Vol 7, No 11 (2017)

(1)

Research Article

a

November

2017

Computer Science and Software Engineering

ISSN: 2277-128X (Volume-7, Issue-11)

User Confidentiality Protection in Cloud Computing Using

Enhanced Elliptic Curve Cryptography (ECC) Algorithm

Abdu Ahmed Osman*, Abdulfaraj Rahim, Usi Haji Usi

Science Department, Abdulrahman Al Sumait University- Zanzibar, Tanzania

Abstract— a lot of customers are concerned about their weakness to attack if their critical IT resources are beyond the firewall. The tremendously scalable nature of cloud computing allows users to access vast amounts of data and use computing resources distributed across different interfaces. Cloud entities, such as cloud service providers, users and business partners, share the resources available at different levels of technological operations. This paper focuses on user confidentiality protection in cloud computing using enhanced elliptic curve cryptography (ECC) algorithm over Galois Field GF(2m). The Strength of the proposed ECC algorithm depends on the complexity of computing discrete logarithm in a large prime modulus, and the Galois Field allows mathematical operations to mix up data easily and effectively. The methodology used involves encrypting and decrypting data to ensure user confidentiality protection and security in the cloud. Results show that the performance of ECC over Galois Field, in two area of evaluation, was better than the ECC algorithm which is used for comparison purpose.

Keywords— User Confidentiality, Cloud Computing, ECC, Protection, GF (2m)

I. INTRODUCTION

While the cloud computing brings much convenience to people, there still exist security risks and vulnerabilities in using the cloud computing. Many people are slowly realizing the significance by putting their data and applications into the cloud [1]. Cloud computing is defined as the remote access to servers hosted on the Internet to practice some activities, such as storing, managing, and processing data, rather than a local server or a personal computer [2]. There are three essential cloud models [3], public cloud, private cloud and hybrid cloud. In public cloud the infrastructure is available to the general public. It is managed by an off-site third-party provider. In private cloud the infrastructure is operated exclusively for an organization. It may be managed by the organization or a third party. In hybrid cloud the infrastructure includes 2 or more clouds (public or private). Those clouds remain independent entities. In this paper we propose an innovation technique to protect user confidentiality in cloud computing. It is accomplished by use enhanced elliptic curve cryptography (ECC) algorithm over Galois Field GF (2m). The technique has been implemented using Java software; the software helped us to mix up data easily and effectively by applying the Galois Field concepts. The rest of the paper is organized as follows. Brief information about the cloud computing has been clarified. And then the Confidentiality challenges for cloud computing take a reasonable discussion. This paper was prepared according to previous sources. These sources were summarized in the literature review subtitle. Proposed model and algorithm, implementation, the algorithm, discussion, and conclusion and future work were included in the last part of the paper.

A. Cloud Computing and its Advantages and Disadvantages

Cloud computing is a modern concept refers to the on-demand computer resources and systems from remote servers over the internet that can provide a number of integrated computer services, without being restricted to local resources, to facilitate user access [4]. These resources include data storage, backup and self-synchronization, software processing capabilities, scheduling of tasks, e-mail and remote printing. When the user has been connected to the internet can control these resources through a simple software interface that simplifies and ignores many internal details and processes.

(2)

ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 132-138

Cloud computing is just a tool that offers many benefits to its users, at the same time has its disadvantages and problems. Security is the biggest problem facing a cloud user [6], security of confidential personal or business information at risk due to multiple networks in the cloud. Another prevalent disadvantages of cloud computing is its total dependence on the service provider. If the user wants to deal with another provider, it will be difficult to transfer data from the old server to the new one, and many other disadvantages.

II. CONFIDENTIALITY CHALLENGES FOR CLOUD COMPUTING

A. What does user confidentiality means?

Confidentiality means that only the targeted or authorized persons get access to information or data, or it is the state of being secret or of keeping secrets in the cloud systems [7]. Confidentiality can be achieved by some security techniques like encryption, access management and virtualization robustness.

