ISSN No: 2309-4893 International Journal of Advanced Engineering and Global Technology Vol-2, Issue-1, January 2014 OTFP: Avoiding Attacks and Providing Security in Private Cloud Services NANGUNURI RAGHU DAITHALA SREEDHAR Assistant Professor Associate Professor Computer Science & Engineering Department Computer Science & Engineering Department Kamala Institute of Technology & Science VidyaBharathi Institute of Technology Singapur, Huzurabad, Karimnagar, A.P – India Pembarthi, Jangaon, Warangal, A.P - India Abstract-Cloud computing provides wide range of services for business. Small and medium businesses are depending on out sourcing of data services and computation on cloud. The cloud provides a very high efficient service for the business organizations. These business organizations trust cloud service providers on their data security. But providing security is highly risk in cloud, especially in private cloud services. Existing data security methods are not so effective. They are failed in preventing theft attacks. We propose a new approach for securing the data from cloud. OTFP – “One Time File Password”is a service that protects unauthorized file downloading form the cloud. I.INTRODUCTION Businesses, especially startups, small and medium businesses (SMBs), are opting for outsourcing data and computation to the Cloud for their data storage. This provides operational efficiency, but comes with greater risks, perhaps the most serious of which are data theft attacks. Fig1: Cloud Computing The threat of a malicious insider [1] is well- known to most organizations. This threat is amplified for consumers of cloud services by the convergence of IT services and customers under a single management domain, combined with a general lack of transparency into provider process and procedure. For example, a provider may not reveal how it grants employees access to physical and virtual assets, how it monitors these employees, or how it analyzes and reports on policy compliance. To complicate matters, there is often little or no visibility into the hiring standards and practices for cloud employees. This kind of situation clearly creates an attractive opportunity for an adversary ranging from the hobbyist hacker, to organized crime, to corporate espionage, or even nation-state sponsored intrusion. The level of access granted could enable such an adversary to harvest confidential data or gain complete control over the cloud services with little or no risk of detection. The Twitter incident is one example of a data theft attack from the Cloud. Several Twitter corporate and personal documents were ex-filtrated to technological website TechCrunch [2], [3], and customers’ accounts, including the account of U.S. President Barack Obama, were illegally accessed [4], [5]. The attacker used a Twitter administrator’s password to gain access to Twitter’s corporate documents, 351 WWW.IJAEGT.COM