Introduction
The Hash Message Authentication Code is basically some kind of message authentication code that constitutes a hash function as well as the cryptographic key. It majorly facilitates verification of both the integrity of data and message authentications. It is worth noting that hashing is actually done twice in this context. This double hashing is actually meant to resist various forms of cryptographic analysis. This data, on the other hand, Data Encryption Standard refers to the primary standard for the all-time encryption of data and a form of secret cryptographic key. Normally, the Data Encryption Standard makes use of only one key for both encryption and decryption. This calls for the need for the sender and the recipient to have the same private key in the entire process if it is to be effective.
Equally, technological advancements and market competition have pushed many organizations to adopt cloud storage as a method of keeping and maintaining their data. Cloud storage is a data access method that allows users to store, access and manipulate their data on an online platform. Cloud storage allows its users to access the data from multiple locations. Cloud storage increases the reliability and accessibility of data. This high reliability and accessibility are due to rapid deployment, data backup and strong protection implemented by the service providers. Service providers as well provide archival and disaster recovery methods to its users. There are many advantages that can be associated with cloud storage. However so, there is the question of security concerns for the cloud stores. This necessitates my research on ways of improving the security of cloud stores. The advantages of include affordability as the users do not have to incur the cost of purchasing and maintenance of the hardware. There are four types of cloud storages. These cloud storages include personal, hybrid, private and public cloud storages.
Personal cloud storage
This cloud storage can be referred to as mobile cloud storage as well. This personal cloud storage is a subset of public cloud storage. This store allows individual people to access data from anywhere. This personal cloud storage provides data synchronization to different devices. A good example of a personal cloud storage system is the iCloud storage for Apple users.
Public cloud storage
Public cloud storage is whereby the service provider and the organization are dependent on each other but are separated. In this scenario, there is no data stored at the organization. The service provider is fully responsible for the organization data management and the maintenances of infrastructure.
Private cloud storage
This is a scenario whereby the service provider and the organization’s data center are integrated. In this scenario, the service provider has its storage facility at the organization. However so, it is the responsibility of the service provider to carry out the maintenance of the infrastructure. These private cloud storages address the security concerns of its users whereas attracting the benefits that come with cloud storage.
Hybrid cloud storage
This storage mechanism involves a combination of both the public and private cloud storages. In this case, critical information about an organization is kept in the private cloud storages whereas the rest of the data is kept in the public cloud storages.
Advantages and disadvantages of cloud storages
Cloud storages attract numerous advantages. The most outstanding advantage is the accessibility aspect of the cloud stores. This accessibility is due to the fact files and data stored in the cloud stores can be accessed from any location at any time as long the user is connected to the internet. The second advantage of the cloud storages is the backups. Organizations do not have to incur recovery costs in the event that face a disaster. On the contrary, the cloud storages limit its users on the bandwidth. In the case that a user has poor or unstable internet, he may not be able to access the data. The other disadvantage is that organizations with large amounts of data may be forced to spend more money in order to get all their information stored in these cloud storages. Lastly, the cloud storages peg the question of data security. As much as the cloud stores seem to be celebrated for solving storage problems. The integrity of the data must be maintained. There are several ways of enhancing data security in cloud storages. This essay will explore two ways of enhancing cloud storage security. These two ways include Hash Message Authentication Code and Data Encryption standard.
HOW HAS HMAC & DES ENHANCED CLOUD STORAGE SECURITY?
Cloud computing is one of the critical information technologies. The sharing of information over the internet calls for enough security in cloud storage in an effort to keep the information on the internet secure and confidential to the relevant parties alone. It also requires protection against manipulation on a day to day basis. Data and information on the internet that is being shredded globally need to be secured against malicious access. Access control is, therefore, an important factor to be considered in ensuring that the services offered in the cloud securely. This is supposed to be done in order to satisfy the conditions of the CIA triad with respect to confidentiality, integrity, and availability. The entire technology of hash message authentication code and the data encryption standard are employed to enhance the security of cloud storage to the desired levels in this technological era.
DES helps in protecting various cloud storage credentials and passwords from possibly being stolen. External attackers are equally are taken care of by avoiding transfer and storage of passwords in plaintext form which can pose various exposure risks. It equally takes care of eavesdropping and spyware. In an effort to minimize and avoid such exposure, extremely reliable and very powerful authentication and encryption systems with technical mechanisms are used to minimize the possibility of exposure of the unencrypted credentials. It is also meant to ensure that every bit of data used for authentication which is transmitted and stored will certainly be of minimal use to the attacker.
