Hybrid Cryptography to Maintain Integrity of Data in Multimedia Cloud Environment

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 7, Issue 9, September 2017)

669

Hybrid Cryptography to Maintain Integrity of Data in

Multimedia Cloud Environment

Er. Shilpi Harnal

1

, Dr. R.K. Chauhan

2

1_{Research Scholar, DCSA, Kurukshetra University} 2_{Professor, DCSA, Kurukshetra University}

Abstract— Cloud computing provides all the resources as

services through the internet. Cloud users can access high cost software and hardware online from any computer without installation. Now multimedia computing has emerged as lifeline in daily life to search, process, edit and generate media contents such as images, audio, video, graphics etc. Multimedia cloud computing can provide huge benefits but its full adoption has to face heterogeneity of media data, services, networks, QoS and also heterogeneity of devices. As most of the data generated today is of multimedia type, so data security and access control are another major issues that needs more attention as cloud stores sensitive and private data of the users. Cryptography provides solution for many of these security issues and attacks. This paper has proposed a highly secure hybrid algorithm for maintaining integrity while storing and retrieving images, audio and video files over cloud servers. In the last section the resultant bar graphs are also provided to analyze the performance of the algorithm for various types and size of data.

Keywords— multimedia, security, side channel attack, AES,

encryption, decryption, cryptography.

I. INTRODUCTION

Cloud computing reduces the cost as this relieves the user from the cost of owning huge storage, computing powers, application deployment cost, software’s licensing cost etc. [1] [2] [3]. This provides the users with dynamically scalable and configurable pool of resources like storage, computing, applications, networks etc. through private or public cloud networks [4]. Cloud provides everything on pay per usage basis in the form of services like Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Some examples of the cloud providers are Google Apps, Amazon EC2, Salesforce, Windows Azure, Amazon’s S3 etc. [5]. But in current scenario most of the network traffic comprises of multimedia data as the maximum data generated, edited, stored and shared through various mobile devices (e.g. smart mobiles, laptops, cameras, tablets etc.) is of type multimedia (e.g. images, audio and video files etc.). Mobile devices with limited storage, battery and computing power can easily manage storing, editing, and processing of these rich media data and applications through cloud servers in distributed manner.

In this way mobile users can maintain the tradeoff between the computational capability and communication. For mobile services and applications cloud services are acting as a boon [6]. But access, sharing, storage, computation, editing and transmission of such multimedia data by millions of users over internet have rigid QoE and QoS requirements in terms of delay, bandwidth and jitter. For an ordinary content provider cloud these requirements would be a bottleneck and this can result in unsatisfied users for media traffic [7] [8]. In order to fulfill these requirements multimedia cloud providers need faster graphical processing units (GPUs), huge storage capacity, separate security aids and high speed network connectivity unlike content delivery network like YouTube etc. Multimedia cloud relives the user from the burden of purchasing, installation, licensing, continual upgrades and maintenance of heavy and expensive multimedia software as the software for media data computation are very expensive to own. Apart from all these benefits it also saves the battery life of mobile devices as all the computations are done remotely at cloud servers.

(2)

International Journal of Emerging Technology and Advanced Engineering

670

For symmetric key encryption both sender and receiver agrees to a cryptosystem and a secret key. The sender encrypt the message using the secret key and the receiver decrypts the received cipher text using the same shared secret key. For asymmetric encryption technique both sender and receiver maintains a pair of public and private keys of its own along with public key of other party. The sender encrypts the data using the receiver’s public key and the receiver decrypts the data by using its own private key. But this technique of encryption makes it 1000 times slower than symmetric technique as it requires more computational capability and also this technique is more prone to attacks [15] [16]. Generally a hybrid technique is always preferable to get benefits of both methods. For this technique secret key is exchanged with the asymmetric encryption and then symmetric encryption is applied to encrypt and decrypt the data.

