Improving the security and encryption performance of cloud storage by using elliptic curve cryptography

Full text

(1)UNIVERSITI PUTRA MALAYSIA IMPROVING THE SECURITY AND ENCRYPTION PERFORMANCE OF CLOUD STORAGE BY USING ELLIPTIC CURVE CRYPTOGRAPHY. NOORULDEEN QUTAIBA ISMAEEL. FSKTM 2016 29.

(2) H. T. U. PM. IMPROVING THE SECURITY AND ENCRYPTION PERFORMANCE OF CLOUD STORAGE BY USING ELLIPTIC CURVE CRYPTOGRAPHY. IG. By. ©. C. O. PY. R. NOORULDEEN QUTAIBA ISMAEEL. Thesis Submitted to the Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, in Fulfilment of the Requirements for the Degree of Master of Computer Science January 2016.

(3) PM U T. ©. C. O. PY. R. IG. H. To My Family. i.

(4) ABSTRACT Abstract of thesis presented to the Senate of Universit Putra Malaysia in fulfilment of the requirement for the degree of Master of Computer Science. PM. IMPROVING THE SECURITY AND ENCRYPTION PERFORMANCE OF CLOUD STORAGE BY USING ELLIPTIC CURVE CRYPTOGRAPHY. By. T. January, 2016. U. NOORULDEEN QUTAIBA ISMAEEL. Dr. Nor Asilah Wati Binti Abdul Hamid. Faculty:. Computer Science and Information Technology. IG. H. Supervisor:. Abstract. Cloud services have emerged as one of the most promising solutions for. R. many real world issues. They can be used in a wide variety of applications ranging. PY. from cloud storage, cloud computing, and cloud applications. However, they are a double-edged sword from security and privacy standpoints, especially when storing sensitive data in cloud storage. Therefore, besides secure they require efficient. O. security solutions to obtain the necessary security level. The current security. C. solutions are designed to work mainly on either the client side or the server side, and this strategy may cause a reduction of either the performance of the system or the. ©. security of the data. In this thesis, we have proposed a security solution based on an ECC algorithm to improve the security and the performance of the data by dividing the file content and encrypting it on both the server and the client side. The proposed solution improves the performance of the standard ECC and outperforms the AES algorithm in terms of encryption speed and response time.. ii.

(5) ACKNOWLEDGEMENTS. First and above all, I praise God, the almighty for providing me this opportunity and. PM. granting me the capability to proceed successfully.. My deeply appreciation to my family; father and mother, brothers, sisters for their affectionate patience, support, and encouragement all time. Their prayers and good. U. wishes always help me to be strong, especially in difficult times. I am very grateful. T. and thankful to them.. H. I would like to express my sincere appreciation and deepest gratitude to my. IG. supervisor Dr. Nor Asilah Wati Binti Abdul Hamid for their encouragement,. R. valuable advices, and guidance throughout this research.. Special thanks to my dearest friends who are always willing to help and to share. PY. ideas and knowledge at times when they are busy with their own project themselves.. ©. C. O. I will treasure their friendship.. iii.

(6) APPROVAL SHEET. H. T. U. PM. A thesis prepared by Nooruldeen Qutaiba Ismaeel with the title " IMPROVING THE SECURITY AND ENCRYPTION PERFORMANCE OF CLOUD STORAGE BY USING ELLIPTIC CURVE CRYPTOGRAPHY " submitted in partial to fulfilment of requirement of the master of Computer Science and Information Technology Universiti Putra Malaysia.. IG. _____________________________________. ©. C. O. PY. R. Dr. Nor Asilah Wati Binti Abdul Hamid Department of Communication Technology and Network Faculty of Computer Science and Information Technology Universiti Putra Malaysia (Supervisor). _________________________________ Prof. Madya Dr. Zuriati Binti Ahmad Zukarnain Department of Communication Technology and Network Faculty of Computer Science and Information Technology Universiti Putra Malaysia (Assessor). iv.

(7) Faculty of Computer Science and Information Technology Universiti Putra Malaysia. PM. DECLARATION. I hereby declare that the thesis is my original work except for quotations and citations which have been duly acknowledged. I also declare that it has not been. U. previously, and is not concurrently, submitted for any other degree at Universiti. _____________________________________ Nooruldeen Qutaiba Ismaeel Date:. / 2 / 2016. ©. C. O. PY. R. IG. H. T. Putra Malaysia or at any other institutions.. v.