B. Major Problems of User Confidentiality in Cloud

Cloud Security Alliance, a non-profit organization [8] dedicated to advocating best practices to ensure security within cloud computing networks, published a working paper in 2013 on the most common threats to cloud computing, " The Notorious Nine, "which classified them into the following nine categories:

Data Breaches:

Stealing sensitive company data is the worst things corporate managers may face, access to confidential information by competitors may be a disaster for the company's products or even for its future.

Data Loss:

Loss of data, whether due to problems or errors or hacking, relative to the presence of the vulnerabilities in the two sides of the cloud, service provider or user, can lead to a big problem. A lot of important files on the cloud such as private files, company or work files, and client‟s files, losses like these files can lead to financial default or legal liability at the level of individuals or companies.

Account or Service Traffic Hijacking:

There are a number of multiple and effective ways to access data illegally, whether by using scams, fraud, or exploiting the applications and systems vulnerabilities in the user devices. When the hacker gets access to data in any way he can spy, manipulate the sent and received data, forging information ... etc, which may affect the work and reputation of the user.

Insecure Interfaces and APIs:

Users usually control their data on the cloud by connecting to the service / application interface provided by the service provider. These interfaces must be secure against use errors or malicious uses. The user should be careful when using these interfaces to follow the best ways to ensure maximum security; also the service provider must ensure the maximum security and control to protect user‟s data.

Denial of Service:

One of the most common attacks on the Internet is the denial of service attacks. Its idea is to put pressure on the target server with a flood of access requests (orders) which may consume a large amount of its resources, which may lead to a marked slowdown in service or even to stop it altogether. This attack may prevent users from accessing their data for periods that may be long. Delayed access to data may cause many problems such as financial losses.

Malicious Insiders:

The dangers of service providers are real risks to be paid attention, and it include current or former employees, contractors or third parties who have access to the provider's systems or internal networks and are fully aware of the network weaknesses and who may use them in a bad manner that leads to negative effects affecting the service provider and thus the user.

Abuse of Cloud Services:

Cloud computing services provide access to high- capabilities services and devices for small fee. This feature may be used by some people or organizations in a bad way by exploiting those capabilities for malicious actions. For example, a hacker could take many years to break an encryption key using his simple resources, but by using cloud computing capabilities can breaks it in minutes.

Insufficient Due Diligence:

(3)

ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 132-138

Shared Technology Vulnerabilities:

Cloud service providers rely on sharing their network resources among users. Having a loophole or an error in the settings in one account may result in the entire network being compromised.

III. LITERATURE REVIEW

M. Gobi And Kirtik Sundararaj [9] in their article they propose A Secured Cloud Security Using Elliptic Curve Cryptography, in which one decryption key, known as the private key, is kept secret, while another, known as a public key, is freely distributed. Elliptic curve is commonly used nowadays because it uses smaller memory bits compared to RSA.

Ahmed Khalid Salih [10] makes a survey of different challenges in cloud computing, he proposed a cloud security model that is compose of three layers. In the first layer user's identification can be checked through proper authentication techniques. Security in the second layer depends on data identification and encryption. At the last layer cryptography technique is used to secure the transmission of the data.

Seyed Milad Dejamfar and Sara Najafzadeh [11] looked at the authentication techniques in cloud computing such as Biometric authentication, Single sign-on (SSO), Public Key Infrastructure (PKI), Trusted Computing Group (TCG), Multi-factor authentication (MFA), Authentication via username and password, comparing them and identifying their capabilities and limitations

B. Sateesh Kumar, V Uma Rani, Mustafa Saad [12] proposed an open examining for recovering coded information with information progression to guarantee information respectability and accessibility. This proposal has disadvantages like insecurity and high prices.

Puneetha C, M Dakshayini [13] prefer elliptic curve cryptosystems and digital signature due to improved security level provided to the user's data in the Cloud i.e. ECC uses the smaller key sizes that involves less complexity but provides the same level of security as other public-key cryptosystems which uses larger key sizes involving greater complexity.

