Biometric Based User Authentication and Privacy Preserving In Cloud Environment

Cloud technology provides advantage of storage services for individuals and organizations thus making file access easy and simple irrespective of location. The major concern is the security while the file is been outsourced. Maintaining integrity, file unchanged, gaining confidentiality during file outsourced plays an important role. In this paper, we propose identity based data outsourcing technique to provide data security during authorization and storage. For data authorization we propose finger print based authentication. The fingerprint based authentication is performed using Minutae Map algorithm (MM). For data security we convert the data owner files to hash values using SHA algorithm. Finally in the cloud storage stage, data security and data availability is addressed using multiple cloud storage system.


Introduction
Cloud computing is an emerging technology making accessibility of applications globally possible. This saves much time and cost for the data owners to migrate their applications to the cloud server. The major significant part to motivate data owners to migrate to cloud server is because of SaaS, IaaS, PaaS services. The major concern in migrating to cloud server is the security aspect. The data owner integrity plays an important role and concern because the data owner loses his physical control once the file is been outsourced to a third party cloud storage. Usually the cloud storage is managed by few cloud service provider (CSP) [1]. This paper address two major concerns, 1. Data security during authorization and 2. Data security and data availability in cloud storage. Thus in the existing approaches, authorization by data owners and authorized delegates is not given much importance. Authorization plays an significant role in analyzing the request and provide response. There are many tools to execute illegal authorization which makes the authorization process difficult. Many big cloud storage providers like amazon, dropbox, Google provide initially get the permission for designated entity to upload the data files on behalf of the data owner. In this case, the system cannot able to validate whether the delegator or authorized delegated entities or not authorized persons have uploaded, modified the file [2].
We observe two critical issues not well addressed in existing proposals. First, most schemes lack a controlled way of delegatable outsourcing. One may note that many cloud storage systems (e.g., Amazon, Dropbox, Google Cloud storage) allow the account owner to generate signed URLs using which any other designated entity can upload, and modify content on behalf of the user. However, in sometime the data owner has to trust the delegeatees and the cloud service provider. But to gain confidence and maintain integrity the application should be able to verify and validate authorized and unauthorized users so that the files won't be changed by unauthorized users [3] [4].
In existing approach does not ensure to support with data availability all the time. In existing approach the application is stored in a single cloud during maintenance or when the server is down, data availability is a major concern. In this case, user has to wait until the application is up again to request and get the response. To overcome this problem, multiple cloud storage system can be introduced to make the data available from server 2 if server 1 is under maintenance [5]. [6] This research paper explains about the cloud storage system in which whenever the data owner get changes then the data owner again has to re-assign the designated entities in the cloud server. This is time consuming and everytime the data owner has to sign the contract with modified designated entities.

Related Works
[7] This paper briefs multiple cloud storage scheme which can provide easy data migration of applications to cloud environment. In this article the authors also addressed key exposing issue as well.
[8] This paper elaborates existing auditing schemes in which it explains about the homomorphic signatures. This paper states that anyone can able to audit the data owner outsourced data without even having the knowledge of the credentials of the data owner. This is designed in the concept of data owner can easily assign the auditing task to the third party preserving the private information.
[9] This article proposed a scheme through which the delegate can perform auditing protocol to become the delegate for the outsourced data files of respective data owner's. This scheme also discuss prevention measures for collusion attacks.
[10] This paper explains multi-cloud storage system. In existing approach, storage of data in single cloud always have the risk of data availability failure due to attackers tries to perform cloud attack and compromise the server. This paper propose multiple cloud storage which reduces the risk of unavailability. This proposed scheme provides storage data in customer available budget. [11] This paper discuss about fingerprint analysis by extraction of features like bifurcation and termination points from the finger. This paper states minutae map based feature extraction algorithm provides promising matching accuracy.

Methodology
The proposed architecture explains securing user data using fingerprint based authentication. For fingerprint analysis we have used standard dataset images. Also used minutiae map algorithm for fingerprint feature extraction and comparison. Along with the user fingerprint, the respective user IP and MAC address are stored. If the user satisfies the above steps then the user can able to upload and access the data from cloud. For cloud environment we have used public cloud named CloudMe. To secure the user data the user files are encrypted using SHA algorithm and stored in the cloud.

Fig 1. Proposed Architecture
We propose identity-based data outsourcing technique in which the data owner and designated entities are audited before accessing the files and getting into the application. The IBDO technique mainly provides two advantages during data authorization and data storage. The data authorization phase involves mainly authorizing the data owner and designated entities. Designated entities are nothing but can able to upload, modify, delete the file on behalf of data owner, when the data owner is unavailable. The application find it difficult to validate authorized and unauthorized users during authorization. To resolve this problem, we proposed fingerprint based analysis along with MAC address validation, file type analysis makes the unauthorized access of files difficult making collusion attack also difficult for the intruders. For fingerprint analysis, we have used minutiae maps algorithm for fingerprint feature extraction and matching. Minutiae Map algorithm identifies the bifurcation and termination values from the fingerprint image. Ridge termination is the point at which ridge ends. Bifurcation is the point at which ridge splits into two halves. This is been explained in the below figure 2. Our module extracts user fingerprint total bifurcation, termination values along with its location (X, Y coordinates) and stores in the database during user registration. To add more security protocols along with fingerprint analysis, we integrated MAC address validation and previous file type access pattern analysis.
The data security during data transmission and storage system is provided using SHA algorithm and multiple cloud storage system. The SHA algorithm eliminates the complex cryptographic process by usage of hash values. Finally data security and data availability is performed using multiple cloud storage. In this the data owner file is duplicated and stored in multiple cloud servers to make the data available whenever the server is down due to maintenance. For cloud storage, we are using public clouds, namely CloudMe. Thus multiple cloud schema provides high information security against cloud service provider trying to access the data owner files. The whole proposed system provides confidentiality, security, integrity for the data owner information.

Fig 3. Dataowner file upload
After successful biometric based authentication, the data owner can able to access the application and can able to upload the file.  Figure 5 shows the view page of the users in our application. The view page managed by the super admin consists of data owner name, designated entities, file types, ip address and mac address. If there is any discrepancy the respective entity would be blocked and allowed for further inspection.

Conclusion
Motivated by the application needs, this paper addresses the problem of secure authorization and data security. For secure authorization, we used fingerprint analysis using minuate map algorithm. File security is performed using SHA algorithm. Thus the proposed system is provably secure and efficient by making the data available using multiple cloud storage system.