(8) TABLE OF CONTENTS. Page ABSTRACT ............................................................................................................... ii ACKNOWLEDGEMENTS ..................................................................................... iii. PM. APPROVAL SHEET ................................................................................................ iv DECLARATION ....................................................................................................... v TABLE OF CONTENTS ......................................................................................... vi. LIST OF FIGURES ................................................................................................ viii. U. LIST OF TABLES .................................................................................................... ix. T. CHAPTER 1 - INTRODUCTION ........................................................................... 1 1.1 Background ........................................................................................................ 1. H. 1.2 Problem statement .............................................................................................. 4. IG. 1.3 Objectives ........................................................................................................... 5 1.4 Project Scope ...................................................................................................... 5. R. 1.5 Structure of the thesis ......................................................................................... 6. CHAPTER 2 - LITERATURE REVIEW ............................................................... 7. PY. 2.1 Cloud Computing ............................................................................................... 7 2.1.1 Cloud Computing Benefits ........................................................................ 8 2.1.2 Cloud Computing Characteristics .............................................................. 9. O. 2.1.3 Cloud Service Models.............................................................................. 10 2.1.4 Deployment Models of Cloud ................................................................. 12. C. 2.1.5 Cloud Services ......................................................................................... 14. 2.2 Authentication in the Cloud ............................................................................. 14. ©. 2.3 Security Importance in Cloud Computing........................................................ 16 2.4 Cryptography .................................................................................................... 19 2.4.1 Type of Cryptography.............................................................................. 19 2.4.1.1 Symmetric Key Cryptography (SKC) ......................................... 20 2.4.1.1.1 Advanced Encryption Standard (AES)......................... 23 2.4.1.1.2 Encryption Algorithms ................................................. 25 2.4.1.2 Asymmetric Key Cryptography (AKC) ...................................... 26 vi.

(9) 2.5 Using Public-Key Cryptosystems .................................................................... 28 2.5.1 (Confidentiality) Encryption and Decryption .......................................... 28 2.5.2 Digital Signatures (Authentication, Integrity, Non-repudiation) ............. 29 2.6 Mathematical Problems for Public-Key Cryptosystems .................................. 30 2.6.1 Discrete Logarithm Problem (DLP) ........................................................ 30. PM. 2.6.2 Elliptic Curve Discrete Logarithm Problem (ECDLP) ............................ 31 2.7 Why Elliptic Curve Cryptography? .................................................................. 32 2.7.1 Security .................................................................................................... 33 2.7.2 Efficiency................................................................................................. 33. U. 2.8 Elliptic Curve Arithmetic ................................................................................. 34 2.8.1 Elliptic Curve Definition ......................................................................... 35. T. 2.8.2 Group Law for Elliptic Curves ................................................................ 39 2.8.3 Point Multiplication ................................................................................. 43. IG. H. 2.9 Data Security in Cloud and Related Work ....................................................... 44. CHAPTER 3 - METHODOLOGY ........................................................................ 60 3.1 Introduction ...................................................................................................... 60. R. 3.2 Experiment Platforms and Performance Measurement .................................... 61 3.3 Architecture of the Proposed Solution ............................................................. 62. PY. 3.3.1 Key Generation ........................................................................................ 63 3.3.2 Encryption Process .................................................................................. 65. C. O. CHAPTER 4 - RESULT AND DISCUSSION ...................................................... 70. ©. CHAPTER 5 - CONCLUSION& FUTURE WORK ........................................... 79. REFERENCES ........................................................................................................ 80 BIODATA OF STUDENT ...................................................................................... 91. vii.

(10) LIST OF FIGURES. Figure. R. IG. H. T. U. PM. Some of the Cloud’s Benefits ................................................................. 8 Authentication in the Cloud .................................................................. 15 The Classification of Some Types of Cryptography ............................ 20 The process of Symmetric Key Cryptography ..................................... 21 Input, State and Output Arrays ............................................................. 23 The AES Encryption and Decryption Processes .................................. 24 The Process of Asymmetric Key Cryptography ................................... 26 Process of A Digital Signature ............................................................. 27 Elliptic Curve Over R ........................................................................... 36 Geometric Addition of Elliptic Curve Points, P+Q=R ......................... 40 Geometric Doubling of Elliptic Curve Point, 2P=R ............................. 40 The Process Implementation................................................................. 45 Cloud Data Security Architecture ......................................................... 47 Encryption Application Performance Chart ......................................... 48 Framework of Secure Cloud Storage System (CSS) ............................ 49 Comparative execution times for transmission of text data.................. 50 Comparative execution times for transmission of audio data ............... 50 Encryption Time of Each Algorithm (In ms) ....................................... 52 ECC and RSA (key size & encryption strength) .................................. 57 Proposed Model Architecture ............................................................... 58 Proposed Solution Idea ......................................................................... 63 Flow Chart Process of Generating Keys. .............................................. 65 Arrangement of The Blocks (F) ............................................................ 65 Flow Chart of an Encryption Process at The Client Side ..................... 67 Encrypted Blocks Result....................................................................... 68 Flow Chart of an Encryption Process at The Server Side .................... 69 AES and Standard ECC Encryption Speed .......................................... 70 Encryption Time of Algorithms............................................................ 73 Encryption Time of the Standard AES and the Proposed Solution ...... 74 Response Time of Algorithms’ at the Client Side ................................ 78. ©. C. O. PY. Figure 2.1 Figure 2.2 Figure 2.3 Figure 2.4 Figure 2.5 Figure 2.6 Figure 2.7 Figure 2.8 Figure 2.9 Figure 2.10 Figure 2.11 Figure 2.12 Figure 2.13 Figure 2.14 Figure 2.15 Figure 2.17 Figure 2.16 Figure 2.18 Figure 2.19 Figure 2.20 Figure 3.1 Figure 3.2 Figure 3.3 Figure 3.4 Figure 3.5 Figure 3.6 Figure 4.1 Figure 4.2 Figure 4.3 Figure 4.4. Page. viii.