Various cryptography algorithms and methods has been proposed by several researchers for the multimedia data security. Abdel-Karim in his paper [17] has performed a comparison among four most common encryption algorithms like DES, 3DES, AES and Blowfish for different sizes of data blocks in C#. Through simulation results the author has proved that the Blowfish has better performance than other encryption algorithms. Blowfish is a good candidate as it is not having any known weak points so far. This paper has proposed a hybrid encryption algorithm which is a combination of highly secure Advanced Encryption Standard (AES) and Blowfish algorithms with random generation of secret keys to improve security while storing text, audio, images, video files onto the cloud server. This randomization of private key will also help to enhance the complexity of cryptographic algorithm. Both of these symmetric key algorithms convert the data into the unreadable form which can only be converted to original form with the associated key. The AES algorithm can only work with the text input. So to apply AES algorithm over various types of data is a challenge. The proposed work implements the Advanced Encryption Standard (AES) and Blowfish algorithm with randomized 128-bits secret keys over different types and sizes of data. The organization of the paper is as follows, next two sections give a brief of these algorithms. Section IV presents the working of the proposed algorithm and the experimental results in the form of line graphs. Section V projects on future scope and conclusion.

II. AES:DESIGNOVERVIEW

Advanced encryption standard algorithm (AES) is symmetric block cipher algorithm.

It works with 128 bits block length and 3 different key sizes of 128, 192 and 256 bits. AES is round based algorithm as it requires 10 rounds if key size is 128 bits, 12 rounds if key size is 192 bits, 14 rounds if key size is 256 bits. For encryption/decryption process each round performs four functions except the last round that require three functions. The main round functions for encryption process are SubByte( ), ShiftRows( ), MixColumn( ) and AddRoundKey( ). The decryption process requires the same functions but with reverse transformation and different order i.e. InvShiftRow( ), InvSubByte( ), AddRoundKey( ) and InvMixColumn( ) [18] [19].

A. AES Encryption process:

Encryption process applies a number of transformations iteratively over the plain text block to generate the

corresponding cipher text. Total number of

iterations/rounds depends upon the key length used. As if the key length is 128 bits then 10 rounds are required. Main functions used during AES Encryption process are as follows [20]:

SubBytes( )- It is a non-linear substitution step. This function replaces each source byte of the source matrix with another byte by applying a lookup table or substitution box (S-box) substitution.

ShiftRows( )- It is a transposition step. This function shifts each row of state matrix cyclically a fixed number of times except the first row. So bytes of second, third, fourth and fifth rows are shifted cyclically left by one, two, three and four bytes respectively.

MixColumns( )- It is a mixing operation. This function is performed on each column of the state by multiplying it with a fixed polynomial matrix.

AddRoundKey( )- This function perform bitwise XOR operation over each byte of the state and each block of round key expanded from the 128 bits original key.

Following steps are performed to encrypt 128-bit block using 128-bit key size as shown in figure 1:

 Generate set of keys for each round from the cipher key.

 Prepare initial state array and add initial round key to it.

 Perform rounds = 1 to 9, with each round including

sequence of functions such as SubBytes( ), ShiftRows( ), MixColumns() and AddRoundKey( ) respectively.

 Perform the final round including sequence of functions

such as SubBytes( ), ShiftRows( ) and AddRoundKey( ) respectively.

 Corresponding cipher text chunk is generated from the

(3)

International Journal of Emerging Technology and Advanced Engineering

671

B. AES Decryption process:

Decryption process is applied over the cipher text to regenerate the corresponding plain text. This process is reverse of encryption process as all the steps are performed in reverse order by applying inverse of above four operations over 128-bits cipher text block. Main functions performed during AES Decryption process are as follows: InvSubBytes( )- This function is inverse of SubBytes( ). This function replaces each byte of the cipher matrix with another byte by applying an inverse substitution box (S-box) substitution.

InvShiftRows( )- It is inverse transposition of ShiftRows( ). It shifts each row of state matrix cyclically a fixed number of times except the first row. So bytes of second, third, fourth and fifth rows are shifted cyclically right by one, two, three and four bytes respectively.

InvMixColumns( )- It is inverse mixing operation. It perform multiplication on each column of the state with a fixed polynomial matrix.

[image:3.612.99.234.401.591.2]

KeyExpansion( )- In this process the 128-bits original key is expanded into eleven round keys each of 128-bits.

