3728
Fully Homomorphic Encryption (FHE): A
Framework For Enhancing Cloud Storage
Security With AES
Rudragoud Patil, R. H. Goudar
Abstract: Cloud computing is an environment where a huge amount of data and programs can be stored, which are accessed through the internet on-demand. With this rapid evolvement, there are more concerns with respect to cloud technology, data security and there is a necessary requirement to enhance security algorithms that are used in the process. Homomorphic Encryption is the encryption algorithm that works on ciphertext data to provide data confidentiality. But performing the Homomorphic encryption (computations on encrypted cloud data) on a single node or in the sequential process took the more processing time and memory than the performing the same operations on the plain text (unencrypted data). Parallel processing enables us to perform operations on multiple nodes it will take lesser time to complete the applied operation than the sequential process. In this work, we also show another work on the Data partitioning method is used to improve the security of client data on the cloud. Client data will be divided into multiple parts of chunks with equal size and store on a different server. In this paper, Fully Homomorphic Encryption (FHE) framework using an Advanced Encryption Standard (AES) is implemented. It will perform various operations on ciphertext information. The implemented solution also solves the issue of noise which is coming out because of the usage of FHE on the huge cipher text.
Index Terms: cloud storage, data confidentiality, data privacy and security, data partitioning, fully homomorphic encryption, gentry’s encryption algorithm.
—————————— ——————————
1
INTRODUCTION
Cloud computing technology hosts the different types of services like software, hardware, networking capabilities, etc. and provides these cloud services to the users, clients, organizations, public and etc., on-demand in as pay-as-you-go method. In cloud computing security and privacy is a major concern. Commonly data encryption techniques are used by clients to secure the data on the cloud. Encryption techniques effectively secure the client data on the public environment called cloud computing. The client can use encryption algorithms on plaintext for security purposes before outsourcing data on the cloud, and the client can use the decryption method to get his own data from the cloud storage. Generally, if the client wants to apply some computational operations on his personal data stored on cloud storage. First, he should retrieve the data by decrypting the cipher text (i.e., converting cipher text into plain text) from the cloud. After decryption, he can apply the computing operations on that data, after applying the operations client can again encrypt the result and store it on the cloud. This decrypting the data and applying operations, again encrypting the result is an overhead procedure. So this long procedure is reduced by using the Homomorphic encryption method.
1.1 Homomorphic Encryption
The Homomorphic encryption method provides an ability to apply addition, multiplication and other operations on the cipher text data.
That means performing the operations on the data (ciphertext) that is encrypted and stored on the cloud without decrypting it (without converting the ciphertext into plain text). The result produced by the Homomorphic encryption is the same as the result produced by performing the same operations on unencrypted (plain text) data.
Fig.1.Working of Homomorphic Encryption
Homomorphic Encryption techniques are classified into three categories those are: Partially Homomorphic Encryption (PHE), Somewhat Homomorphic Encryption (SHE) and Fully Homomorphic Encryption (FHE) schemes. PHE scheme is the only method that allows performing any one operation at a time on encrypted data. SHE scheme allows us to perform more than one operation on cipher text data but still, there is a restriction on the number of multiplication and addition operations on encrypted data. FHE scheme it supports to perform any number of arithmetic operations and can also compute any functions.
1.2 Data Partitioning And Encryption Technique
In the multi-cloud system, cloud storage is used for storing the user’s huge volume of data. User’s huge data can be stored on cloud storage and also users can share and download the data. As we know two major concerns like security and privacy cloud storage. There are many techniques that exist to provide security for user data in the cloud. Sometimes user’s data may lose on cloud storage. Here we present the data partitioning method to enhance the security and privacy of user’s data. In this method, the data is first partitioned into multiple parts based on size (with equal size of chunks), after partitioning the ______________________________
• Rudragoud Patil, Research Scholar, VTU RRC, Department of CSE, KLS GIT, Visvesvaraya Technological University, Belagavi, India. E-mail: [email protected]
3729 user’s data (text file) to store them on the different cloud
servers and also generates a key to store and retrieve the user's data. This method gives more security to the user’s data. If attackers get anyone chunk of the file, it’s impossible to get whole file data because the other chunks of data are stored on different servers. Fig.2 shows the architecture diagram of data partitioning and storing them on different cloud servers. This paper is organized as follows in Section 2. Objective of the work. In Section 3 related literature work is presented. Section 4 gives detail design and implementation of proposed scheme. Section 5 outlines results and analysis of the proposed work. Finally conclusion is presented in Section 6.