(11) LIST OF TABLES. Table. R. IG. H. T. U. PM. Security Levels in Sizes Keys for RSA, DSA and ECC ........................ 34 Encryption With Additional Space Requirement................................... 48 Comparison between AES, DES and RSA ............................................ 51 Comparative Encryption Times (In ms) of various algorithms. ............ 52 Comparison of Various Algorithms On Some Common Factors .......... 53 The comparison between ECC, RSA and AES...................................... 54 Timings of Operations at ECC ............................................................... 54 Enc./Dec. average time in RSA and ECC for common info. ................. 55 Enc./Dec. Time in Combination of RSA and ECC With AES .............. 55 Enc./Dec. Time at RSA and ECC in Passport System ........................... 55 Enc./Dec. Time in Combination ............................................................ 55 Total Enc./Dec. Time in Multipurpose Smart Card ............................... 55 Comparable Key Size (in bits) ............................................................... 56 Signature Generation Performance ........................................................ 56 Key Generation ...................................................................................... 56 Signature Verification Performance....................................................... 57 Public Key Algorithm Bit Lengths for Various Security Levels ........... 60 Client Specifications .............................................................................. 61 Server Specifications.............................................................................. 61 Encryption Speed for Each part ............................................................. 72 Encryption Time and the Gain Speed relative to standard AES ............ 75 Encryption Time and Gain Speed relative to standard ECC .................. 76 Response time at the client side ............................................................. 78. ©. C. O. PY. Table 2.1 Table 2.2 Table 2.3 Table 2.4 Table 2.5 Table 2.6 Table 2.7 Table 2.8 Table 2.9 Table 2.10 Table 2.11 Table 2.12 Table 2.13 Table 2.14 Table 2.15 Table 2.16 Table 3.1 Table 3.2 Table 3.3 Table 4.1 Table 4.2 Table 4.3 Table 4.4. Page. ix.

(12) CHAPTER 1 - INTRODUCTION. PM. 1.1 Background. Cloud services have become a moderately new benefits of the business model in the computing reality such as task collaborating and universal accessibility. The National. U. Institute of Standards and Technology (NIST) defines the cloud as a model that. permits ubiquitous access to an imparted pool of configurable computing assets that. T. can be quickly provisioned and discharged with administration or supplier. H. cooperation (Zhang Q, Cheng L, and Boutaba R., 2010). This technique has been. IG. developed as an attractive modern model to use the massive inflation of computing requirements, data size, and demand for mobile access to important data (Chun-Ting. R. Huang, Lei Huang, Zhongyuan Qin, Hang Yuan, Lan Zhou, Vijay Varadharajan and. PY. C.-C. Jay Kuo, 2014). Cloud service contains computing resources, storage, and networking services that are merged by cloud providers and offered to clients with a simple user interface and access (Armbrust M, Fox A, Griffith R et al., 2009, X. Yu. O. and Q. Wen, 2010). Most recent studies have shown that 79% of companies are. C. working on trying to use data outsourcing to mitigate the expenditures of maintenance and stockpiling of data (Rajkumar Buyya, Chee Shin Yeo, Srikumar. ©. Venugopal, James Broberg, and Ivona Brandic, 2009). The cloud can perform many services; however, there are two main services. First is high performance computing services that focus on performance and give users extra computing resources and the ability to perform high-complexity operations. Furthermore, it works quickly and securely, and it can handle as much data as we. 1.