In the process of securing cloud storage, DES makes use of three hybrid encryption techniques namely:
Symmetric AES algorithm
This is basically used to encrypt files in an effort to protect them from unauthorized access.
Asymmetric RSA
This is used to encrypt AES password
HMAC
It enables the encryption of symmetric password as well as data to realize a completely secure transmission between servers and clients.
DIFFERENCE BETWEEN HMAC & DES
Hash message authentication code (HMAC) usually comprises of a hash function and a cryptographic key while Data Encryption Standard (DES) merely contains one key that takes care of the encryption and decryption of data. The cryptographic hash function in HMAC helps in calculation of the HMAC and the message authentication code algorithm obtained at the end. Such algorithms are called HMAC-X, where X basically represents the hash function employed in the process. In this regard, it is important to note that the Hash Message Authentication Code cryptographic strength is usually dependent on the three main elements:
The cryptographic strength of the underlying hash function.
The size of its hash output.
The size and quality of the key.
Unlike the HMAC, the DES is known to be the block cipher thus employs the use of cryptographic key algorithms on a block of data at the same time.
How to implement the DES and HMAC
Data Encryption Standard
This is a symmetric-key algorithm. This algorithm uses block ciphers to encrypt its data. DES got published by the National Institute of standards and technology (NIST). DES aids in securing various cloud storage credentials and passwords from possibly being stolen. External intruders are equally are taken care of by avoiding transfer and storage of passwords in plaintext form which can pose various exposure risks. It equally takes care of eavesdropping and spyware. In an effort to minimize and avoid such exposure, extremely reliable and very powerful authentication and encryption systems with technical mechanisms are used to minimize the possibility of exposure of the unencrypted credentials. It is also meant to ensure that every bit of data used for authentication which is transmitted and stored will certainly be of minimal use to the attacker. DES implements the Feistel cipher model. In its implementation, it employs the use of 16 round Feistel structure. The standard block size is usually 64-bit. However, the key length is 64-bit. Out of the 64 bits, only 56 bits are put in use. The rest of 8 bits are not used for encryption instead for the function of check bits. The figure below illustrates the working of DES.
The basic structure of DES is Feistel cipher. For a Feistel cipher structure, all that is required is a round function, key schedule, and any additional processing-Initial and final permutations. The initial and final permutations permutation boxes that are inverse to each other. However, these permutations have cryptographic significance in the DES. The round function is of great significance in the DES. The DES function uses a 48-bit key to the rightmost to have a 32-bit output. The figure below illustrates how a key function works.
The key generation is simple. The round key generator does create 48-bit keys out of the cipher of 56-bit. After the production, the DES function will analyze the cipher to establish its strength and effectiveness. The DES uses two aspects to determine the effectiveness and strength of a cipher. The first aspect is the avalanche effect, and this establishes the impact of a small change on a plaintext to its impact in the general text. For a secure cipher, a small change in a plain text must result in a significant difference on a ciphertext. The other aspect of the DES uses to analyze is the completeness of the key. Despite the fact that there have not been any significant cryptanalytic attacks except for the crucial exhaustive search, The DES has proved to have some weakness that has resulted in its obsoleteness in the recent past.
Hash Message Authentication Code.
Cloud storage is the future of technology. However so, data integrity is of great importance when it comes to cloud storage. The Hash Message Authentication Code is some message authentication code that is made up of a hash function as well as the cryptographic key. It mainly facilitates verification of both the integrity of data and message authentications. It is worth noting that hashing is done twice in this context. This double hashing is meant to resist various forms of cryptographic analysis. Hash Message Authentication Code tries to solve the integrity question of the data stored in the cloud stores. This HMAC strives to enable two communicating entities to verify the integrity and authenticity of messages sent and received. HMAC is mostly applied in secured file transfers such as HTTPS, FTPS, and SFTP. These protocols achieve their authenticity and integrity from the HMAC.