Figure 1: AES Encryption Process

III. BLOWFISH:DESIGN OVERVIEW

This algorithm is developed by one of the leading cryptologist Bruce Schneier in 1993. He is also president of a firm specialized in computer security and cryptography. This algorithm is freely available to use by anyone as it is an unpatented algorithm. Like other symmetric key algorithms it also suffers from weak key problems but except this it is not prone to any other attacks [21] [22].

It is a 64-bit block cipher, variable key length algorithm with key sizes varies from 32-bits to 448-bits. It is a Feistel Network, after a complex initialization phase it iterates a simple encryption function for 16 rounds. Each round requires XOR operations and a transformation function TF along with key expansion operation for generating encrypted data block as shown in figure 2. For each operation the given key is expanded to give 32 bits key as input and stored in a P-array. A total of 18 P-arrays are used in 16 rounds of encryption process of every 64 bits block [23].

The transformation function TF perform the S-Box transformation using four two-dimensional S-Boxes each of dimension 4 X 64 i.e. a total of 4 X 256 order. Each S-Box takes 8 bits as input and produces 32 bits as output. Out of these incoming 8 bits the combination of first and last bit indicates the row number (from total 4 rows) and the combination of remaining 6-bits indicates the column number (from total 64 columns) of S-Box matrix. The sum of 32 bits outcome from first and second S-Boxes is XoRed with the 32 bits outcome from third S-Box. Then the resultant 32 bits outcome is sum up with the 32 bits outcome of the last S-Box to generate final 32 bits outcome of TF function. The complete operation of TF function is shown in figure 3.

Steps for encryption of each 64-bits block are as follows:

 Plain text block of 64 bits is divided into two data blocks

each of 32-bits (xL and xR).

 Given key is expanded to generate 18 P-arrays each of

them produces key of 32-bits integers.

 Two-dimensional S-Box array of 32-bit integer of

dimension 4x256 is initialized for transformation function TF.

 For each round i (i goes from 1 to 16), xL is XORed

with Pi (i.e. xL = xL XOR Pi) to generate 32-bits (i.e. Pi’) that goes as input to function TF. The function TF performs S-box transformation on Pi’ and produces another 32-bits (i.e. Fi’) as output that is XORed with xR (i.e. xR = TF(xL) XOR xR).

 For the first 15 rounds, the Fi’ becomes xL and Pi’

becomes xR are for the next round.

 For the last 16th round 32 bits of P16’ are XORed with

P17 to generate xL and 32 bits of F16’ are XORed with P18 to generate xR (i.e. xL = P16’ XOR P17 and xR = F16’ XOR P18) and recombined to generate corresponding cipher text block of 64 bits.

(4)

International Journal of Emerging Technology and Advanced Engineering

[image:4.612.57.282.178.552.2]

672

Decryption process is exactly the reverse of encryption with cipher text as input and P1, P2, ..., P18 are used in the reverse order of encryption.

Figure 2: Blowfish Encryption Process

Figure 3: Transposition Function (TF) for each Round

IV. PROPOSED WORK

A survey is performed to find out effective algorithms having minimum complexity and wide acceptability in cloud security against the side channel attack for the multimedia contents. As side channel attacks are difficult to track, hence double level encryption and double level decryption can be an effective solution.

Though the ordinary cloud model perform single level of encryption and decryption, a hybrid algorithm is proposed here with the combination of two most secure symmetric algorithms those are AES and Blowfish to enhance the security of multimedia data in cloud environment while being stored to and retrieved from the cloud server.

For encrypting large amount of data symmetric

cryptography is more suitable than asymmetric

cryptography. Also multimedia data encryption can be effectively accomplished with the help of conventional symmetric key algorithms such as DES or AES by treating multimedia bit stream as a binary sequence. The U.S. government standards are using Data Encryption Standard (DES) since 1977 [14]. However, now quick and inexpensive cryptanalysis exist for this algorithm. So this cryptographic algorithm is not much secure. In 2000, to overcome the vulnerabilities of network security and to match the ever-increasing requirements for security, the Advanced Encryption Standard (AES) algorithm replaced the DES algorithm. The AES algorithm defined by the National Institute of Standards and Technology (NIST) of the United States has been widely accepted to replace DES as the better alternative for symmetric encryption algorithm [19]. But AES algorithm has the limitation of dealing with the text data input only as this algorithm is having vulnerabilities associated with any another type of input data and time constraints. So it is a challenging task to implement the AES algorithm for various types of input data such as images, audio, video file etc.