(13) need it to. Moreover, high performance computing services can be used to gain virtually unlimited computing power. With this service we only pay for what we use.. Second is cloud storage that gives users mobile accessibility to massive secure. PM. storage space (Grossman R., 2009). By using cloud storage, we can share data amongst specific clients who can be selected by the services’ users. Common examples of uses of cloud storage today are Dropbox, Amazon’s EC2 services,. U. Microsoft SkyDrive, Google Cloud, Microsoft Cloud, and the CDN Cloud Flare.. T. Between the client and server side, when users upload their files into cloud storage,. H. the control of file access is physically lost and goes to a cloud provider who is. IG. considered a third party and unreliable (Lifei Wei el. Al., 2014). Because the files have to be transmitted and stored in the cloud, they become. R. vulnerable to unauthorized access. Therefore, the main issue in cloud storage services is the security of those files. In spite of the fact that the infrastructure of the. PY. cloud considers greatly robust and reliable than client's hardware but the data integrity, confidentiality, and availability are prone to attack from unauthorized. O. accesses, which comes from inside and outside of the cloud (Xiao Zhifeng and Xiao. C. Yang, 2013). Hence, the data must be secure from malicious users and unauthorized access not only inside the cloud but also when this data is being transmitted to the. ©. cloud destination. To handle this issue, the clients and cloud service providers use the data encryption technique to encrypt and secure the files.. Generally, there are two different types of encryption techniques based on the key generation and usage: symmetric-key cryptography (SKC), which is also called. 2.

(14) secret key cryptography, and asymmetric key cryptography (AKC), which is also known as public key cryptography. With the symmetric key cryptography (SKC) technique, one key, which is called the shared key, is used to encrypt and decrypt the data. Therefore, the key has to be. PM. exchanged between the system users through a secure communication channel prior to the start of data sharing. Although the algorithms of this technique are fast and. secure, it suffers from limitations; first, even though the key size determines the. U. strength of data security, the secret key must be shared and distributed before. transmitting the data, and that requires providing a secure channel (Jeffrey Hoffstein,. T. Jill Pipher, and J.H. Silverman, 2014, Dharmendra S. Raghuwanshi, M. R.. H. Rajagopalan, 2014). The second limitation is that the algorithm security depends on. IG. the key. Once the key is known by an attacker, the information can be simply decrypted, destructed, and modified (Rounak Sinha, Hemant Kumar Srivastava, and. R. Sumita Gupta, 2013). The third limitation is that the algorithms of symmetric key. PY. cryptography have no digital signatures; therefore, the sender identity cannot be detected (Rounak Sinha, Hemant Kumar Srivastava, and Sumita Gupta, 2013, Atul Kahate). Finally, the message cannot be directed to a specific receiver when using. O. SKC in a system of users. RC2, DES, 3DES, RC6, Blowfish, and AES algorithms. C. are examples of using this technique. On the other hand, in asymmetric key cryptography (AKC), which can be utilized to. ©. solve the limitations of SKC, two different keys, which are called the public and the private key, are used to encrypt and decrypt the data. With this technique, the data is encrypted by one key (known as the public key), but it cannot be decrypted by the same key. Hence, the sender encrypts the data by utilizing the public key. Then, on the receiver’s part, the data will be decrypted by utilizing the private key (W.. 3.

(15) Stallings, 2006, Jeffrey Hoffstein, Jill Pipher, and J.H. Silverman, 2014). Nevertheless, data encryption/decryption speed performance is the main limitation of this technique and is less than SKC. The Rivest-Shamir-Adleman (RSA) algorithm and elliptic curve cryptography (ECC) algorithm are well-known examples of this. PM. technique.. U. 1.2 Problem statement. T. Securing cloud storage data with encryption techniques brings many challenges because cloud services have many limitations and distinctive requirements. First,. H. clients connect to their cloud storage from different locations; therefore, the. IG. encryption algorithm should be able to cope with that issue of key distributing and managing. Second, the cloud storage is not physically divided for the clients;. R. therefore, the clients’ files may be located on the same storage drive. This requires. PY. the encryption algorithm to keep the files secured for a specific client. For all of the above requirements and issues, researchers have proposed many solutions to modify and advance the standard encryption algorithms in order to be able to solve these. O. issues. It is a fact that the previous solutions focus on improving the security of the. C. communication channel, transmitted data, or the data in cloud storage. The solutions that proposed by researchers to secure the transmitted data and the data in cloud. ©. storage still have many problems to be investigated, which are; Firstly, the solutions encryption/decryption speed depend generally on the performance of the client device. Secondly, the solutions are not secure enough to protect the file in storage from the cloud service providers’ access. Thirdly, the symmetric key cryptography (SKC)-based solutions still have the limitations of SKC techniques such as key. 4.

(16) management and data signature issues, and finally the asymmetric key cryptography (AKC)-based solutions have not solved the low performance issue of the AKC technique. Therefore, we propose a solution that is able to satisfy cloud services’ security. PM. requirements and solve the issues that the current solutions have by using a distributed encryption solution. The solution is ECC-based; therefore, it is. T. U. categorized under the AKC technique.. To improve the security of files in cloud storage by using the ECC encryption algorithm.. To improve the encryption speed of the ECC algorithm and response time on. PY. II.. R. I.. IG. The objectives of our work are:. H. 1.3 Objectives. O. the client side.. C. 1.4 Project Scope •. Our solution in this research is to advance the security of files in cloud. ©. storage and improve the encryption speed of the elliptic curve cryptography algorithm (ECC). •. The solution is proposed to secure document files that consist of text-based documents, spread sheet files, and database records files.. 5.

