• No results found

The Cryptography Based Security Algorithm For Protecting Sensitive Information In Cloud Environment

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "The Cryptography Based Security Algorithm For Protecting Sensitive Information In Cloud Environment"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

2281

The Cryptography Based Security Algorithm For

Protecting Sensitive Information in Cloud

Environment

Smita Sharma, R.P. Singh

ABSTRACT

: Data security has congruently been a significant issue in information technology. In the cloud computing , it becomes

especially imporantt because the data is stored in different places around the globe. Data security and privacy protection are the two important factors of user’s interest about the cloud technology. Although many algorithms have been designed in different areas of cloud computing in various fields , data security and privacy protection are of great significance for the future advancement of cloud computing technology in government sectors, companies, and business areas. Data security and privacy protection issues are important to the concern of both hardware and software in the cloud architecture. This algorithm protects sensitive information over the cloud through encryption and decryption techniques. The performance evaluation shows that this algorithm can be used for enhancing data security.

Keywords: AES , Asymmetric , Cloud Security , Cryptography , Data Security , Hybrid algorithm , Symmetric.

——————————  ——————————

1 I

NTRODUCTION

According to National Institute of Standards and Technology (NIST), “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapid provisioned and released with minimal management effort and or service provider interaction” *1+.Cloud computing technology aspect various challenges that cannot be handled precisely by traditional solutions. A appropriate solution should be prepared to the particular aspect of this new computing paradigm. Cloud computing has been anticipated as the next generation criterion in computation. In the cloud computing conditions, both applications and resources are provided on demand over the Internet as services. Cloud is an environment of the hardware and software resources in the data centers that provide diverse services over the network or the internet to satisfy user’s requirements [1].Cloud computing enables to access the data from anywhere using Internet. Thus security and privacy of data is one of the major issue in cloud computing. Due to centralization of data, the data on the cloud server is more prone to risk and attacks. Security of data is also affected due to multitenant environment. Thus, the uses of services from third party and at the same time providing security to that data is biggest challenge in cloud computing. As far as security is a concern, cryptography is one way to protect our data before outsourcing.

————————————————

Smita Sharma is currently pursuing PHd in CSE in SSSUTMS,Sehore

India, E-mail: [email protected]

R.P.Singh is currently Vice Chancellor in SSSUTMS,Sehore,India.

Cryptography is process which convert original data into encrypted form using different cryptographic algorithm. Many symmetric and asymmetric cryptographic techniques are available like Creaser cipher, hill cipher, playfair cipher, DES,AES, and RSA. Etc. Hybrid cryptographic techniques (combination of symmetric and asymmetric encryption algorithm) increase more data security as compare to basic cryptographic algorithm. In this paper we have proposed improvised cryptographic technique. The basic idea behind this technique is improving efficiency of the existing algorithm. The Cloud Model is composed of five essential characteristics, three Service Models, and four Deployment Models.

1.2. Essential Characteristics of Cloud Computing:- a) On-demand self-service- It enables the user to unilaterally provision computing capabilities as server time and network storage [18]. This is possible without the need for human interaction with each service provider. Computing resources are instantaneously made provided to the users as per their demands.

b) Broad network access: It refers to the situation where the computing capabilities are available to users over the network. Users can acquire cloud resources through standard methods that facilitate them to use different platforms.

c) Resource pooling: Service providers pool together computing resources so as to satisfy computing needs of multiple users via different physical and virtual resources. The pooled resources (such as servers, storage devices, etc.) are shared across many users.

(2)

2282

are provisioned to consumers are (from the user’s point of view) unlimited and can be purchased in any quantity at any time.

e)Measured service:: This service automatically controls and optimizes resource use. It is done at some level of abstraction appropriate to the type of CC service [18]. This unique feature facilitate observing, regulating and recording of resource management and thus allowing legitimate service purchases.