S. Durga Bhavani, Gudlanarva Sudhakar, Ujjwal Karna [14] issues that arise from „distributed cloud‟ like information honesty and accuracy at the time of information recovery in cloud and so information stockpiling security needs more consideration in zone of information stockpiling security in distributed computing.

Gustavo D. Sutter, Jean-Pierre Deschamps, and José Luis Imaña [15] design of a new high-speed point multiplier for elliptic curve cryptography using either field programmable gate array or application-specified integrated circuit technology , the results used by five National Institute of Standards and Technology recommended curves, outperforming the previous published results

Nikita N Chintawar, Sonali J Gajare, Shruti V Fatak, Sayali S Shinde, Gauri Virkar [16] proposed model to provide more security to authenticated user‟s data and private key in elliptic curve cryptography by partitioning private key into three different parts and this stored on three different storage locations. Due to this approach it becomes for an attacker to infer the original private key. Hence, compared to existing system proposed system provide better security.

Kefa Rabah [17] in their paper titled with: implementation of secure RSA cryptosystems using your cryptographic provider i.e. Java Cryptographic Extension (JCE), they illustrate the use of this implementation in a working prototype; the major setback is that the use of strong crypto algorithm is prohibited in most countries.

Akashdeep Bhardwaj, GVB Subrahmanyam, Vinay Avasthi, Hanumat Sastry [18] comparison of Symmetric and Asymmetric algorithms with emphasis on Symmetric Algorithms for security consideration on which one should be used for Cloud based applications and services that require data and link encryption. AES is found to be good candidate for key encryption and MD5 being faster when encoding.

Akanksha Tomar, Jamvant Singh KumareG [19] they proposed an Elliptical Curve theory that can be used to create speedy, tiny and more efficient cryptography key. It has three protection points: authentication, key generation and encryption of data. data security of cloud in cloud computing by creating digital signature and encryption with elliptical curve cryptography, it provides the same level of security using less key size. Now a days smaller hardware based system is a trend set and hence ECC can be applied for encryption and decryption as it requires smaller key sizes and has lesser computing complexity as compared to other algorithms.

(4)

ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 132-138

IV. PROPOSED MODEL AND ALGORITHM

Elliptic curve cryptography (ECC) plays a critical role in network and communications security. However, the implementation of the ECC faces several challenges. Side channel attacks (SCAs) represents one among the main challenges in the field of ECC. In order to overcome the drawbacks of ECC algorithms, enhanced elliptic curve cryptography (ECC) algorithm over Galois Field have been proposed. The Strength of the proposed ECC algorithm depends on the complexity of computing discrete logarithm in a large prime modulus, and the Galois Field allows mathematical operations to mix up data easily and effectively.

A. Finite Field

Finite field or Galois Field (GF) is proposed by Galois in 1832. Galois Theory provides a connection between field theory and group theory. A finite field is a field that contains a limited number of items. As with any field, a finite field is a set that defines multiplication, addition, subtraction, division, and meeting some basic rules. Finite field can be classified as an additive group under the addition operation also can be classified as multiplicative group under multiplication operation for all nonzero elements, and the generator of this group is a primitive element. For a finite field

𝐹, if m is the smallest integer achieves m𝑎 = 0 for every field element a in the finite field 𝐹, then m is the characteristic of

F.

B. Elliptic Curve over GF (2m)[21]

Assuming that p is a prime number greater than 3, and 𝑎, 𝑏 are coefficients in the field 𝐺𝐹(𝑝), then the elliptic curve E over 𝐺𝐹 (𝑝 ) is defined with equation:

E: 𝑦2_{= 𝑥}3_{+ 𝑎 𝑥}2_{+ 𝑏}

The points on the curve satisfy that both the 𝑥 -coordinate and 𝑦 -coordinate are both elements over 𝐺𝐹(𝑝). P (𝑥1,

