enhancing cloud security through efficient fragment based … · as cryptographic techniques take a...
TRANSCRIPT
1
ENHANCING CLOUD SECURITY THROUGH EFFICIENT
FRAGMENT BASED ENCRYPTION
1S.K.B.Sangeetha,
2V.Vanithadevi,
3S.K.B.Rathika
1,2,3Assistant Professor,
Department of Computer Science and Engineering,
1Rajalakshmi Engineering College, Chennai.
2,3Sasurie Academy of Engineering, Coimbatore.
ABSTRACT
As cloud computing has become a popular solution in industries to resolve storage and computing
problems, though it has its own flaw called security. Security issues of cloud computing are being
addressed by many researchers with aid of cryptography. But the entire document is encrypted using
the same key/method. This leads to high probability of data/information leakage when intruders apply
their own ideas. This article has undergone a study on existing encryption methods and proposes an
efficient fragments encryption of document and algorithm to generate different variable length keys
based on degree of confidentiality for each fragment encryption. Moreover an experimental analysis
on performance of the proposed algorithm has been carried out and compared with existing. This
experimental result reveals that the proposed algorithm is optimal in case of medium length
documents and low degree of confidentiality.
Keywords: Fragmentation, Degree of confidentiality, Cloud security, Encryption
1.INTRODUCTION
Rapid growth of telecommunication and advanced computing techniques usher the industries
in a high level of automation. As cloud computing has evolved to a matured state, each enterprise
relies on it, to promote its business economically. While cloud facilitates data sharing between users
and synchronization of multiple devices, it is widely used to store and automatically back up arbitrary
data, but there are some unsettled security issues which need to be eliminated to encourage enterprises
to fully utilize the cloud storage. Moreover losing or exposing valuable data will have huge bad
impact on the service providers. Users are anxious of uploading private and confidential files to the
online backup due to concerns that the service provider might use them inappropriately. Adding to
that, there are concerns about their data being hacked and compromised due to the spread of cloud
storage.
International Journal of Pure and Applied MathematicsVolume 118 No. 18 2018, 2425-2436ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version)url: http://www.ijpam.euSpecial Issue ijpam.eu
2425
2
As cryptographic techniques take a wide role in securing cloud data, most of the existing
techniques consider only the symmetric or asymmetric cryptography where few exist with hybrid.
While most of the algorithm use fixed size key for encryption/decryption few concentrated on
variable length keys. When the factors like efficiency of encryption algorithm in terms of time
complexity, tolerance of encryption method against malicious attacks were considered, some
important parameters were not addressed like location of entire document, degree of confidentiality of
a document and size of document. Processing overhead increases when treating all levels of
confidential data in the same way. Probability of data protection decreases when entire document is
stored in one place and same encryption method/ key used for encryption.
Motivated by the above facts, this paper focuses on two important aspects : security and
storage. Security and encryption are interdependent and enhanced security requires an efficient
storage technique. As fragmentation takes a main role in efficient storage, retrieval cost and storage
capacity decides the type of fragmentation. Fragmentation is a technique where a document is
partitioned into several fixed size / uniform size blocks generally called as partitions where
confidentiality level of documents was not considered.
Instead of storing the entire enterprise document/ software in one server, it can be spread over
multiple cloud servers. As there are several document partition techniques available, all those adopts
fixed size block splitting [1,2]. Encrypting the whole document using the same encryption key may
lead to information leakage when intruder tries to hack[3,4]. Confidentiality of data is being very
important factor in cloud environment, an efficient framework is proposed which provides data
security and integrity. Fragmentation is used to split files into various blocks, encryption/decryption is
used to provide security, key generation is based on the block information and the finally encrypted
data is stored in the cloud.
2.RELATED WORK
Many cryptography algorithms have been proposed but a lot of them are not completely
suitable for providing security. Arora et al.[5] analyzed the performance of different security
algorithms on a cloud network. The metrics taken into consideration for performance analysis are
processing speed, throughput, power consumption and data types used.RSA (asymmetric encryption
algorithm), MD5 (hashing algorithm) and AES (symmetric encryption algorithm) were compared on
different input sizes in the analysis. Ebru et al.[6] proposed a secured user authentication called
Modified AES (MAES) algorithm with hybrid of AES and Blowfish using access control mechanisms
for encryption/decryption which has potential impact on authentication and also on files over the
cloud. Abha Sachdev et al. [7] also claim that AES performs well in terms of packet size, time and
security by comparing AES, DES and Triple DES for different microcontrollers. He added that AES
International Journal of Pure and Applied Mathematics Special Issue
2426
3
has a computer cost of the same order as required for Triple DES. Loaj Tawalbeh et al.[8]
concentrated on issues like hacking threats and infeasibility of encrypting all data without considering
confidentiality degree. Data are encrypted based on the degree of confidentiality instead of encrypting
the entire data file with same costly encryption algorithm.