1.3 Service Models of Cloud Computing

a)Software-as-a-Service (SaaS) - The service provider in this context provides capability to use one or more applications running on a cloud infrastructure.SaaS refers to providing on demand applications over the Internet. Examples of SaaS providers include Salesforce.com

b)Platform-as-a-Service (PaaS) - PaaS specifies to granting platform layer resources, including operating system support and software development structuress. Examples of PaaS providers include Google App Engine

c)Infrastructure-as-a-Service (IaaS) - IaaS provides the service focusing on the utilization of all computing infrastructure, including CPU, memory, storage, network and other basic computing resources that can be deployed and run by users such as operating system and applications. Examples of IaaS providers include Amazon EC2

1.4 Deployment Models of Cloud Computing :

a)Public cloud:A private cloud is built for a single client or organization, which can effectively control data, security and quality of service. Private cloud can be set-up and maintained by a company or a cloud service provider. b)Public cloud: This type of infrastructure is made available to large industrial groups or public. These are maintained and owned by organization selling cloud services [2]. c)Hybrid cloud: With in this deployment model there can be two or more clouds like private, public or a community. These constituting clouds (combinations

of clouds used, such as `private and public , public and community', etc.) remain different but yet bound together by standardized or preparatory technology that enables application and data portability [2].

d)Community cloud: This type of cloud infrastructure is shared by several organizations and supports a specific community with shared concerns. This can be managed by an organization or third party and can be deployed off or in the organizational premise [2].

1.5 Benefits of cloud computing

Some common benefits of CC are [3][4][5]:

a)Reduced Cost: Since cloud technology is implemented incrementally (step-by-step), it saves organizations total expenditure.

b)Increased Storage: When compared to private computer systems, huge amounts of data can be stored than usual. c)Flexibility: Compared to traditional computing methods, cloud computing allows an entire organizational segment or portion of it to be outsourced.

d)Greater mobility: Accessing information, whenever and wherever needed unlike traditional systems (storing data in personal computers and accessing only when near it). e)Shift of IT focus: Organizations can target on innovation (i.e., implementing new products strategies in organization) rather than concerned about maintenance issues such as software updates or computing related issues.

2 CRYPTOGRAPHY

Cryptography is usually specified as “the study of secrets”. It is a technique of converting data into unreadable form during storage and transmission. The unreadable data is known as cipher text while original form is known as plain text. Encryption is the procedure of conversion plain text to cipher text. Decryption is the process of conversion of cipher text to plain text [9].

2.1 Cryptography [9] principles

Cryptography can be precisely used to assures various security properties. There are five main principles of cryptography.

a)Authentication :Authentication means to provide one’s identify. E.g. Username and password. Before sending and receiving the data, sender and receiver should be identified. b)Confidentiality:It means that data is understandable to the receiver only, for intruders it would be waste. It helps in preventing the intruder disclosure of sensitive information. Ensuring that no one can access the information except the intended receiver.

c) Integrity:Integrity means that the originality of the data should be maintained after receiving information on receiver side. It helps in preventing the modification from unauthorized user.

d) Non- Repudiation: It is a mechanism to assure that the sender actually sent this message means that neither the sender nor the receiver can maliciously deny that they have sent a certain message.

e) Service Reliability and Availability :Availability refers to assurance that user has access to information anytime and from any network. Such systems provide a way to grant their users the quality of services they are granted.

2.2 Types of cryptography [9]:

Cryptography is divided into three main categories which are as follows :

a)Symmetric Key Algorithm:In symmetric key cryptosystem, single and same key is used for encryption and decryption.

(3)

2283

DES is a block encryption algorithm.It was the first encryption standard published by NIST (National Institute of Standards and technology).It uses one 64-bit key.In which 56 bits are independent key, 8 bits are used for error detection.The main operation is bit permutation and substitution in one round of DES.DES is an insecure block cipher key.

 3DES:Triple Data Encryption Standard [6]

3DES is an enhancement of Data Encryption Standard.It uses 64 bit block size with 192 bits of key size.The encryption method is similar to the one in the original DES but enforced 3 times to raise the level of encryption and the average safe time. 3DES is however is not faster as other block cipher methods [6]

 AES: Advanced Encryption Standard

AES is also known as the Rijndael algorithm is a symmetric block cipher.It can encrypt data blocks of 128- bits using symmetric keys 128, 192, 256.It encrypts the data blocks of 128 bits in 10, 12 14 round depending upon the key size. AES encryption is faster and extensible .It can be implemented on different platforms particularly in small devices.Brute force attack is the only powerful attack known against it.