𝑦1) and 𝑄 (𝑥2, 𝑦2) are two points on the curve. The group operator point addition follows the following rules. Use a line

to connect point 𝑃 and 𝑄, with a presence of a third point 𝑅 (𝑥3, 𝑦3) which intersects with the curve. The addition result

will be represented by the mirror reflection of 𝑅 about the 𝑥 -axis. We consider the result as infinity if there is no intersection point. The point at infinity 𝑂, defined by 𝑃 + 𝑂 = 𝑂, exists for every elliptic curve. The additive inverse of point P is its reflection across the x -axis. All the points on curve E and the point at infinity forms a group 𝐺 defined by the point addition operator. 𝐺 is an Abelian group sine the group operator addition is commutative.

The following table summarizes the processes of computing point addition and point doubling over elliptic curve and over elliptic curve defined in 𝐺𝐹 (2m) [22]

If 𝑃 and 𝑄 satisfy 𝑥1≠ 𝑥2, to compute point addition.

(5)

ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 132-138

If 𝑃 = 𝑄, over elliptic curve defined in 𝐺𝐹 (2m), to compute point addition

If P ≠ 𝑄, over elliptic curve defined in 𝐺𝐹 (2m), to compute point doubling.

C. Key generation [23]

Step 1: select a random number d, within the range (1 to n-1), where n is Maximum limit (should be a prime number). Step 2: from the elliptic curve determine Q and P points.

Step 3: Use the following equation to generate the public key Q = d * P

Step 4: Q is the public key and d is the private key, Operation * denotes the series of Point doubling and Point adding.

D. Encryption:

Before the encryption process you have to Set the ECC system parameter sets 𝐷 = {𝑝, 𝑎, 𝑏, 𝑃, 𝑛, ℎ} and then compute the Key Pair (𝑄, 𝑑). For encryption follow these steps:

Step 1: sender selects a random number 𝑘∈ [1, 𝑛 − 1] Step 2: Computes 𝑅 = 𝑘𝑃, and 𝑍 = ℎ𝑘𝑄.

Step 3: 𝑋-coordinate of 𝑍 and 𝑅 is converted to (𝑘1, 𝑘2) using a key derivation hash function

Step 4: Message m is encrypted with 𝑘1 using a symmetrical key cipher to get 𝐶 = 𝐸𝑁𝐶 (𝑚)

Step 5: Computes 𝑡 = 𝑀𝐴𝐶 (𝐶) using 𝑘2, where 𝑀𝐴𝐶 is a message authentication code Step 6: Cipher text (𝑅, 𝐶, 𝑡) is sent to receiver

E. Decryption:

Step 1: receiver computes 𝑍 = ℎ𝑑𝑅

Step 2: 𝑋-coordinate of 𝑍 and 𝑅 is converted to (𝑘1, 𝑘2) using a key derivation hash function

Step 3: Compute 𝑡 = 𝑀𝐴𝐶 (𝐶) using 𝑘2, where 𝑀𝐴𝐶 is a message authentication code

Step 4: Message m is decrypted with 𝑘1 using a symmetrical key cipher to get 𝑚 = 𝐷𝐸𝐶 (𝐶)

This scheme works since when receiver generates 𝑍, it follows that,

𝑍 = ℎ𝑑𝑅 = ℎ𝑑 (𝑘𝑃 ) = ℎ𝑘 (𝑑𝑃 ) = ℎ𝑘𝑄

So both the encryption and decryption generate the same key pair (𝑘1, 𝑘2).

V. IMPLEMENTATION

For secure implementation Java has been selected as an implementation language. The ECC parameters are NIST-recommended elliptic curve for 𝐺𝐹 (2233) in [24] as shown in Table below, where 𝑓 (𝑥) is the irreducible polynomial, n is the order, 𝐺𝑥 and 𝐺𝑦 are base point coordinates.