Swapnali More et al.[9]proposed a secure and efficient privacy preserving public auditing
scheme by considering privacy, auditing and confidentiality. The data is split into parts and then
stored in the encrypted format in the cloud storage, thus maintaining the confidentiality of data.
Guillou et al. [10] also used MAES that leverages of-the-shelf cryptographic schemes including
Attribute Based Encryption (ABE) and the hybrid of AES and Blowfish for encryption that performs
cryptographic key operations which provide security protection for basic file upload and download
operations. Asmaa et al.[11] have proposed a new method for secure data. A class combination
obfuscation, which can join several java class into one class, where resultant file content is not
changed, but efficient programmer can reverse the code easily using splitting /un-join the classes.
Ashish Anand[12] outlined that the code obfuscation is a set of program transformations that makes
program code and program execution difficult to analyze. Code obfuscation itself does not protect
code from code lifting/software piracy, but hides the preceding analysis phase.
Shah pratik [13]mentioned that obfuscation is appropriate to Java due to its architecture that
uses byte code to run on a machine that installed with JVM. Sridhar et al.[14]focuses on encryption
and decryption of multimedia data (Text, Images, Videos and Audio etc.) using a hybrid model based
on the symmetric encryption technique (AES) and asymmetrictechnique (ECC). Manish et
al.[15]proposed a framework which focuses on storing data on the cloud in the encrypted format using
fully homomorphic encryption. Nishtha et. al[16] proposed an improved AES algorithm by
introducing a key size of 192 bit with 12 rounds of iterations as compared to the basic AES model
which has only 128 bit key and 10 rounds of iterations. Rawya et.al[17]introduced a two-phase hybrid
cryptography algorithm for wireless sensor networks by combining AES and ECC which performs
better in terms of computation time. Valentina Ciriani et. al[18]proposed an approach that couples
encryption together with data fragmentation based on privacy requirements. Sathyamoorty et.al [19]
proposed a method for identity anonymization for data security in cloud using GDS (Group Digital
Signature). A new technique Elliptic Curve Cryptography (ECC) has been proposed by Laiphrakpam
Dolendro Singh et.al [20] where the affine points in the elliptic curve have been removed and the
corresponding ASCII values of the plain text are paired up.
Sourabh Chandra et.al [21] proposed a content-based algorithm, which follows the symmetric
key cryptography method where a binary addition operation is implemented with a circular bit
shifting operation and folding method. Benni Purnama et.al[22]modifies the Caesar cipher method
that produces cipher text that can be read. With the cipher text that can be read, then cryptanalysis not
suspicious of the cipher text. Caesar cipher modification is done by replacing the alphabet into two
International Journal of Pure and Applied Mathematics Special Issue
2427
4
parts, the vocals were replaced with the alphabet vocal too, and the consonant alphabet was replaced
with a consonantal alphabet. Some modifications were proposed by Salim et.al[23] in order to
enhance the performance of AES algorithm in terms of time ciphering and pattern appearance. First
modification is decreasing the number of rounds to one while the second modification is replacing the
S-box with new S-box to decrease the hardware requirements. Das et.al[24]compared the two S-boxes
and analyzed the results. S-box (substitution-box) is a basic component of symmetric key algorithms
which performs substitution. In block ciphers, they are typically used to obscure the relationship
between the key and the cipher text. Most of the AES S-Boxes generated, are found to stand in the
better merit list comparing to the standard S-Box.
3.PROPOSED WORK
This paper, targets to handle issues that the user encounters when using cloud computing
services. The first one is about hacking threat on the cloud whereas other one is the infeasibility of
encrypting entire data without considering its confidentiality degree. Therefore, we propose a
framework that allows the users to encrypt own data using a key at the client side. In addition we
encrypt data based on the degree of confidentiality. The Architecture of the proposed framework
shown in Fig 1 has a special module to select the appropriate encryption algorithm.
Fig 1: Architecture of Proposed Work
Block splitter
On client side, before uploading the document, it is partitioned into a certain number of
blocks with variable length size before encrypting the data.