Fig. 2. Data Partition architecture diagram.
2
OBJECTIVE
In cloud computing environment Fully Homomorphic encryption enables users to perform the operation on encrypted cloud data. This fully Homomorphic encryption provides data confidentiality and data privacy for client data that is stored on cloud storage. FHE takes more processing time and memory to process the applied operations on encrypted cloud data than a similar operation on the unencrypted data. By taking parallel processing on encrypted cloud data it will reduce the processing time in cloud computing. This work presents secure parallel processing on encrypted cloud data using FHE. This work is done by using Gentry’s Homomorphic encryption algorithm using the AES algorithm. Here processing time is measured by the time taken to execute the applied operations in parallel (on multiple nodes) and time taken to transfer the data. The main disadvantage of cloud storage is security. Clients store their important personal large volumes of data on other third-party cloud service providers, but this stored data is not completely safe because many data attackers or hackers try to read this stored data. So here another goal is to build an application to improving cloud storage security using data partition and encryption method.
3
RELATED
WORK
This section provides an ample review that is related to data fragmentation and also on secure parallel processing on encrypted cloud data using Homomorphic encryption. In paper [1] shows a fully Homomorphic encryption scheme enables to operate addition, multiplication and also other operations on cipher text data and also presents a work processing the data on multiple nodes by parallel processing the encrypted data using fully Homomorphic encryption. In this work, they used the gentry’s algorithm to perform FHE. The parallel processing will decrease the time taken to perform the applied operations on encrypted data in a cloud environment. The fully
3730 [7] this paper they explained the different types of security
vulnerabilities on different types of cloud platforms. With the knowledge of these types of security vulnerabilities, security developers can design and develop a secured cloud platform. And also they investigate the various possible security attacks on cloud platforms. In [8] this work they used the semi-Homomorphic encryption. Here they considered the encrypted sensor measurements in the networked control systems. Paillier encryption algorithm [9] is used in this work to allow performing summation operation on encrypted data. Paillier encryption algorithm is partial Homomorphic encryption, this assumes that sensors use the Paillier algorithm for encryption and the controller performs whatever the required computations on the encrypted data. In [10] authors had presented the implementation of Fully Homomorphic encryption using AES algorithm and performed both addition and multiplication operations. They also compared different FHE schemes by calculating times of Keygen, Encryption, Decryption, and Evaluation and also solved noise problem which will arise by using FHE on large cipher text. In [11] authors had given solutions to provide confidentiality to user data on the cloud by performing fragmentation after encryption of the file. Various fragmentation techniques [12] are applied to user data before outsourcing to the cloud and found random fragmentation is better than other solutions.
4
DESIGN
AND
IMPLEMENTATION
4.1 Architecture of Parallel Homomorphic Encryption The basic working principle of the proposed system is shown in Fig. 3. The architecture comprises three entities: Client, Computation Dispatcher, and Computation Servers. Each entity is briefly described below.
Client: The client is one who wants to encrypt the file, upload on a different cloud server and apply the operations on encrypted data.
Computing Dispatcher: It provides services to store and manage client data. Computing dispatcher receives data from the client, divide the data and store on different computation server. Here it takes parallel processing of encrypted data.
Computation Servers: Each computation servers perform the applied operations on the client’s encrypted data in parallel and return the result back to the computation dispatcher.
Fig. 3. Architecture of secure parallel processing.