 BLOWFISH:

Blowfish was designed in 1993 by Bruce Schneider. Blowfish has a 64- bit block size and variable key length from 32-bits to 448 bits.Blowfish has variants of 14 rounds or less. Blowfish is a very secure cipher. It structure is simple and its implementation is also easy.

b)Asymmetric Key Algorithm

In asymmetric, two different keys are used for encryption and decryption. Various asymmetric key algorithms are as follows :

RSA: Rivest, Shamir and Adleman

It is the most common public Key algorithm and asymmetric block cipher.It is capable to support public key encryption and digital signature.Large integers are used in this algorithm like 1,024 bits in size.It has only one round of encryption.

c) Hashing :

The primary application of hash function in cryptography is message integrity.It includes the following algorithm:

MD5: Message Digest 5

It is developed by Cryptographer Ronald Rivest in 1991.It takes an input of arbitrary length and produces a message digest i.e. 128 bits long.

3 PROBLEM DEFINATION

The requirement for adequate network security is increasing rapidly day by day. In the present scenario where a user needs to be connected anyhow, anywhere, anytime, there is need of algorithm with the increased time adaptability of encryption and decryption and evaluate the concrete complexity of reductions among them, thus

providing both upper and lower bounds, and achieving tight relations. In this study they classify notions as stronger or weaker in terms of specific security.

An algorithm designed [8] is based on frame set, a symmetry key block cipher algorithm for encrypting plain text into cipher text or vice versa. It is extremely efficient and a sufficiently strong cryptographic algorithm that provides a superior level of security. The proposed algorithm is a simple, straightforward but intrinsically strong and compact approach to cryptography using the essence of genetic operations. The proposed model from [7], consists of three different security scanners with different choices depending on their requests from interested parties for use in the cloud computing.The researchers began to carry out a thorough analysis of security in the cloud computing modules and then they were focused on the basic requirements to secure a system’s cloud protection [7]. Also, different monitoring offered by the VMs in cooperation with the components of the infrastructure is proposed against the various attacks [10]. In [1] Belguith proposed a new lightweight cryptographic algorithm which is combination of AES as public key algorithm to encrypt data and RSA as public private key algorithm to distribute keys. This combination helps to gain advantage from the effective security of asymmetric encryption and the fast performance of symmetric encryption. Rahmani et al. [15], they implemented new technique Encryption as a Service (EaaS) as a solution based on XaaS concept for cryptography in cloud computing. The security risks and the inefficiency of cloud provider’s encryption and of client-side encryption can be prevented by this solution respectively. Cunsolo et al. in 2009 [11] came up with mechanism that protected data in distributed systems .In this paper author implement the techniques using symmetric and asymmetric algorithm. The limitation of this technique is that, the concept of sharing resources is contradicted because data access was done by owner only in the cloud environment.

4 PROPOSED

TECHNIQUE FOR EFFICIENT

SECURITY

4.1 Proposed Key Generation:

(4)

2284

which will use in proposed algorithm. Simple mathematical concept are used to produce efficient key[13].

4.2 Proposed Encryption Algorithm:

Basic idea of proposed algorithm is that 128 bits plain text is arranged in the form of matrix. After arranging data matrix operations such as transpose, column mixing and row mixing[2,4] are performed. Key values are taken and again matrix operation is performed. Different key values are used at different level to produce secure cipher text. At fig 4.1 , flowchart provides the detailed description of proposed algorithm.