Algorithm Selector
International Journal of Pure and Applied Mathematics Special Issue
2428
5
Based on the degree of confidentiality,encryption algorithm is selected automatically to
encrypt the data using the key generated with predefined format.
Key generator
Key with desired format is generated with varied size symmetric key is used to encrypt and
decrypt the data based on the level of security.
3.1 Fragmenting the file
It is very time consuming to provide encryption to whole block of data rather than providing
security only to the confidential one. Therefore proposed framework is based on the data to be
classified automatically based on its confidentiality. The files are fragmented with variable size blocks
before encryption. Figure 2 depicts the time taken to fragment the blocks.
Fig 2: Time taken to fragment the blocks
For fragmenting the data, pseudo random generator is used to split files into blocks based on
its confidentiality using hashing by analyzing the data in the file. For splitting the file, algorithm is
described below.
3.1.1. PSEUDOCODE FOR VARIABLE BLOCK SIZE SPLITTING
Input: Files with certain Length
Initialize the segments (degree, file_number)
Split the segments (split number, degree)
IF (degree is low)
CONSTRUCT (file with low secrecy)
Else if
International Journal of Pure and Applied Mathematics Special Issue
2429
6
Split = secrecy (file block, degree)
Else
Assign degree = high
FUNCTION Secrecy (file block, position)
{begin
Pseudo (split_file, degree)
File is splitted for encryption
End}
3.2 Key Generation
Before encryption the key should be generated to secure the data in the file. For key
generation the key format should be in the desired format eg: A1FNAMEb21mb where A1 is
algorithm1, FNAME is file name, b2 is block 2 in the file named FNAME and 1mb is file size. Using
this key format intruder cannot reveal the logic behind the key and using this key desired file is
encrypted. Before uploading this encrypted file in the cloud splitted files which are all same are
attached with a common tag. During decryption these common tagged files are downloaded from the
cloud at the client side. After downloading they are decrypted using the same key and combines the
multiple files into one file and made available to the user.
3.3 Encryption/Decryption based on confidentiality degree
The main aim of this framework is to upload their text documents, images and java class files
by the users to provide security. For eg: If the user uploads a file whether it is a text or image or class
file it should be splitted into multiple files with variable length or size it should not be splitted into
equal size. The splitting of these files should be based on confidentiality degree (i.e) while splitting
the files, with highly confidential data should be provided with high level of encryption algorithm
using AES and other files are encrypted with basic level of encryption algorithm like DES
automatically. Before encryption the key should be generated to secure the data in the file.
3.4 Uploading the data in cloud
Finally, after encryption data is uploaded in the cloud. If we have a large number of files to
upload you can use the gsutil -m option, to perform a parallel (multi-threaded/multi-processing) copy.
To recursively copy subdirectories, use the -R flag of the cp command. For example, to copy files
including subdirectories from a local directory named top-level-dir to a bucket, we can use:
gsutil -m cp -R top-level-dir gs://example-bucket
We can use wildcards to match a specific set of names for an operation. For example, to copy
only files that start with image:
gsutil -m cp -R top-level-dir/subdir/image* gs://example-bucket
we can remove files using the same wildcard:
International Journal of Pure and Applied Mathematics Special Issue
2430
7
gsutil -m rm gs://example-bucket/top-level-dir/subdir/image*
4.RESULTS AND DISCUSSION
To give more prospective about the performance of the compared algorithms, this section
discusses the results obtained from the encryption algorithm used in our proposed model. The below
Table 1 contains the speed benchmarks for some of the most commonly used cryptographic
algorithms. These results are good to have an indication about the presented comparison results. It is
shown that TDES and AES have the best performance when compared to RC5. And both of them are
known to have better encryption (i.e. stronger against data attacks) than RC5.
Table 1 Comparison results using encryption time
Input size in (Kbytes) AES TDES RC5
49 63 53 35
59 58 51 28
100 60 57 58
247 76 77 66
321 149 87 100
694 142 147 87
899 171 171 150
963 164 177 116
5345 655 835 684
7310 882 1101 745
Average Time 242 275.8 210
Throughput(Mb/sec) 6.452 5.665 7.43
International Journal of Pure and Applied Mathematics Special Issue
2431
8
Fig 3: Throughput of encryption algorithm
The figure 3 & 4 depicts the evaluated performance of the suggested system; a performance
test was conducted for a method with an TDES, AES and RC5 encryption algorithm, which has been
applied in the existing systems. The comparison was performed on the following algorithms: DES,
Triple DES (3DES), RC2 and AES (Rijndael). The results shows that TDES outperformed other
algorithms in both the number of requests processes per second in different user loads, and in the
response time in different user-load situations. The limitation of the new improver algorithm is
Memory used in new method is higher than the old method. This is because of the algorithms which
we have used is providing a very high security. So from these results we can conclude that we have
reduced the time complexity and enhanced the security level for the Data Transmission.
