security and validation for preventing external object injection or unauthorized access is achieved using key sharing method when sending packets from one end to another.During any file upload two keys are generated; private and public keys based on Secure Hash Algorithm (SHA1) where the current time stamp, user mac identification number, IP address and other extra slats are added to strengthen the data.The Pseudocode for public key generation in PHP is depicted below and illustrated by a flowchart in Figure 3.

Define file_type_variable if detect file type:
Get

Figure 3. Public Key Generation Process
As depicted in Figure 4, the customized development mechanism for the private key differs from the public key in their encryption type.For the private key, it takes the time stamp of uploading a file and make a strtoupper() function to generate its uniqueness then uses file type, file original name, and file extension to generate a temporary file name.This temporary file name is then encrypted by MD5() algorithm first before the next initiatives which are to use SHA1() for encryption.

Define file_type_variable if detect file type:
Get The proposed algorithm mitigates unauthorized access thereby preventing MITM attacks efficiently by handling header part of any uploading file.The header part is primarily design for restricting unauthorized access.During authorized access, the hidden header variable update sender out of the box that someone else authorized to access this file.On the other hand, this unauthorized access file will disappear from recipient side, so that there are no possibilities from recipient side to access any corrupted file.Figure 5 shows the flowchart of the full mechanism for preventing un-authorization of the data from MITM attack.

Algorithm Implementation
Taking into account cloud computing environment, the algorithm design was such that it conforms to the functional, structural and behavioral modelling of CC.Initially, 1600 raw files shown in Table 1 and Table 2 are randomly selected from document, text, pdf, jpg, png, gif, ppx, and pptx for training and evaluating the algorithm.All raw data are selected for different platforms and operating system.Mainly this test focused on Mac, Windows, and Linux (ubuntu) OS.

RESULTS AND ANALYSIS
The evaluation benchmark is based on PHP unit test by directly inserting object in the uploading files.After randomized insertion, PHP unit test benchmark the uploaded file.In the first batch file, the randomized inserted object added for testing in PHP unit test whether the designed algorithm can detect the injected object or not. Figure 6 show the testing environments and the result of this benchmarking for the evaluation of inserted objects during file transfer form one state to another (Data in Transit).This benchmarking shown in Figure 6(a) found two inserted object in uploading a file that has changed from the original file.Figure 6 (b) shows the screenshot of another batch of uploaded files, and the result confirmed that the uploaded data had not been tampered with.This evaluation was done on CentOS in Linux distribution.In each batch of this test, four objects were inserted during sending a file from one state to another.It is pertinent to note that, if a file is affected by the inserted object, the signature header change automatically by alerting the recipient that file has been modified during transferring from one state to another.In this case, the header detection in recipient section, send an acknowledgement to the sender that the last sending file has been modified/ corrupted by a third party, which requires being resent.This response is also generated by the proposed algorithm.Subsequently, 500-unit data test was conducted on different version of Windows OS and 200 from mac and Linux distribution in batches of randomized injected objects.The accuracy for detection rate is found at 87% from the overall data test.

CONCLUSION
This paper proposes an algorithm for data in transit security in cloud computing environments.The algorithm is designed to assign unique two-layer secure key detection system for preventing unauthorized access and detection of an injected object in Data in Motion.The proposed algorithm helps in mitigating Man In The Middle attack, which is one of the severe threat in transferring data from local machine to the cloud and vice versa.For the algorithm design, training and implementation, several randomized combinations from a set of 1600 distinct Data files were used.The accuracy of the algorithm was found to be 87%.It was discovered that the 13% undetected files were due to mass exceptions.The algorithm can also benefit from more training with more substantial data set to improve the detection rate and ease of deployment.Also, all files were tested on different types of operating systems such as MAC, Linux and Windows.

Figure 1 .
Figure 1.Man in the Middle (MITM) attack on Data in Motion

Figure 6 .
Figure 6.Testing Algorithm Code in (A) Mac (B) Linux and (C) Windows Environments

Table 2 .
Selected Raw Data Classification based on Data Size