Addition in 𝐺𝐹 (2𝑚_{) has implemented using a bit-wise exclusive-or, subtraction in}_𝐺𝐹₍₂𝑚_{) is the same as}

(6)

ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 132-138 A. The Algorithm

Input: 𝑎 (𝑥), 𝑓 (𝑥) Output: 𝑢 (𝑥) = 𝑎 (𝑥) −1

Step 1: 𝑙𝑒𝑡𝑠 (𝑥) = 𝑓 (𝑥), 𝑣 (𝑥) = 0, 𝑟 (𝑥) = 𝑎 (𝑥), 𝑢 (𝑥) = 1, 𝑑 = 0; Step 2: 𝑓𝑜𝑟𝑖=0 𝑡𝑜 2m 𝑑𝑜

Step 3: 𝑖𝑓𝑟𝑚= 0, 𝑡ℎ𝑒𝑛𝑟 (𝑥) = 𝑥𝑟 (𝑥), 𝑢 (𝑥) = 𝑥𝑢 (𝑥), 𝑑 = 𝑑+1

Step 4: 𝑒𝑙𝑠𝑒𝑖𝑓𝑠𝑚= 1,

Step 5: 𝑡ℎ𝑒𝑛𝑠 (𝑥) = 𝑠 (𝑥) − 𝑣 (𝑥), 𝑣 (𝑥) = 𝑣 (𝑥) − 𝑢 (𝑥) Step 6: 𝑒𝑛𝑑𝑖𝑓

Step 7: 𝑠 (𝑥) = 𝑥𝑠 (𝑥) Step 8: 𝑖𝑓𝑑 = 0,

Step 9: 𝑡ℎ𝑒𝑛𝑟 (𝑥) = 𝑠 (𝑥), 𝑠 (𝑥) = 𝑟 (𝑥) Step 10: 𝑢 (𝑥) = 𝑥𝑣 (𝑥), 𝑣 (𝑥) = 𝑢 (𝑥) Step 11: 𝑑 = 1

Step 12: 𝑒𝑙𝑠𝑒𝑢 (𝑥) = (𝑢 (𝑥)) /𝑥, 𝑑= 𝑑−1 Step 13: 𝑒𝑛𝑑𝑖𝑓

Step 14: 𝑒𝑛𝑑𝑖𝑓 Step 15: 𝑒𝑛𝑑𝑓𝑜𝑟

B. Results

Addition Z = X + Y. Z = 7760966146693106881630710328677455222807224655 64271335459. Subtraction Z = X - Y. Z = 4279959500820666253533559283073067015526754877 09498034177. Multiplication Z=X. Y. Z = 4639807044776303443638933838541143505414608 422678862314472.

Arithmetic Operations ECC (ms/100000times) ECC over 𝐺𝐹 (2𝑚_{) (ms/100000times)}

Addition 35 16

Subtraction 67 16

Multiplication 163 2812

C. Discussion

The performances of addition and subtraction operations of ECC over 𝐺𝐹 (2𝑚_{) are more efficient than ECC. The}

performance of multiplication of ECC is more efficient than ECC over 𝐺𝐹 (2𝑚_{). Therefore, a java language is more}

efficient for the software implementation of finite field arithmetic operations in ECC over 𝐺𝐹 (2𝑚_).

VI. CONCLUSION AND FUTURE WORK

This research paper emphasizes on the security of private cloud users‟ information confidentiality protection using enhanced elliptic curve cryptography (ECC) algorithm over Galois Field 𝐺𝐹 (2𝑚_{). The Galois Field allows}

mathematical operations to mix up data easily and effectively. The Strength of the proposed ECC algorithm depends on the complexity of computing discrete logarithm in a large prime modulus. Results show that the performance of ECC over Galois Field, in two area of evaluation, was better than the ECC algorithm. Future research should investigate the hardware that can factor ECC over Galois Field bits with shorter time, hence, increasing cloud security due to the use of larger bits.

REFERENCES

[1] Te-Shun Chou, Security Threats On Cloud Computing Vulnerabilities, International Journal of Computer Science & Information Technology (IJCSIT) Vol 5, No 3, June 2013.