(17) 1.5 Structure of the thesis. Chapter 2, Literature Review, has sections that are divided as follows: Section 2.1 briefly explains what cloud computing is, including its benefits, characteristics,. PM. service models, and deployment models. Section 2.2 shows the authentications in cloud, and Section 2.3 illustrates the importance of security in cloud computing.. Section 2.4 explains cryptography and its types, and Section 2.5 shows the use of. U. public key cryptosystems. Section 2.6 discusses about mathematical problems for. public-key cryptosystems, and 2.7 answers “Why elliptic curve cryptography?” And. T. Section 2.8 illustrates elliptic curve arithmetic. Section 2.9, Data Security in the. H. Cloud, it discusses what authors of previous works have done and the related work.. IG. Chapter 3, Methodology, shows the architecture and processing of our proposed solution, experiment tools, platforms, and the data size that has been used.. R. Chapter 4, Result and Discussion, all the results that have been acquired will be. PY. shown and discussed.. ©. C. O. Chapter 5, Conclusion, shows the conclusion of our work and future work.. 6.

(18) REFERENCES. Armbrust M, Fox A, Griffith R et al (2009) Above the clouds: a Berkeley view of. PM. cloud computing. Technical Report No UCB/EECS-2009-28, University of California at Berkeley.. Abbadi, I.M. and Martin, A. (2011). Trust in the Cloud. Information Security. U. Technical Report, 16,108-114. doi:10.1016/j.istr.2011.08.006.. Andreas Enge, 1999, Elliptic Curves and Their Applications to Cryptography, 978-1-4615-5207-9,. T. ISBN: 978-1-4613-7372-8,. MEDIA,. LLC.. H. SCIENCE+BUSINESS. SPRINGER. IG. http://ezproxy.upm.edu.my:2078/book/10.1007/978-1-4615-5207-9. R. Atul Kahate, “Cryptography and Network Security”, TMH. B. P Rimal 2009, Eunmi Choi, and I. Lumb. A taxonomy and survey of cloud. PY. computing systems. In Fifth International Joint Conference on INC, IMS and IDC, 2009. NCM '09, pages 44{51. IEEE, August 2009. O. Bisong, A. and Rahman, S.S.M. (2011). An Overview of the Security Concerns in. C. Enterprise Cloud Computing. International Journal of Network Security & Its. ©. Applications, 3(1), 30-45.doi:10.5121/ijnsa.2011.3103.. (Bruce1996) Schneier, Bruce; "Applied Cryptography", John Wiley & Sons, Inc 1996.. Chun-Ting Huang, Lei Huang, Zhongyuan Qin, Hang Yuan, Lan Zhou, Vijay Varadharajan and C.-C. Jay Kuo :” Survey on securing data storage in the cloud” APSIPA Transactions on Signal and Information Processing / Volume 80.

(19) 3 / 2014 / e7 DOI: 10.1017/ATSIP.2014.6, Published online: 23 May 2014. http://journals.cambridge.org/SIP. PM. Clavister 2014- (n.d.) White Paper, Security in the cloud, retrieved march 5, 2015. https://www.clavister.com/globalassets/documents/resources/whitepapers/clavister-whp-cloud-security-en.pdf. U. Cloud Computing. International Journal of Soft Computing and Engineering, 3(2),. T. 110-113.. H. Diaa Salama, Hatem Abdual Kader and Mohiy Hadhoud “Studying the Effects of Most Common Encryption Algorithms” International Arab Journal of eVol.. 2,. No.. IG. Technology,. 1,. January. 2011.. R. http://www.researchgate.net/directory/publications. Dou, W., Chen, Q. and Chen, J. (2013). A confidence-based filtering method for. PY. DDoS attack defense in cloud environment. Future Generation Computer Systems, 29, 1838–1850, 2012.12.01.. Dr. Prerna Mahajan and Abhishek Sachdeva, “A study of Encryption Algorithms. O. AES, DES, and RSA for Security,” Global J. of Computer Science and. C. Technology Network, Web & Security, Vol. 13, Issue 15, Version 1.0, 2013.. ©. Dharmendra S. Raghuwanshi, M.R.Rajagopalan, “MS2: Practical Data Privacy and Security Framework for Data at Rest in Cloud,” ISBN: 978-1-4799-33518/14 IEEE, 2014.. D. Mahto, D. K. Yadav, 2015, Enhancing Security of One-Time Password using Elliptic Curve Cryptography with Biometrics for E-Commerce Applications, ISBN:978-1-4799-4446-0, IEEE.. 81.