Gentry’s algorithm is used in this work. In this encryption scheme, Gentry’s method uses the bootstrapping procedure to reduce noise in the process of fully-Homomorphic encryption. Gentry’s encryption scheme shows that it will take a few seconds to perform two 8-bit integers’ subtraction, addition, and comparison arithmetic operations. And this algorithm also shows, it took a few minutes to perform multiplication operation on two 8-bit integers and for division operation it took hours. Parallel processing processes the operations encrypted cloud data on multiple nodes using a fully-Homomorphic encryption scheme, it reduces the processing time. ―Ryan Hayward, Chia-Chu Chiang [1]‖ (2013a, 2013b) presents the work on parallel processing of fully-Homomorphic encryption in private cloud using Open Stack. Here we are using java programming language and stand-alone function. A client-Server model is shown in below diagram Fig. 4. It shows the parallel processing of fully-Homomorphic encryption. Here shows that the client inputs the set of data (in the form of integers) and those integers are encrypted and split into multiple parts (for integers it will split into pair wise). After splitting input data, it is stored on multiple servers. Each computation server performs the applied operations.
Fig. 4. Client-Server Model.
4.2 Data Partitioning To Improve the Security of Cloud Storage
3731 size of multiple chunks to store on different cloud servers. And
it also gives easy access to an authorized user when that data needs.
Fig. 5. Block diagram of the data partition method.
4.3 Proposed Homomorphic Encryption Scheme with AES Algorithm
1. Keygen: The key generated by using this function used for encryption/decryption operations. In our scheme, we have used symmetric encryption algorithm AES. Keygen() takes security parameter k and returns a secret key K and evaluation key eK
(K,eK) ← Keygen (k) where K is a secret key.
2. Encryption: In this scheme, we encrypt the all the file documents M= (M1, M2, - - - -, Mn)
(C) ← EncK (M)
wherein AES encryption, by taking secret key K and document text M and gives cipher text C.
3. Evaluation: It applies a function to cipher text. In symmetric system, k = eK.
(Cʹ) ← Evalek (F, C)
where function f is an arithmetic circuit or Boolean circuit and Cʹ is a final cipher text.
4. Decrypt: In decryption takes the encrypted file Cʹ and secret key K and produces the plain text file M.
(M) ← DecK (Cʹ)
4.4 Implementation Modules
1. Files Split:
Here the first client can input the data by browsing the file, which is available in the client system. And also generates the public key. Secret Splitting is done in this process, where secret information between the two or more individuals. The inputted data will be split and stored on different servers; it yields more security to the client data. All the individuals should be agreed and shared secrete data to merge the individual parts to get the original data. Fig.4. shows the splitting data and stored on different servers.
2. Storing to the cloud:
After partitioning the client, each part is stored on different servers. Each server on the cloud contains a part of a file.
3. Homomorphic Technology:
The Homomorphic encryption method enables to process of the operations on the encrypted cloud data. After processing the operation, then decrypted result will be the same as the result produced by the applying same operation on the plain text data (unencrypted data).
4. Retrieving the file:
To retrieve the file from different servers, the authorized client should send a particular file name and public key to be fetched from the different servers. Then servers received the file name from the authorized client and match the file name with the files that are available in the storage of servers. And then matched file content and will send it to the client.
5. Integers based:
Here, the first client can input the eight integers (8-bit). And those integers are split and store on different servers. Each computation server performs the applied operation on the stored data. Here shows an example of an addition operation on encrypted cloud data and fig. 6 shows the process of this operation. First client inputs the 8-bit eight integers and the addition of these integers was taken by dividing the 8-integers into 4-pairs and addition of each pair on different nodes. Then resulting will be 4-integers, again these 4-integers are splitting into 2-pairs and finding the sum of each pair. And so on. This addition operation on multiple nodes shows the parallel processing on different servers. This parallel processing operation decreases the processing time. The vector product is done by first applying the pair wise product, and then resulting integers are summed. In this process directed graph is created to perform the operations and each child node depends on the output of the parent node.
Fig.6. Addition Operation on multiple nodes.