The significance of data integrity in file transfers
The success of any business or organization depends on its decisions and processes. These decisions and process largely depend on the secure and reliable information and data a company or organizations it establishes. If the integrity and security of the data get interfered unnoticed, it may affect the decision-making process of an organization. This interference prompts the organization to have precautionary measures that will help them establish the integrity of the data transmitted over the internet. The businesses and organization must also put a measure that will ensure that they can establish any interference of the data transmitted over the internet in case any. These interferences may include alterations or reading of the data. These measures ensure the integrity of the data is maintained. There are several precautionary that can provide the integrity and security of information is maintained. File transfer protocols such as FTPS, HTTPS, and SFTP use HMAC as a preventive security feature. HMAC can counter threats posed to the data transferred hence maintaining the integrity of the data. HMAC is the keyed-Hashing for Message Authentication. This key is a message authentication code that gets obtained when running a cryptographic hash function. These cryptographic hash functions include the MD5, SHA1, and the SHA2556. These cryptographic hash functions run over the data that is getting authenticated. The sender shares the secret key that was used to encrypt the data to the receiver. The receiver uses this shared secret key to decrypt the data as well as determine the integrity of the data.
HMAC shares a close similarity with digital signatures in terms of data of integrity and authenticity. Both the HMAC and digital signatures use cryptographic keys to enforce their authenticity and integrity. The main difference between the HMAC and digital signatures is the HMAC uses symmetric keys whereas the digital signatures use asymmetric keys.
The working mechanism of HMAC
To understand the working of HMAC, we must first evaluate how the hash function is used to implement data integrity of a file. For example, if a client application downloads a file from a remote server like Facebook. It is presumable that both the client and server are in agreement on which has a function they are going to use, e.g. SHA2. Once the client application requests for the file, the server takes the data and obtains the hash of the file. The hash of the file is accomplished through the hash function of the server. The server then sends the message digest(hash) along with the file. The client application receives and downloads the hash and the file. The client application takes the SHA2 hash function and then compares it with the downloaded hash of the file to establish whether they are similar. This comparison helps the client application to determine whether the file has interfered in the process of transmission. The figure below shows how HMAC works.
The hash function bases its ability to establishing whether the file has been interfered with by comparing the hashes. In the process of transmission that an intruder intercepts the downloaded file, and manipulates the contents of the file. The client application will notice these changes through the comparison of the hashes. The similarities of the two hashes are done by running the agreed hash algorithm by both the client application and the server. When there are interferences in the sent file, the hashes from the sender will not match the hash at the receiver. Whenever the hashes do not match, the client application will disregard the downloaded file. This is how hash determines the integrity of the data.
The hash function can only establish the integrity of the data. This implies that if the hash function can not determine whether the file received originates from an authentic source. Because, the hash function can only establish the interference of a file, its authenticity can be questioned. In cloud storage, both the authenticity and integrity of a file are paramount. To enhance both the authenticity and integrity of a file, file transfer protocols employ the use of HMAC. The types of file transfer protocols that use this method include FTPS, SFTP, and HTTPS. The HMAC uses both the hash and a secret key. The client application and the server share messages through a secured file transfer protocol. This message sharing enhances that both the data integrity and authenticity are kept intact. The sender shares its secret key and the hash to the receiver. Through this agreed secrets keys and hash functions, the receiver runs an algorithm that establishes both the authenticity and integrity of a file.
The secret key achieves its purpose of authenticating a file because it gets generated during the key exchange process. This key exchange process is the preliminary process required by the communicating parties. It is the communicating parties who are aware of the secret key. This communication implies that it is only the communicating parties who can achieve a similar result whenever computing a particular message corresponding to a MAC. The shared secret key does this computation. Whenever the communicating parties are not able to achieve the same results, it is evident that the message has been interfered with hence need to be disregarded.
Benefits of using HMAC for file transfers
It is worth noting that there are significant benefits of using HMAC as a method of transferring files. The first obvious benefit is, its ability to determine the authenticity and integrity of a message. The second benefit is efficiency. The efficiency of data integrity-checking mechanism of HMAC is high. This efficiency of the HMAC is as a result of the hash function. The hash function can transform messages into a fixed-length digest. This implies that the length of the messages does not determine the size of the message digest hence helping in bandwidth maximization.
Factors determining the choice of HMAC
HMAC strength is predominantly dependent on its hash function. The basis of identifying a hash function largely on its hash function. This basis results in different types of HMAC algorithms. These HMAC algorithms include HMAC-MD5, HMAC-SHA256, and HMAC-SHA1. Each of these algorithms has got their vulnerabilities as well as their strengths. For example, MD5 is vulnerable to collisions. However so, the HMAC-MD5 is not affected by vulnerabilities. Despite this, the SHA-1 is still stronger cryptographically.