(20) Emam, A.H.M. (2013). Additional Authentication and Authorization using Registered Email-ID for Han, J., Susilo, W. and Mu, Y. (2013). Identitybased data storage in cloud computing. Future Generation Computer Systems,. PM. 29, 673–681, 2012.07.010.. Federal Information Processing Standard 46-3. Data Encryption Standard (DES),. U. FIPS PUB (46-3), Oct. 25, 1999.. FIPS PUB 197, Nov. 26, 2001, Advanced Encryption Standard (AES), Federal. H. Processing Standards Publication 197.. T. Information Processing Standards publication 197. Federal Information. R. (2009) 23–27.. IG. Grossman R., The case for cloud computing. IEEEXplore, IT Professional, 11(2),. PY. G. H. Nobari (2010) , Omar Boucelma, and Stephane Bressan. Privacy and anonymization as a service: PASS. In Hiroyuki Kitagawa, Yoshiharu Ishikawa, Qing Li, and Chiemi Watanabe, editors, Database Systems for Advanced Applications, volume 5982, pages 392{395. Springer Berlin. C. O. Heidelberg, Berlin, Heidelberg, 2010.. ©. Gonzalez, N., Miers, C., Redigolo, F., Simplicio, M., Carvalho, T., Naslund, M. and Pourzandi, M. (2012). A quantitative analysis of current security concerns and solutions for cloud computing. Journal of Cloud Computing, 1(11), 1-18.. G. Lin 2008, G. Dasmalchi, and J. Zhu. Cloud computing and IT as a service: opportunities and challenges. In Web Services, 2008. ICWS'08. IEEE International Conference on, pages 5{5, 2008.. 82.

(21) GuPaWaEbSh, 2004, N. Gura, A. Patel, A. Wander, H. Eberle, S.C. Shantz, Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs, Sun Microsystems Laboratories, Proc. CHES ’04, 2004.. Hutton A 1996. Meisel A. Windel A. Mohammed A. Licciardi A. Seccombe, A.. PM. Security guidance for critical areas of focus in cloud computing, v2.1. CloudSecurityAlliance, page 25, 2009. cited By (since 1996).. U. H. Chan, A. Perrig and D. Song, 2003, “Random Key Pre-distribution Schemes for Sensor Networks”, Proceedings of the IEEE Symposium on Security and. T. Privacy- SP '03, California, USA, 11-14 May, 2003, pp. 197-213.. H. H. Chien 2004, “Efficient Time-Bound Hierarchical Key Assignment Scheme”,. 1301-1304, 2004.. IG. IEEE Transactions on Knowledge and Data Engineering, Vol. 16, No. 10, pp.. R. Hardjono, ''Security In Wireless LANS And MANS,'' Artech House Publishers 2005.. PY. HankMenVan, 2004, Darrel Hankerson, Alfred Menezes, Scott Vanstone, Guide to Elliptic Curve Cryptography, Springer ISBN 0-387-95273-X, 2004. Ismail, N. (2011).cCursing the Cloud (or) Controlling the Cloud? Computer Law &. C. O. Security Review, 27, 250 – 257. doi:10.1016/j.clsr.2011.03.005. John 2009 Rittinghouse and James Ransome. Cloud Computing: Implementa- tion,. ©. Management, and Security. CRC Press, 1 edition, August 2009.. J. H. Loxton, D. S. P. Khoo, G. J. Bird and J. Seberry: A Cubic RSA Code Equivalent to Factorization, Journal of Cryptology, 5, 2, pp.139-150, 1992Springer.. 83.

(22) J. Stern, Advances in Cryptology — EUROCRYPT ’99, Lecture Notes in Computer Science, (1999), vol-1592, pp. 223-238, Springer-Verlag.. Joint, A. and Baker, E. (2011). Knowing the past to understand the present 1 e issues in the contracting for cloud based services. Computer Law & Security. PM. Review, 27, 407 - 415. doi:10.1016/j.clsr.2011.05.002. Jeffrey Hoffstein, Jill Pipher, and J.H. Silverman. An Introduction to Mathematical. U. Cryptography. Springer-Verlag, 2st edition, 2014. Page 37- 47.. Kim, J. and Hong, S. (2012). A Consolidated Authentication Model in Cloud Computing Environments. International Journal of Multimedia and. H. T. Ubiquitous Engineering, 7(3), 151-160.. IG. Kumar, A. (2012). World of Cloud Computing & Security. International Journal of Cloud Computingand Services Science, 1(2), 53-58.. R. Khorshed, T.M., Ali, A.B.M.S. and Wasimi, S.A. (2012). A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in. PY. cloud computing. Future Generation Computer Systems, 28, 833–851. doi:10.1016/j.future.2012.01.006. O. K. Popovic 2010 and Zeljko Hocenski. Cloud computing security issues and challenges. In MIPRO, 2010 Proceedings of the 33rd International. C. Convention, pages 344{349, 2010.. ©. King, N.J. and Raja, V.T. (2012).Protecting the privacy and security of sensitive customer data in the cloud. Computer Law and Security Reviews, 28, 308319. Kakkar and P. K. Bansal, “Reliable Encryption Algorithm used for Communication”, M. E. Thesis, Thapar University, 2004.. 84.