4.5 Flowchart of system
3732
5
RESULTS
AND
DISCUSSION
In this section, we present our implementation of the FHE scheme on the Intel Core i5 machine, 2.86 GHz with 8GB RAM, Windows OS. We calculated Keygen, Encryption, and Decryption, Evaluation time in milliseconds by taking various file sizes like 10MB, 20MB, 30MB, and 40MB. The following Fig.8 and Fig.9 show details of all the times. In Table 1. All the computed values which are carried out are tabulated.
Fig.8. Times in ms (Key, Enc, Dec, Eval)
File Size/Time in ms
10MB 20MB 30MB 40MB
Keygen 40.27 92.56 125.13 163.14
Encryption 250.18 508.14 1009.78 1510.47
Decryption 135.15 275.34 302.56 434.34
Evaluation 600.21 1185.46 1823.63 2419.94
Table 1: Result analysis
6
CONCLUSION
Cloud computing is used to store up and process the huge data and programs of cloud users. Homomorphic encryption provides data privacy and data confidentiality. Fully-Homomorphic encryption supports to execute various types of operations on encrypted cloud data. This work presents secure parallel processing on encrypted cloud data using FHE. Parallel processing means performs the operations on multiple nodes. This parallel processing produces better performance than computing the same operations in a sequential process. The final result shows the improvement in the processing time means parallel processing of FHE decreases the processing time of performing an operation on the encrypted cloud data. The data partitioning method provides more security to the client data on the cloud. This process generates public key; it is used to store and retrieve the data from cloud storage. Client data is dividing into multiple chunks with equal size of chunks. And each part is stored on different servers. While retrieving the data from the cloud, an authorized user should enter the public key. This method shows the data confidentiality.
7
REFERENCES
[1]. Ryan Hayward, Chia-Chu Chiang , ―Parallelizing fully homomorphic encryption for cloud environment‖, ScienceDirect 2015 Journal of Applied Research and Technology 13 (2015) 245-252.
[2]. Samjot Kaur, Vikas Wasson, ―Enhancement in Homomorphic Encryption Scheme for Cloud Data Security‖, IEEE 2015 9th International Conference. [3]. Mbarek Marwan, *Ali Kartit and Hassan Ouahmane,
―Applying Homomorphic Encryption For Securing Cloud Database‖, 2016 IEEE.
[4]. Yasmina BENSITEL , Rahal ROMADI, ―Secure data storage in the cloud with homomorphic encryption‖, 2016 IEEE.
[5]. Mr. Manish M Potey, Dr C A Dhote , Mr Deepak H Sharma,―Homomorphic Encryption for Security of Cloud Data‖, ScienceDirect 7th International Conference on Communication, Computing and Virtualization 2016.
[6]. Monique Ogburn , Claude Turner, Pushkar Dahal, ―Homomorphic Encryption‖, ScienceDirect.
3733 Information Security & Privacy (ICISP2015), 11-12
December 2015, Nagpur, INDIA.
[8]. Farhad Farokhi, Iman Shames, Nathan Batterham, ― Secure and Private Cloud-Based Control Using Semi-Homomorphic Encryption‖, ScienceDirect IFAC-PapersOnLine 49-22 (2016) 163–168.
[9]. A.R.Zade, Shaikh Umar, Potghan Rahul, Rale Sagar and Borade Sagar, ―Improving Cloud Data Storage Using Data Partition and Recovery‖ , International Journal Of Engineering And computer Science ISSN:2319-7242 Volume 4 Issue 1 January 2015. [10]. Alkady Y., Farouk F., Rizk R. (2019) Fully
Homomorphic Encryption with AES in Cloud Computing Security. In: Hassanien A., Tolba M., Shaalan K., Azar A. (eds) Proceedings of the International Conference on Advanced Intelligent Systems and Informatics 2018. AISI 2018. Advances in Intelligent Systems and Computing, vol 845. Springer, Cham.
[11]. Alsirhani A., Bodorik P., Sampalli S. (2018) Data Fragmentation Scheme: Improving Database Security in Cloud Computing. In: Alja’am J., El Saddik A., Sadka A. (eds) Recent Trends in Computer Applications. Springer, Cham