Fig 4:Throughput of decryption algorithm
6.665
7.013
7.93
6.
6.5
7.
7.5
8.
8.5
TDES AES RC5
Throughput of Encryption Algorithms
Throughput
6.665
7.013
7.93
6.
6.5
7.
7.5
8.
8.5
TDES AES RC5
Throughput of Decryption Algorithms
Throughput
International Journal of Pure and Applied Mathematics Special Issue
2432
9
The below figure 5 shows that 3DES and AES support other settings, but these settings
represent the maximum security settings they can offer. Longer key lengths mean more effort must be
put forward to break the security. Since it uses different encryption modes and key size, the load data
are divided into the data blocks and they are created using the Random Number Generator class
available in System.Security.Cryptography.
Fig 5:Comparison using key size and encryption mode
Due to the automatic classification of encryption algorithm it reduces the time to encrypt
the whole data whereas pre-defined format of a key with desired format will make the work difficult
for an intruder to hack the key. This framework will enhance the efficiency of security level of data.
Finally using the common tag identifiers will reduce the difficulty while decrypting the data.
Fig 6:Comparison between fragmentation of variable size and fixed size blocks
In the above figure 6 comparison between fragmentation of variable and fixed size blocks
have been illustrated for varying file size with their execution time. In case of file space, variable size
blocks are used nowadays and then it reduces the encryption time. Fixed size blocks leads to the
wastage of memory and takes long time to process the data. To overcome the wastage of memory and
reduces its encryption time variable size blocks have been used in this proposed approach.
CONCLUSION
Providing security of its data that is stored into the cloud is the major problem. Security of
cloud is dependent on trusted computing and cryptography. The proposed method has given a new
64
1
International Journal of Pure and Applied Mathematics Special Issue
2433
10
idea of fragmentation before encryption in order to enhance better security in the enterprise data.
Automatic selection of encryption algorithm and random generation of key provides additional
security, which helps to safeguard the information from intruders. Due to interface implemented
between cloud and the application it can be deployed and easily accessed from any remote server all
over the world. Experimental results have shown an improved performance for varying file size with
different encryption algorithms.As a future work, the application focus on to secure image files with
additional features like automatic encryption of pixels with sensitive information and deploying the
application in the cloud server at run time to access it from any parts of the world.
REFERENCES
[1] Behrouz A Forouzan, “Data Communications and Networking”, McGraw-Hill, 4th Edition.
[2] William Stallings, “Cryptography and Network Security: Principles and Practice”, Pearson
Education/Prentice Hall, 5th Edition.
[3] Omer K. Jasim, Safia Abbas, El-Sayed M. orbaty, Abdel-Badeeh M. Salem, “Evolution of an Emerging Symmetric Quantum Cryptographic Algorithms”.
[4]Kashish Goyal, Supriya Kinger, “Hybrid Approach Using Encryption Algorithms For Data
Storage”, International Journal of Scientific & Engineering Research, Volume 4, Issue 7,2013.
[5]Priyanka Arora, Arun Singh and Himanshu Tiyagi,"Evaluation and Comparison of Security Issues on Cloud Computing Environment", World of Computer Science and Information Technology
Journal (WCSIT), Vol. 2, No. 5, pp. 179-183, 2012.
[6] Ebru Celikel Cankaya and Than Kywe, “Private Cloud Data Security: Secured User
Authentication by using Hybrid Algorithms”, The International Conference on Soft Computing and Software Engineering, Vol.4, Issue.4, pp.118-124, 2015.
[7] Abha Sachdev and Mohit Bhansali, “Enhancing Cloud Computing Security using AES“,
International Journal of Computer Applications (0975 –8887), Vol.67, pp.9-12,2014.
[8] Lo’ai Tawalbeh, Nour S. Darwazeh, Raad S. Al-Qassas and Fahd AlDosari, “A Secure Cloud
Computing Model based on Data Classification”, First International Workshop on Mobile Cloud Computing Systems, Management, and Security (MCSMS-2015), Vol 2(52), pp. 1153 –1158, 2015.