Blowfish is also a symmetric-key block cipher and included in a large number of cipher suites and encryption products, as Blowfish is fast and free alternative to various existing cryptography algorithms. Blowfish provides a good encryption rate in software and no effective cryptanalysis has been proved against it till now. The proposed work implements a 128-bit Advanced Encryption Standard (AES) along with Blowfish algorithm, which consists of both symmetric key encryption and decryption algorithms for various types of input such as image, audio and video files.

A) Implementation Setup:

(5)

International Journal of Emerging Technology and Advanced Engineering

[image:5.612.57.297.131.648.2]

673

Figure 4: Proposed Model

Figure 5: Hybrid Algorithm Description

B) Implementation Details:

The cloud is a client-server model and based on the architecture described in paper [24], the server side consists of database, agent module, security module and analysis module as shown in figure 4.

On the other end the client system consists of only security module and content player. Unlike the conventional cloud model, the proposed model applies double encryption and decryption inside the security module. The encryption-1 is provided with one of the fast and secure symmetric cipher Blowfish algorithm. After first level of encryption the file generated is named as CipherText-1 that goes as input for the second round of encryption. Second level of encryption is implemented with the help of highly secure symmetric cipher AES algorithm that generates the final cipher text file corresponding to the input media file to be stored over the cloud. Always randomly generated secret keys are applied for both algorithms. Same way while retrieving the media contents from the cloud, double decryption process is followed in reverse. The retrieved file is firstly decrypted with the help of AES decryption module that generates the file CipherText-1. This file is converted to corresponding media content by applying second level of decryption with Blowfish algorithm. The resolution and size of the resultant media file is same as the original one that was encrypted. The proposed model of media cloud is shown in figure 4 and the complete procedure of the hybrid algorithm with two levels of encryption/decryption phases are depicted in figure 5.

C) Implementation Analysis:

(6)

International Journal of Emerging Technology and Advanced Engineering

674

500 850 1080

30

4218.88

7290.88

0 1000 2000 3000 4000 5000 6000 7000 8000

Image Audio Video

Encryption

Time Taken in Milliseconds Size in KBs

[image:6.612.55.302.192.375.2]

The encryption time can also be reduced if the key processing time is considered separately than the encryption time as there is no need to recalculate P and S arrays again and again until key is changed.

[image:6.612.45.284.272.683.2]

Figure 6: Time taken to perform Encryption

TABLE 1

INPUT MEDIA DATA TYPE & SIZE

Figure 7: Time taken to perform Decryption

V. CONCLUSION

Future requirements of accessing all multimedia data will going to be totally based on cloud computing because of limited memory, limited processing power and battery constraints of mobile devices. Although cloud needs many practical issues to be solved before implementing it completely. Security and integrity of data are the major issues while storing private media data over the cloud. So a dual level hybrid encryption algorithm is implemented in the proposed work to provide security and integrity of the multimedia contents like image, video and audio in the cloud. The implemented scenario converts media files to corresponding cipher files for storage on the cloud server after performing two levels of encryption. So, instead of storing original files the cipher text files are stored over the cloud. This makes the media files more secure in the cloud and also provides protection against the side channel attacks as these files are not stored in the readable formats over the cloud.

REFERENCES

[1] R. Buyya, C. S. Yeo, and S. Venugopal, ―Market-oriented cloud computing: Vision, hype, and reality for delivering it services as computing utilities,‖ in Proc.10th IEEE, Int. Conf. High Performance Computing and Communications, pp. 5-13, 2008 [2] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph et al. ―Above the

clouds: A Berkeley view of cloud computing‖, EECS Dept., Univ. California, Berkeley, No. UCB/EECS-2009-28, 10 Feb, 2009 [3] T Nagajyothi, Syed Abdul Moeed, ―An Automated Resource

Allocation for QoS Provision in a Cloud-Based Multimedia Storage System‖, International Journal of Research (IJR), Vol. 2, Issue 08, pp. 69-74, August 2015