T(128)

ELSE EXIT

Fig. 4.1 Block diagram of proposed key generation

4.3Step Description Of Proposed Key:-

a)Take variable value of 128 bit or 16 Byte b)Perform bit – level encryption

c)Convert data to Binary form d)Divide bits of the block size 2 – bits e)Uniquely identify Distinct blocks

f)Replace each distinct block with a set of character g)Now data will become of 64 Byte

h)Construct a matrix of used characters i)Again divide in 2-character distinct block

j)The resultant data will become of 32-byte or 256-bits(binary form)

k)Initialize Round =1 and Divide data in 2 parts of 128-bit length as A and B

l)Now while (Round <= 16 ) Then

i. R mod 2 =1 ii. Perform -Ar = Ar-1 ⊕ T

-be T then it will be Ar-2

-Br = Br-1⊕ Ar

-Swap (Ar, Br)

-Ar left circular shift Br time

-Br left circular shift Ar time

-Br will give sub key as S1,S3,S5,S7,S9,S11,S13,S15

iii.R++

iv.R mod 2 = 0 v.Perform -Br = Br-1⊕ B

-Ar = Ar-1 ⊕ Br

- Swap (Ar , Br)

-Br left circular shift Ar time

-Ar left circular shift Br time

-Ar will give sub key as S2,S4,S6,S8,S10,S12,S14,S16

m)R++

4.4 Step description for the algorithm

a)Take variable value of 128 bit or 16 Byte b)Matrix Manipulation

c)Arrange the data in 8 x 16 matrix as M :-

Perform Low level BIT- Level Encryption

And Divide it into 2 parts A(128) R=1

If R <=16 do

For R mod 2 = 1 where R=round

Perform Ar = A ⊕ T Br = Ar⊕ B

Perform Swap (Ar,Br)

Perform Ar Left circular shift Br times Br left circular shift Ar times

For R mod 2=0 where R= round

Perform Br+1 = Br⊕ B Ar+1 = Ar⊕ Br+1

Perform Swap(Ar+1,Br+1)

(5)

2285

b11 b12 b13 b14 ……… b113 b114 b115 b116

b21 b22 b23 b24 ……… b213 b214 b215 b216

b31 b32 b33 b34 ……… b313 b314 b315 b316

b41 b42 b43 b44 ……… b413 b414 b415 b416

b51 b52 b53 b54 ……… b513 b514 b515 b516

b61 b62 b63 b64 ……… b613 b614 b615 b616

b71 b72 b73 b74 ……… b713 b714 b715 b716

b81 b82 b83 b84 ……… b813 b814 b815 b816

8 x 16

d)Divide the above matrix in 8 parts of 4 x 4 such as : - M11 M12 M21 M22

M13 M14 M23 M24

e)Now perform transpose on matrix M11, M14, M21 and M24.

f)Swap M12 with M23 and M13 with M22

e.Now combine the matrix such that it become of 4 x 32 as g)The bits should be represented in matrix .

h)Perform left circular shift operation on row 1 using value of sub key S1

i)Perform left circular shift operation on row 2 using value of sub key S2

j)Perform left circular shift operation on row 3 using value of sub key S 3

k)Perform left circular shift operation on row 4 using value of sub key S

l)Now collecting resultant data column wise from matrix G and proceed to key mixing.

k)Then perform key mixing

l)Randomly taking 4 sub keys and applying x-or operation to the resultant data.

m)The resultant data of 128 bit is the cipher text of the above given plain text.

n)Exit.

4.5 Analysis of the algorithm:

Cryptanalysis is a process of finding weaknesses in cryptographic algorithms and using these weaknesses to decipher the cipher-text without knowing the secret key (instance deduction). Sometimes the weakness is not in the cryptographic algorithm itself, but rather in how it is applied that makes cryptanalysis successful. An attacker may have other goals as well, such as:

a)Total Break - Finding the secret key.

b)Global Deduction - Finding a functionally equivalent algorithm for encryption and decryption that does not require knowledge of the secret key.

c)Information Deduction - Gaining some information about plaintexts or cipher texts that was not previously known. d)Distinguishing Algorithm - The attacker has the ability to distinguish the output of the encryption (cipher-text) from a random permutation of bits.

The goal of the attacker performing cryptanalysis will depend on the specific needs of the attacker in a given attack context. In most cases, if cryptanalysis is successful at all, an attacker will not be able to go past being able to deduce some information about the plaintext (goal 3). However, that may be sufficient for an attacker, depending on the context.