[9] Swapnali More, Sangita Chaudhari, “Third Party Public Auditing Scheme For Cloud Storage”,
International Symposium on Big Data and Cloud Computing, Vol.2, Issue.3, pp.118-124, 2016.
[10] L. C. Guillou and J.-J.Quisquater, “A Practical Zero-Knowledge Protocol fitted to security microprocessor minimizing both transmission and memory”, Computer Science on …...Advances .in
cryptology, Vol.8, Issue.3, pp.123-128, Springer-Verlag New York, Inc, 2014.
[11]Asmaa M. Alhakimy and Abu Bakar Md. Sultan, ”Hybrid Algorithm to Protect Java’s Code from
Reverse Engineering ”, The International Conference on Mobile Computing, Vol. 3, Issue.8, pp.1-5, 2013.
[12]Ashish Anand, “Securing Android Code using White box Cryptography and Obfuscation
technique”, International journal of computer science and mobile computing, Vol.4, Issue.4, pp.347-
352, 2015.
[13] Shah Pratik,”Architecture Of Class Loader System In Java Bytecode Obfuscation”,International Workshop on Mobile Cloud Computing Systems, Vol.4, Issue.4, pp. 119-123, 2016.
[14]Sridhar C. Iyera, R.R. Sedamkar, Shiwani Gupta, ”A Novel Idea On Multimedia Encryption
Using Hybrid Crypto Approach ”, International Conference on Environmental …….Science and
Information Application Technology, Vol. 9, Isuue.6, pp.72-77, 2015.
[15] Manish M Potey, C A Dhote, Deepak H Sharma, ”Homomorphic Encryption For Security of
Cloud Data ”, Indian Journal of Fundamental and Applied Life Sciences, Vol.1, Issue.4, pp.68-72,
2015.
International Journal of Pure and Applied Mathematics Special Issue
2434
11
[16] Nishtha Mathur and Rajesh Bansode, ”AES Based Text Encryption Using 12 Rounds with
Dynamic Key Selection”, The International Conference on Communication, Computing and Virtualization, Vol. 10, Issue.79, pp.1036-1045, 2015.
[17] Rawya Rizk and Yasmin Alkady, ”Two-phase hybrid cryptography algorithm”, Journal of
Electrical Systems and Information Technology , Vol. 2, Issue.25,pp.296-313,2015.
[18]Valentina Ciriani, Sabrina De Capitani Di Vimercati and Sara Foresti, “Combining Fragmentation
and Encryption to Protect Privacy in Data Storage”, ACM Transactions on Information and System Security (TISSEC), Volume 13, Issue 3,pp.1-30,2013.
[19] K.Govind and Dr.E.Sathiyamoorthy, “Identity Anonymization and Secure Data Storage using
Group Signature”, The International Conference on Communication,Computing and Virtualization,
Vol. 10,Issue.9,pp.495-499,2013.
[20] Laiphrakpam Dolendro Singh and Khumanthem Manglem Singh, “Implementation of Text
Encryption using Elliptic Curve Cryptography”, Eleventh International Multi-Conference on
Information Processing, Vol. 3, Issue.54, pp.73-82, 2015.
[21] Sourabh Chandra, Bidisha Mandal, Sk. safikul Alam and Siddhartha Bhattacharyya, “Content based double encryption algorithm using symmetric key cryptography”, International Conference on
Recent Trends in Computing, Vol. 3, Issue.57, pp.1228-1234,2015.
[22]Benni Purnama and Hetty Rohayani.AH,“A New Modified Caesar Cipher Cryptography Method
With Legible Ciphertext From A Message To Be Encrypted”, International Conference on Computer Science and Computational Intelligence, Vol. 3, Issue.59, pp.195-204, 2015.
[23]Salim M.Wadia and Nasharuddin Zainala, “Rapid Encryption Method Based on AES Algorithm
for Grey Scale HD Image Encryption”, International Conference on Electrical Engineering and
Informatics”, Vol.3, Issue.11, pp.51-56, 2015.
[24]S. Das, J.K.M.S. Uz Zaman and R. Ghosh, “Generation of AES S-Boxes with various modulus and additive constant polynomials and testing their randomization”, International Conference on
Computational Intelligence, Vol.1, Issue.10, pp.957-962, 2013.
International Journal of Pure and Applied Mathematics Special Issue
2435
2436