Information and Knowledge Management www.iiste.org ISSN 2224-5758 (Paper) ISSN 2224-896X (Online) Vol 1, No.1, 2011 40 | Page www.iiste.org Enhancing Security in Cloud Computing Joshi Ashay Mukundrao (Corresponding author) D.Y. Patil College Of Engineering, Akurdi, Pune University of Pune, Maharashtra, India Tel: +918446356591 E-mail: ashay016@gmail.com Galande Prakash Vikram D.Y. Patil College Of Engineering, Akurdi, Pune, University of Pune, Maharashtra, India Tel: +919422962961 E-mail: prakashgalande21@gmail.com Abstract Cloud computing is emerging field because of its performance, high availability, least cost and many others. In cloud computing, the data will be stored in storage provided by service providers. But still many business companies are not willing to adopt cloud computing technology due to lack of proper security control policy and weakness in safeguard which lead to many vulnerability in cloud computing. This paper has been written to focus on the problem of data security. Service providers must have a viable way to protect their clients’ data, especially to prevent the data from disclosure by unauthorized insiders. To ensure the security of users’ data in the cloud, we propose an effective and flexible scheme with two salient features, opposing to its predecessors. Avoiding unauthorized access to user’s data by signaling user by sending message to his/her mobile number at the start of transaction. Displaying fake information in case of unsuccessful login for avoiding further login trials by intrusion (Honeypot). Keywords: Cloud Computing, Authentication, Honeypot 1. Introduction to system Refer Figure 1 A common approach to protect user data is that user data is encrypted before it is stored. In a cloud computing environment, a user’s data can also be stored following additional encryption, but if the storage and encryption of a given user’s data is performed by the same service provider, the service provider’s internal staff (e.g., system administrators and authorized staff) can use their decryption keys and internal access privileges to access user data. From the user’s perspective, this could put his stored data at risk of unauthorized disclosure. In which if a user (either employee or anonymous) want to access the data if it belongs to protection then user have to register itself (if he is already registered need not require further registration Now suppose the user registered itself for accessing data, Organization will provide username and password for authentication. At the same time organization sends the username to cloud provider. Request for access data 1. Request for access data 2. Send the signal to redirect person 3. Redirects Now when user sends request along with username to access the data to cloud provider, the cloud provider first check in which ring requested data belong. If authentication is required, it first checks the username in its own directory for existence, if the username does not exist it ask the user to register itself. If the username matches it redirect the request to company for authentication. (1) Send password for authentication (2) Redirect to access resource (3) Request redirected Now the user sends password for authentication, and after authentication it redirect the request to cloud provider to access resource .If user-name and password doesn’t match then user is not allow to access their account. And also in some case if hacker wants to hack the account of a perticular user then in that case hacker gets only the fake database of the account i.e concept of Honeypot in which certain limit is there to access the account by hitting the user-name and password, if limit become cross then hacker get’s the fake database.