4.6 Characteristic of Proposed

Key:-a)Our proposed key is 128 bits which is larger; this will enhance the security aspect of this algorithm and make them more secure than other encryption Algorithms. b)Proposed Key having 16 rounds it is also increasing security.

c)There is no constraint that only one key which is providing simple structure.

4.7 Characteristic of Proposed Algorithm:-

a)This Algorithm is much smaller in structure than the other algorithms and easy to understand and implement. b)It does not contain complex structure, control flow is well defined and looping structure is minimized. Due to the following facts it takes very less time for execution.

c)The message is encrypted in the form of matrices of small sizes, so if matrix is corrupted then that corrupted matrix will be retransmitted we do not have to transfer the whole message.

5 COMPARISON AND RESULT

5.1 Experiment Factors

In order to evaluate the performance of the compared algorithms, the parameters that the algorithms must be tested for, must be determined. Since the security features of each algorithm as their strength against cryptographic attacks is already known. The chosen factor here to determine the performance is the algorithm's speed to encrypt/decrypt data blocks of various sizes .

5.2 Comparative Report

(6)

2286

existing algorithm is AES algorithm and the second existing algorithm is a combination of AES,DES and 3DES algorithm. Accordingly the observations on the encryption and decryption time has been made.

a)Encryption and Decryption Time

To evaluate computational overhead in Table 5.1, and Table 5.3 a comparison on basis of encryption time and decryption time with their file size have been shown between proposed encryption algorithm and AES on the same set of files. The required time for the encryption and decryption through Proposed Algorithm is much smaller than encryption and decryption time for the AES algorithm.

TABLE 5.1

Encryption Time for AES and Proposed algorithm

Text File in KB AES Proposed Algo

Time in Mili-Second

12 171 62

20 249 93

48 702 234

72 1248 546

96 1965 982

TABLE 5.2 Decryption Time for AES and Proposed

algorithm

Text File in KB AES Proposed Algo

Time in Mili-Second

12 140 62

20 249 78

48 670 234

72 1263 577

96 1763 982

6 CONCLUSION AND FUTURE WORK

Using this symmetric algorithm, we can encrypt any size of file, as well as any kind of file in cloud environment, as this algorithm is implemented in bit level. As level of generation of identification marks for each block and length of decomposed block are chosen at run time as randomly, for it key is differed from each encryption to another. Additionally, if we use X-bit key, 2X number of key may be generated, from which only one option is used for correct decryption. So, complexity of key breaking increases according to increased value of X. In cloud environment it is recommended to use as strong security as possible, consistent with other factors and taking account of the expected life of the application. The presented simulation results showed that algorithm has a better performance than other common encryption algorithms used. As future work we are going to realize measurements for other types of files, also the possibility of realizing measurements for other scenarios including other algorithms in different

working environment. In addition, advance of application in a way that supports users of different professions.

References

[1] M. Hogan and A. Sokol. NIST Cloud Computing Standards Roadmap Version 2. NIST Cloud Computing Standards Roadmap Working Group, NIST Special Publications 500-291, NIST, Gaithersburg, MD, 2013, p.1-113.

[2] T. Dillon, Chen Wu, and E. Chang. Cloud computing: Issues and challenges.In 2010 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), pages 27 {33, April 2010.

[3] Kresimir Popovic and Zeljko Hocenski. Cloud computing security issues and challenges. In MIPRO, 2010 Proceedings of the 33rd International Convention, pages 344

[4] John Rittinghouse and James Ransome. Cloud Computing: Implementation, Management, and Security. CRC Press, 1 edition, August 2009.

[5] Security in the cloud. Clavister White Paper, 2010. cited By (since 1996)

[6] Pratap Chandra Mandal “Evaluation of Performance of the Symmetric Key Algorithm:DES, 3DES, AES and Blowfish” Journal of Research in Computer Science, Volume 3, No. 8, August 2012.

[7] Lawal, B. O., Ogude, C., & Abdullah, K. K. A. (2013). Security management of infrastructure as a service in cloud computing. African Journal of Computing & ICT, 6(5).