Similarly, SHA-2 stronger cryptographically than SHA-1. SHA-2 exists in different forms. These forms include SHA-224, SHA-256, and SHA-512. The choice of which HMAC one needs to use largely depends on its underlying hash function. For example, a user who considers performance over the security of the data transferring would prefer HMAC-MD5 whereas the user who prefers security over performance may go with HMAC-SHA256 instead. These factors are very crucial when determining the method of file transferring in cloud storages.
Discussion
From the analysis above, it is evident that the DES is technologically outdated. Therefore, this DES cannot be used in cloud storage despite its good feature on attacks. This implies that it is only the HMAC that can be used in enhancing cloud storage security. HMAC algorithm has got three classes of security algorithm. The first algorithm is HMAC-MD5. This algorithm is the most preferred algorithm when it comes to enhancing performance. This algorithm was developed the RSA laboratories, and it accepts keys of any size. The algorithm then gives a 128-bit length of a hash function. This high security feature by this algorithm is primarily attributed to its ability to mix messages with the hash value to output a 128-bit length of data. This algorithm can establish the validity of a message through the use of a secret key. However, the validity of this method largely depends on the secrecy of the key. Once the key gets exposed the validity of the message is not guaranteed. To guarantee the confidentiality of the key, it is usually advocated that the message and the key get transmitted using different mediums. This helps if an attacker gets the message he cannot decrypt it since he does not have the key. However, if the key and message get transmitted using the same medium and the attacker gets the message, it will be much easier for him to interfere with the contents of the message. In the case where security prevails performance, it is recommended that the users use SHA-1 and SHA-2. These algorithms may exist as SHA-224, SHA-256, and SHA-512. Their security strengths depend on their number of bits. For example, SHA-512 has the most robust security feature for it has 512-bit length. This implies that there are 512 possible combinations of 1s and 0s on a single key. This combination means that for a single key, there are trillions of possible results, this unlike the MD5 with 128 bits proofs to be more superior to have interfered. However so, the key and the message must be transmitted using different mediums. Also, it is important to note that the secret key must be kept secret because once an attacker gets the key, the data integrity becomes automatically questionable. Every business and organizations have a goal to be successful. The success of any company or organization mostly relies on its decisions. These decisions mainly depend on the security and reliability of its information and data. If the integrity and security of the data get interfered unnoticed, it may affect the decision-making process of an organization. This interference prompts the organization to have precautionary measures that will help them establish the integrity of the data transmitted over the internet. The businesses and organization must also put a measure that will ensure that they can develop any interference of the data transmitted over the internet in case any. These interferences may include alterations or reading of the data. These measures ensure the integrity of the data is maintained. There are several precautionary that can provide the integrity and security of information is maintained. File transfer protocols such as FTPS, HTTPS, and SFTP use HMAC as a preventive security feature. HMAC can counter threats posed to the data transferred hence maintaining the integrity of the data. HMAC is the keyed-Hashing for Message Authentication. This is a message authentication code that gets obtained when running a cryptographic hash function. These cryptographic hash functions include the MD5, SHA1, and the SHA2556. These cryptographic hash functions ran over the data that is getting authenticated. The sender shares the secret key that was used to encrypt the data to the receiver. The receiver uses this shared secret key to decrypt the data as well as determine the integrity of the data.
In conclusion, Cloud computing is one of the essential information technologies. The sharing of information over the internet calls for enough security in cloud storage to keep the information on the internet secure and confidential to the relevant parties alone. It also requires protection against manipulation on a day to day basis. Data and information on the internet that is being shredded globally need to be secured against malicious access. Access control is, therefore, an essential factor to be considered in ensuring that the services offered in the cloud securely. This is supposed to be done to satisfy the conditions of the CIA triad concerning confidentiality, integrity, and availability. The entire technology of hash message authentication code and the data encryption standard are employed to enhance the security of cloud storage to the desired levels in this technological era.
DES equally helps in protecting various cloud storage credentials and passwords from possibly being stolen. External attackers are equally are taken care of by avoiding transfer and storage of passwords in plaintext form which can pose various exposure risks. It similarly takes care of eavesdropping and spyware. To minimize and prevent such exposure, extremely reliable and very powerful authentication and encryption systems with technical mechanisms are used to reduce the possibility of exposure of the unencrypted credentials. It is also meant to ensure that every bit of data used for authentication which is transmitted and stored will undoubtedly be of minimal use to the attacker. Lastly, it is through the enhancement of cloud storages that the world will see a transformation of its business and organizations. However, these businesses must ensure that their information and data is kept secure.
Do you need high quality Custom Essay Writing Services?