[2] Standards Customer Council, Security for Cloud Computing: Ten Steps to Ensure Success, Version 2.0, 2015. [3] Sumit Khurana, et al, Comparison of Cloud Computing Service Models: SaaS, PaaS, IaaS, IJECT Vol. 4, Issue

Spl - 3, April - June 2013.

[4] Rajkumar Buyya, et al, Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility, Future Generation Computer Systems Volume 25, Issue 6, June 2009, Pages 599-616.

(7)

ISSN(E): 2277-128X, ISSN(P): 2277-6451, pp. 132-138

[6] G.Praveen Kumar, et al, A Survey on Security and Privacy Issues In Cloud Computing, International Journal of Innovative Research in Computer and Communication Engineering, Vol. 5, Issue 7, July 2017.

[7] Almokhtar Ait El Mrabti, et al, New mechanism for Cloud Computing Storage Security, (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 7, No. 7, 2016.

[8] CLOUD SECURITY ALLIANCE, The Notorious Nine: Cloud Computing Top Threats in 2013.

[9] M.Gobi, Karthik Sundararaj, A Secured Cloud Security Using Elliptic Curve Cryptography, Int. Jnl. Of Advanced Networking and Applications (IJANA), 27th March 2015.

[10] Ahmed Khalid Salih, A survey of Cloud Computing Security challenges and solutions, International Journal of Computer Science and Information Security (IJCSIS), Vol. 14, No. 1, January 2016

[11] Seyed Milad Dejamfar, Sara Najafzadeh, Authentication Techniques in Cloud Computing: A Review, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 7, Issue 1, January 2017

[12] Dr. B. Sateesh Kumar, V Uma Rani, Mustafa Saad, Comparison of Methods of Storing and Protecting Information in the Cloud, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 7, Issue 1, January 2017

[13] Puneetha C, Dr. M Dakshayini, Data Security in Cloud Using Elliptic Curve Cryptography, Vol. 2, Issue 5, May 2014

[14] Dr. S Durga Bhavani, Gudlanarva Sudhakar, Ujjwal Karna, Data Storage Security in Cloud Computing: A Survey, International Journal of Advanced Research in Computer Science and Software Engineering, Volume 7, Issue 1, January 2017

[15] Gustavo D. Sutter, et al, Efficient Elliptic Curve Point Multiplication Using Digit-Serial Binary Field Operations, IEEE Transactions On Industrial Electronics, Vol. 60, No. 1, January2013

[16] ] Ms. Nikita N Chintawar, et al, Enhancing Cloud Data Security Using Elliptical Curve Cryptography, International Journal of Advanced Research in Computer and Communication Engineering Vol. 5, Issue 3, March 2016

[17] Kefa Rabah, 2006. Implementing Secure RSA Cryptosystems Using Your Own Cryptographic JCE Provider. Journal of Applied Sciences, 6: 482-510.

[18] ] Akashdeep Bhardwaj, et al, Security Algorithms for Cloud Computing, Procedia Computer Science 85 ( 2016 ) 535 – 542 ScienceDirect

[19] Akanksha Tomar, et al, survey on cloud security by data encryption using elliptic curve cryptography, international journal of engineering sciences & research Technology

[20] AL-Museelem Waleed, Li Chunlin, User Privacy and Security in Cloud Computing, International Journal of Security and Its Applications Vol. 10, No. 2 (2016), pp.341-352

[21] V.S. Miller, “Use of Elliptic Curves in Cryptography,” Advances in Cryptology Proc. (CRYPTO‟85), Springer-Verlag, LNCS 218, pp. 417-426, 1985.

[22] Chen, Che, "FPGA IMPLEMENTATION FOR ELLIPTIC CURVE CRYPTOGRAPHY OVER BINARY EXTENSION FIELD" (2017). Electronic Theses and Dissertations. 7243.

[23] Abdu Ahmed Osman, “Enhancing Data Encryption using Elliptic Curve Cryptography (ECC) Algorithm in 4G Networks” International Journal of Advanced Research in Computer Science and Software Engineering 7(3), March- 2017, pp. 30-37.