[4] Shilpi Harnal, Dr. R.K Chauhan, ―Issues & Perspectives with Multimedia Cloud Computing‖, International Journal of Advanced Research in Computer Science and Software Engineering (IJARCSSE), Vol. 6, Issue 11, pp. 174-180, Nov. 2016

[5] Wenwu Zhu, Chong Luo, Jianfeng Wang, and Shipeng Li, ―Multimedia cloud computing‖, IEEE SIGNAL PROCESSING MAGAZINE, Vol. 28 , Issue. 3, pp. 59-69, May 2011

[6] ABI Research, Mobile cloud computing [Online]. Available:

http://www.abiresearch.com/research/1003385-Mobile+Cloud+Computing, July, 2009

[7] Q. Zhang, Z. Ji, W. Zhu, and Y.-Q. Zhang, ―Power-minimized bit allocation for video communication over wireless channels,‖ IEEE Trans. Circuits Syst. Video Technol., Vol. 12, No. 6, pp. 398–410, June 2002

[8] K. Kilkki, ―Quality of experience in communications ecosystem,‖ J. Universal Computer Sci., Vol. 14, No. 5, pp. 615–624, 2008 [9] Chun-Ting Huang, Zhongyuan Qin, C.-C. Jay Kuo, ―Multimedia

Storage Security in Cloud Computing: An Overview‖, Multimedia Signal Processing (MMSP), IEEE 13th International Workshop on, pp. 1 - 6, 17-19 Oct. 2011

[10] P.Bindhu Shamily, S.Durga, ―A Review on Multimedia Cloud Computing, its Advantages and Challenges‖, Vol. 1, Issue 10, pp. 130-133, December 2012

File Type Time Taken in

Milliseconds Size in KBs

Image 35 30

Audio 375 4218.88

(7)

International Journal of Emerging Technology and Advanced Engineering

675

[11] Shilpi Harnal, Dr. R.K Chauhan, ―Multimedia Support from Cloud

Computing: A Review‖, International Conference on Microcom-2016, IEEE, 23-25 Jan, 2016

[12] W. Stallings, Cryptography and network security: principles and practice: Prentice Hall, 2010.

[13] Vinayak Bajirao Patil et. al. ―Implementation of AES algorithm on ARM processor for wireless network‖, International Journal of Advanced Research in Computer and Communication Engineering ,Vol. 2, Issue 8, August 2013, pp.3204-3209

[14] Shraddha More & Rajesh Bansode, ―Implementation of AES with Time Complexity Measurement for Various Input‖, Global Journal of Computer Science and Technology: E Network, Web & Security, Publisher: Global Journals Inc. (USA), Vol. 15, Issue 4, Version 1.0, 2015, ISSN: 0975-4172

[15] Edney, ―Real 802.11 Security: Wi-Fi Protected Access and 802.11i‖, Addison Wesley, 2003

[16] Hardjono, ―Security In Wireless LANS And MANS‖, Artech House Publishers, 2005

[17] Abdel-Karim Al Tamimi, Yarmouk University ―Performance Analysis of Data Encryption Algorithms‖,

http://www.cse.wustl.edu/~jain/cse567-06/ftp/encryption_perf/index.html

[18] Xinmiao Zhang and Keshab K. Parhi, ―Implementation approaches for the advanced encryption standard algorithm,‖ in IEEE Transactions, 2002

[19] Chih-Pin Su, Tsung-Fu Lin, Chih-Tsun Huang, and Cheng-Wen Wu,―A high throughput low cost AES processor,‖ in IEEE Communications Magazine, 2003

[20] Vinayak Bajirao Patil, Prof. Dr. Uttam. L.Bombale, Pallavi Hemant Dixit, ―Implementation of AES algorithm on ARM processor for wireless network‖, in International Journal of Advanced Research in Computer and Communication Engineering, Vol. 2, Issue 8, August 2013,pp.3204-3209

[21] BRUCE SCHNEIER, "Applied Cryptography‖, John Wiley & Sons, Inc 1996

[22] Aamer Nadeem et al, ―A Performance Comparison of Data Encryption Algorithms‖, IEEE 2005

[23]

http://www.embedded.com/design/configurable-systems/4024599/Encrypting-data-with-the-Blowfish-algorithm [24] Md. Habibur Rahman et al., ―Multimedia Content Security with