An Implementation of Securing the Sensitive Data at Application Level using Jordan’s Totient – RSA in Big Data

An Implementation of Securing the Sensitive Data at Application Level using Jordan’s Totient – RSA in Big Data

Naveen Kumar R#1,

#1 Research Scholar, Department of Computer Science,

S.V.University, Tirupathi

Prof Padmavathamma Mokkala*2

*2 BOS,

Department of Computer Science, S.V.University, Tirupathi

Abstract – In the Big data world securing the sensitive data become more complex and time consuming process. In the big data sharing of sensitive, it exacerbates the threat of sensitive data falling into the un-authorized. To combat this sensitive data threat, enterprises turn to cryptosystem. In the cryptosystem encryption is the process of encoding sensitive data so that only authorized or privileged parties can decrypt and read the sensitive data applying this methodology in application level we provide complete security on the sensitive data

Keywords: Sensitive Data Cryptography Policy Data Encryption – Privileged User Multi-Prime RSA

1. INTRODUCTION:

   In the new modern distributed big data[1],[2],[3] environment the organizations and individuals are more connected to digitally than ever before. In the Digital world the government\Companies collecting the massive data of their resource. For the day to day active this big data will help a lot, but it may not have the fundamental assets of securing the sensitive data is missing. If a security breach occurs to big data, it would result in even more serious legal repercussions and reputational damage than at present.

   In this new modern world many companies are using the technology to store the sensitive[4], [5] and non- sensitive data which may be petabytes. As a result, information classification becomes even more critical. In classification of sensitive data and encrypting the sensitive data is very essential. Not only security but also data privacy challenges existing industries and federal organizations. With the increase in the use of big data in business, many companies are wrestling with privacy issues on the sensitive data.

   Data privacy [1][2] is a liability, this must be on privacy defensive on sensitive data. But unlike security, privacy on sensitive data should be considered as an asset. There should be a balance between data privacy and security on sensitive data.

2. RELATED WORK

   Data sources for information fed into a Big Data implementation inevitably contain either sensitive, protected information or key intellectual property. This information is distributed throughout the Big Data implementation. That entire sensitive data should be protected. Todays big data environments often include both sensitive and no sensitive data (including anonymous data). Hackers can correlate de- anonymized[6] data sets to identify people and their

   preferences. Generally speaking, outsiders are prevented from accessing big data environments by traditional perimeter security at the boundaries of a private network. However, with todays sophisticated break-in strategies, perimeter security is no longer adequate. Criminals often try to lift health information, credit card numbers, and other vital information in order to sell it on the black market. No company wants its data to be compromised or its systems to be breached. However, most traditional IT security practices arent strong enough to resist the new types of malware, phishing schemes, netbots, and SQL injection attacks unleashed by cybercriminal organizations for sensitive data.

   Security Issues with Hadoop[7], [8], [9], [10] Many of todays big data projects incorporate Apache Hadoop, an open-source framework for storing and processing big data in a distributed fashion. Business analysts load data into Hadoop to detect patterns and extract insights from structured, semi-structured, and unstructured data. Unfortunately, not all organizations have strong data security in place for these activities. There may be personally identifiable information and intellectual property loaded into these data sets. Initially developed as a way to distribute big data processing jobs among many clustered servers, the Hadoop architecture wasnt built with security in mind. Namely, it lacks access controls on the data, including password controls, file and database authorization, and auditing. As such, it doesnt comply with important industry standards such as the Insurance Portability and Accountability Act (IPAA) and the Payment Card Data Security Standard (PCDSS) [11] ,[12].

   Sometimes supplementary group of users can access sensitive data. So we need to provide the privileges user can access sensitive data. Applying the Policy for classification of sensitive data after classification we use our proposed model to encrypt the sensitive data. Using this it will overcome the time and space complexity. Our proposed model ensure that authorized users can only access the sensitive data that they are entitled to access and also the protection of data in the rest and transit mode.

3. PROPOSED MODEL

   In our proposed approach secure model will provide company can restrict the sensitive data access and data theft which leads potential threat of the company. To overcome this issue we are proposing the privilege user access control on sensitive data at application level.

   RISK Level	Time Complexity		Security Level
   	Data Reading	Data Writing
   Full Disk Encryption	Time Intense	Time Intense	Semi- Moderate
   File Level Encryption	Time Intense	Time Intense	Semi- Moderate
   Application Encryption- Privileged Users	Moderate	Moderate	Moderate

   RISK Level	Time Complexity		Security Level
   	Data Reading	Data Writing
   Full Disk Encryption	Time Intense	Time Intense	Semi- Moderate
   File Level Encryption	Time Intense	Time Intense	Semi- Moderate
   Application Encryption- Privileged Users	Moderate	Moderate	Moderate

   Decryption Phase

   In this phase only privileged users can decrypted the sensitive data which is encrypted earlier phase. So security will provided in the application level which will more at transit level.

   Encrypting the sensitive in application will give more secure at transit phase. Which is better approach than disk and file encryption[13]. Below table will shows the advantages of application level encryption.

   Jordans Totient RSA algorithm: We use the Jordans Totient RSA[14] algorithm as a basis to provide data-centric security for Sensitive shared data:

   • Randomly chosen two distinct primes p, q.