(23) Lifei Wei, Haojin Zhu, Zhenfu Cao, Xiaolei Dong,Weiwei Jia, Yunlu Chen, and Athanasios V. Vasilakos, Security and privacy for storage and computation in cloud computing, ScienceDirect, Elsevier, Volume 258, 10 February 2014,. PM. Pages 371–386.. L. Wang 2010, G. Von Laszewski, A. Younge, X. He, M. Kunze, J. Tao, and C. Fu.. Cloud computing: a perspective study. New Generation Computing,. U. 28(2):137{146, 2010.. H. Privacy, IEEE, 8(1):50{52, 2010.. T. L.M. Kaufman 2010. Can a trusted environment provide security? Security &. IG. Lee, K. (2012). Security Threats in Cloud Computing Environments. International Journal of Security and Its Application, 6(4), 25-32.. R. M. Habib, T. Mehmood, F. Ullah, M. Ibrahim, Performance of wimax security algorithm (the comparative study of rsa encryption algorithm with ecc. PY. encryption algorithm), International Conference on Computer Technology. O. and Development, ICCTD’09., volume 2, IEEE, 2009, pp. 108–112.. Malik, M. Y., “Efficient implementation of elliptic curve cryptography using low-. C. power digital signal processor,” In Advanced Communication Technology (ICACT), 2010, The 12th International Conference on Vol. 2, pp. 1464-1468.. ©. IEEE, 2010.. M. Sudha , Dr.Bandaru R. K. Rao , M. Monica “A Comprehensive Approach to Ensure Secure Data Communication in Cloud Environment,” in International Journal of Computer Applications (0975 – 8887) Volume 12– No.8, Dec. 2010. 85.

(24) M. Savari, M. Montazerolzohour, and Y. Eng Thiam, “Comparison of ECC and RSA Algorithm in Multipurpose Smart Card Application”, 2012 International Conference on, pp.49-53. IEEE, 2012.. Mitali, Vijay Kumar and Arvind Sharma “A Survey on Various Cryptography. PM. Techniques,” International Journal of Emerging Trends & Technology in. Computer Science (IJETTCS), Vol. 3, Issue 4, ISSN 2278-6856, July-August. U. 2014.. H. Systems Technology, sept., p. 7.. T. NIST (2011) Peter Mell. 'The NIST Definition of Cloud ', Reports on Computer. IG. NIST Special Publication 800-67,2012, Recommendation forthe Triple Data Encryption Algorithm (TDEA) Block Cipher Revised January 2012,. R. Information Security, William C. Barker, Elaine Barker.. PY. Nadeem and Aamer; "A Performance Comparison of Data Encryption Algorithms",. O. IEEE 2005.. Nasrin Khanezaei, Zurina M. Hanapi “A Framework Based on RSA and AES. C. Encryption Algorithms for Cloud Computing Services” ISBN: 978-1-4799-. ©. 6105-4, IEEE, 2014.. Ogigau-Neamtiu, F. (2012). Cloud Computing Security Issues. Journal of Defense Resource Management, 3(2), 141-148.. 86.

(25) O’Melia and J. Elbirt, “Enhancing the Performance of Symmetric-Key Cryptography via Instruction Set Extensions”, IEEE Transactions on Very Large Scale Integration (VLSI) Syst., vol. 18, no. 11, pp. 1505-1518, Nov. 2010.. PM. O. D. Alowolodu, B.K. Alese, A.O. Adetunmbi, O.S. Adewale, O.S. Ogundele, Elliptic curve cryptography for securing cloud computing applications, Int. J.. U. Comput. Appl. 66 (2013).. Prof. Dr.-Ing. Christof Paar, Dr.-Ing. Jan Pelzl, Understanding Cryptography,. H. T. Springer Heidelberg Dordrecht London, New York, 2010, pp 149-171.. Pratap Chnadra Mandal: Superiority of Blowfish. International Journal of Advanced. IG. Research in Computer Science and Software Engineering, Volume 2, Issue 9,. R. pp. 196-201, September 2012.. PY. Rajkumar Buyya, Chee Shin Yeo, Srikumar Venugopal, James Broberg, and Ivona Brandic. 2009. Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation. O. Computer Systems 25, 6 (2009), 599–616.. C. Ryan, P. and Falvey, S. (2012). Trust in the clouds. Computer Law and Security. ©. Reviews, 28, 513-521. http://dx.doi.org/10.1016/j.clsr.2012.07.002. Rounak Sinha, Hemant Kumar Srivastava, Sumita Gupta, “Performance Based Comparison Study of RSA and Elliptic Curve Cryptography”, International Journal of Scientific & Engineering Research, Vol. 4, Issue 5, May-2013 ISSN 2229-5518.. 87.