[8] Uttam Kr. Mondal. Satyendra Nath Mandal, J.PalChoudhury, J.K.Mandal” Frame Based Symmetric Key Cryptography” Int. J. Advanced Networking and Applications Volume: 02, Issue: 04, Pages: 762-769 (2011)

[9] Forouzan Behrouz A, “Data Communication and Networking”, Fourth Edition, 2006, New York: Tata McGraw- Hill.

[10]Ouedraogo, M., Mignon, S., Cholez, H., Furnell, S., & Dubois, E. (2015). Security transparency: the next frontier for security research in the cloud. Journal of Cloud Computing, 4(1), 12.

[11]Belguith, Sana, Abderrazak Jemai, and Rabah Attia. "Enhancing Data Security in Cloud Computing Using a Lightweight Cryptographic Algorithm." The Eleventh International Conference On Autonomic and Systems. 2015.

[12]Prof. Mrinmoy Ghosh and Prof. Pranam Paul “An Application to ensure Security through Bit-level Encryption” IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.11, November 2009

(7)

2287

“Enhancement of Security through a Cryptographic Algorithm Based on Mathematical Representation of Natural Numbers” International Journal of Computer and Electrical Engineering, Vol. 2, No. 5, October, 2010,1793-8163

[14]Fauzan Saeed and Mustafa Rashid ”Integrating Classical Encryption with Modern Technique” IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.5, May 2010

[15]H. Rahmani, E. Sundararajan, Z. M. Ali, and A. M. Zin, “Encryption as a Service (EaaS) as a Solution for Cryptography in Cloud”. Procedia Technology, vol. 11, 2013, pp. 1202-1210.

[16]Onwutalobi Anthony-Claret “Using Encryption Technique” Department of Computer Science,University of Wollongong Australia,

[17]Prof. Mrinmoy Ghosh and Prof. Pranam Paul “An Application to ensure Security through Bit-level Encryption” IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.11, November 2009

Figure

Fig. 4.1 Block diagram of proposed key generation
TABLE 5.2 Decryption Time for AES and Proposed

References

Download now ( PDF - 7 Page - 760.48 KB )

Related documents

Outward Foreign Direct Investment of China’s SMEs: Location Choices and Motives

Compared to the initial investment of a SMEs, enterprises with rich investment experience are more likely to seek the existing large market, much cheap labor and rich

Production of biohydrogen by recombinant expression of [NiFe]-hydrogenase 1 in Escherichia coli

Under the addition of formate, H 2 production increased more than 2-fold in BL21 cells with recombinant hydrogenase 1, compared to the culture without formate (bars (e) vs (b),

The effects of timing of prophylaxis, type of anesthesia, and use of mechanical methods on outcome in major orthopedic surgery - subgroup analyses from 17,701 patients in the XAMOS study

2–6 The effectiveness and safety of rivaroxaban in unselected patients in routine clinical practice were confirmed in XAMOS, a noninterventional, Phase IV study, which

Case Digest, 1 Computer L.J. 205 (1978)

The Court ruled that the computer system was not patentable on the ground of obviousness. A patent may not be obtained if the subject matter would have been obvious

Concurrent Receipt of Social Security Disability Insurance (SSDI) and Unemployment Insurance (UI): Background and Legislative Proposals in the 113th Congress

The two bills, among their many other provisions, would reduce SSDI cash benefits, dollar for dollar, for any month in which an SSDI beneficiary is in receipt of UI benefits,

Recent Activities in the Patent Administration. Part1

Ten years have passed since the transfer to a new utility model system by the revision of the Utility Model Law in 1993, which enabled early registrations of utility models.

The effect of freezing speed and hydrogel concentration on the microstructure and compressive performance of bamboo-based cellulose aerogel

In this study, we prepared cellulose aerogels with different den- sities by regulating the concentration of microfibrillated cellulose (MFC) hydrogel using bamboo parenchymal cells as

A 40-year-old divided highway does not prevent gene flow in the alpine newt Ichthyosaura alpestris

significantly alter gene flow in the alpine newt: the A6 highway and the LGV-PSE high-speed railway 98.. should be associated with a significant increase in genetic distances