   • Calculate N = pq

     k

     k

     RISK	Full Disk Encryptio n	File Level Encryptio n	Application Encryption- Privileged Users
     Data unrecoverable when drive stolen or lost from data center	Yes	Yes	Yes
     Data made inaccessible to root and system admins	No	es	Yes
     Data made in accessible to admins	No	Yes	Yes
     Create access logs for threat analytics	No	No	Yes
     Unstructured data , config files, logs protected from theft	Yes	Yes	Yes

     RISK	Full Disk Encryptio n	File Level Encryptio n	Application Encryption- Privileged Users
     Data unrecoverable when drive stolen or lost from data center	Yes	Yes	Yes
     Data made inaccessible to root and system admins	No	Yes	Yes
     Data made in accessible to admins	No	Yes	Yes
     Create access logs for threat analytics	No	No	Yes
     Unstructured data , config files, logs protected from theft	Yes	Yes	Yes

     • Calculate Jk (N ) N

       (1 pk )

       P / N

       In application level encryption we are purposing Key Generation & Policy Management, Encryptioning the Sensitive Data, Decrypting the Sensitive Data for authorized users, privileged user access control management

       Policy Management

       In this policy management approach will apply the standard policy such as Insurance Portability and Accountability Act (IPAA) and the Payment Card Data Security Standard (PCDSS) etc., using this policy user can classify the sensitive and non-sensitive data after classification of the sensitive data. Out proposed encryption process will encrypted those data and stored into the bid data environment.

       Key Generation Phase

       In this phase our proposed system will generate the key privileged users will get the users key, using this key user can encrypt and decrypt the sensitive data. To generating the Key Generation we can use the public key cryptosystem like Jordans Totient RSA[14] etc., Policy management will classify the sensitive data from the file so sensitive data cant be tampered or hacked from other users such as Admin, Cloud Provider & Outsource Administrators of Cloud.

       Encryption Phase

       In this phase after classified sensitive data will encrypted and stored in the Big Data so that non-privileged users cannot be read or altered the secure data, secure data cant be tampered or hacked from other users such as Admin, Cloud Provider & Outsource Administrators of Cloud.

   • Select e such that e is relatively prime to Jk(N) and less than Jk(N)

   • Calculate d such that de congruent modulo 1 (mod

     Jk(N)) and d< Jk(N).

   • Public key = {e, N}

   • Private key = {d, N}

   • Cipher message c = ( msge) mod N

   • Plain text msg = cd mod N

   In the work flow we are elaborating the process step by step

   Work Flow

   Step 1:- Users data having sensitive and non-sensitive data transferring to the App Servers using the Standard policy

   Step 2:- Data is moving\transferring to the Big Data[5][6] clusters through App Server, while transferring the data through App Server we need encrypt the sensitive data using the Key & Policy Management. Key Management will generate keys and distributing to the group or users using the private using Jordans Totient RSA algorithm as shown above.

   Step 3:- Privileged users Key and Policy classification (IPAA\ PCDSS) sensitive data is encrypting and storing in the Big Data clusters

   Step 4:- while accessing sensitive data, primarily the system will check users Key and their policy in Key Management and Policy Management after successful authentication privileged users can decrypt the sensitive data. If non- privileged users (Admins, Root users, Cloud Provider / Outsource Administrators) trying to access the sensitive data they will receive the encrypted data

4. CONCLUSION

In this paper we have implemented Jordans Totient RSA algorithm for encrypt the sensitive data to the file for privileged users after applying the policy classification. Using the above model its hard to hack or tamper the sensitive data for non-privileged users such users (Admins, Root users, Cloud Provider / Outsource Administrators) [15]. From the results we obtained it is proved that Jordans Totient RSA gives more protection only authorized user can retrieve the encrypted data and decrypt it.

REFERENCES

1. Magoulas, Roger; Lorica, Ben (February 2009). "Introduction to Big Data". Release 2.0. Sebastopol CA: O'Reilly Media

2. http://www.sas.com/en_us/insights/big-data/what-is-big- data.html

3. https://globalecco.org/big-data-insider-threats-and- international-intelligence-sharing

4. "Sensitive Information" (definition) Aug. 23, 1996. Retrieved Feb. 9 2013.

5. "DEPARTMENT OF INDUSTRY: PERSONAL INFORMATION PROTECTION AND ELECTRONIC

   DOCUMENTS ACT" Canada Gazette, Apr. 03 2002. Retrieved Feb. 9 2013.

6. http://motherboard.vice.com/read/even-tor-cant-save-small- time-hackers

7. https://www.qubole.com/blog/big-data/hadoop-security- issues/

8. https://securosis.com/assets/library/reports/Securing_Hadoop_ Final_V2.pdf

9. https://securosis.com/blog/securing-hadoop-architectural- security-issues

10. http://www.bmc.com/blogs/big-data-security-issues- challenges-for-2016/

11. https://en.wikipedia.org/wiki/Health_Insurance_Portability_an d_Accountability_Act

12. http://searchdatamanagement.techtarget.com/definition/HIPA A

13. http://blog.vormetric.com/2015/06/23/locking-down-data-full- disk-encryption-vs-file-level-encryption/

14. Performance analysis of Jordan Totient RSA (JkRSA) and NTRU, International Journal of Scientific & Engineering Research, Volume 5, Issue 3, March-2014 1099 ISSN 2229- 5518

15. https://www.vormetric.com/data-security-solutions/use- cases/privileged-user