(26) S. P. Singh and R. Maini, “Comparison of Data Encryption Algorithms”, International Journal of Computer Science and Communication, Vol. 2, No. 1, pp. 125-127, Jan-June 2011.. Singh, S. and Jangwal, T. (2012). Cost breakdown of Public Cloud Computing and. PM. Private Cloud Computing and Security Issues. International Journal of Computer Science & Information Technology, 4(2), 17-31.. Sharma, S. And Mittal, U. (2013). Comparative Analysis of Various Authentication. U. Techniques in Cloud Computing. International Journal of Innovative. T. Research in Science, Engineering and Technology, 2(4), 994-998.. SANS Institute InfoSec Reading Room, “PGP: A Hybrid Solution” by Jessica J. https://www.sans.org/reading-room/whitepapers/vpns/pgp-hybrid-. H. Benz.. IG. solution-717. R. S. Chandra, S. Paira, S.S. Alam, and G. Sanyal. A comparative survey of symmetric and asymmetric key cryptography. International Conference on Electronics,. PY. Communication and Computational Engineering (ICECCE), Nov. 2014. O. IEEE.. Sunil Mankotia and Manu Sood “A Critical Analysis of Some Symmetric Key Block. C. Cipher Algorithms” (IJCSIT) International Journal of Computer Science and. ©. Information Technologies, ISSN: 0975-9646, Vol. 6 (1) , 2015, 495-499.. T. Jaeger (2010) and J. Schiman. Outlook: Cloudy with a chance of security challenges and improvements. Security & Privacy, IEEE, 8(1):77{80, 2010.. 88.

(27) T. Dillon 2010, Chen Wu, and E. Chang. Cloud computing: Issues and challenges. In 2010 24th IEEE International Conference on Advanced Informa- tion Networking and Applications (AINA), pages 27 {33, April 2010.. PM. Teneyuca, D. (2011). Internet cloud security: The illusion of inclusion. Information Security Technical Report, 16, 102-107. doi:10.1016/j.istr.2011.08.005. Wood K, Pereira E. (Nov.2010) 'An Investigation into CLoud Configuration and. U. Security', 2010 International Conference for Internet Technology and Secured Transactions, 1-6.. T. W. Stallings, Cryptography and Network Security: Principles and Practices, 5rd.. H. Upper Saddle River, NY 07458, Inc., publishing as Prentice Hall, ISBN 10: 0-13-609704-9, ISBN 13: 978-0-13-609704-4, 2006 Pearson Education, pp.. IG. 269–270.. R. X. Yu and Q. Wen, “A view about cloud data security from data life cycle,” Computational Intelligence and Software Engineering (CiSE), 10-12 Dec.. PY. (2010) 1 - 4.. O. Xiao Zhifeng and Xiao Yang. 2013. Security and Privacy in Cloud Computing. IEEE. C. Communications Surveys & Tutorials 15, 2 (2013), 843–859... ©. Yassin, A.A., Jin, H., Ibrahim, A., Qiang, W. and Zou, D. (2012). Efficient Password-based. Two. Factors. Authentication. in. Cloud. Computing.. International Journal of Security and Its Applications, 6(2), 143-148. Y. Zhang, W. Liu, W. Lou and Y. Fang, 2006 “Location-Based CompromiseTolerant Security Mechanisms for Wireless Sensor Networks”, IEEE. 89.

(28) Transactions Selected Areas in Communications, Vol. 24, No. 2, pp. 1-14, 2006.. Y. Zhang, W. Liu, W. Lou and Y. Fang, 2006 “Location-Based Compromise-. PM. Tolerant Security Mechanisms for Wireless Sensor Networks”, IEEE Transactions Selected Areas in Communications, Vol. 24, No. 2, pp. 1-14,. U. 2006.. Zhang Q, Cheng L, Boutaba R (2010) Cloud Computing: state-of-the-art and. H. T. research challenges.. ©. C. O. PY. R. IG. J. of Internet Services Applications (2010) 7–18.. 90.

(29) BIODATA OF STUDENT. Nooruldeen Qutaiba Ismaeel was born in Iraq/Baghdad on 19th September 1988. He obtained Degree in Computer Hardware and Software Engineering from Al-. PM. Mustansiriya University on 2010. He peruses his Master of Computer Science and. Information Technology majoring in Distributed Network Department at Universiti. Putra Malaysia by focusing on cloud storage security. His research interests include. U. investigating new approach to improve the performance and security of data in cloud. T. storage by using elliptic curve cryptography as he did his Master project in the same. ©. C. O. PY. R. IG. H. area. Recently, he did some publications in these areas.. 91.

(30)

No results found