enhancing cloud security through efficient fragment based … · as cryptographic techniques take a...

1

ENHANCING CLOUD SECURITY THROUGH EFFICIENT

FRAGMENT BASED ENCRYPTION

1S.K.B.Sangeetha,

2V.Vanithadevi,

3S.K.B.Rathika

1,2,3Assistant Professor,

Department of Computer Science and Engineering,

1Rajalakshmi Engineering College, Chennai.

2,3Sasurie Academy of Engineering, Coimbatore.

ABSTRACT

As cloud computing has become a popular solution in industries to resolve storage and computing

problems, though it has its own flaw called security. Security issues of cloud computing are being

addressed by many researchers with aid of cryptography. But the entire document is encrypted using

the same key/method. This leads to high probability of data/information leakage when intruders apply

their own ideas. This article has undergone a study on existing encryption methods and proposes an

efficient fragments encryption of document and algorithm to generate different variable length keys

based on degree of confidentiality for each fragment encryption. Moreover an experimental analysis

on performance of the proposed algorithm has been carried out and compared with existing. This

experimental result reveals that the proposed algorithm is optimal in case of medium length

documents and low degree of confidentiality.

Keywords: Fragmentation, Degree of confidentiality, Cloud security, Encryption

1.INTRODUCTION

Rapid growth of telecommunication and advanced computing techniques usher the industries

in a high level of automation. As cloud computing has evolved to a matured state, each enterprise

relies on it, to promote its business economically. While cloud facilitates data sharing between users

and synchronization of multiple devices, it is widely used to store and automatically back up arbitrary

data, but there are some unsettled security issues which need to be eliminated to encourage enterprises

to fully utilize the cloud storage. Moreover losing or exposing valuable data will have huge bad

impact on the service providers. Users are anxious of uploading private and confidential files to the

online backup due to concerns that the service provider might use them inappropriately. Adding to

that, there are concerns about their data being hacked and compromised due to the spread of cloud

storage.

International Journal of Pure and Applied MathematicsVolume 118 No. 18 2018, 2425-2436ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version)url: http://www.ijpam.euSpecial Issue ijpam.eu

2425

2

As cryptographic techniques take a wide role in securing cloud data, most of the existing

techniques consider only the symmetric or asymmetric cryptography where few exist with hybrid.

While most of the algorithm use fixed size key for encryption/decryption few concentrated on

variable length keys. When the factors like efficiency of encryption algorithm in terms of time

complexity, tolerance of encryption method against malicious attacks were considered, some

important parameters were not addressed like location of entire document, degree of confidentiality of

a document and size of document. Processing overhead increases when treating all levels of

confidential data in the same way. Probability of data protection decreases when entire document is

stored in one place and same encryption method/ key used for encryption.

Motivated by the above facts, this paper focuses on two important aspects : security and

storage. Security and encryption are interdependent and enhanced security requires an efficient

storage technique. As fragmentation takes a main role in efficient storage, retrieval cost and storage

capacity decides the type of fragmentation. Fragmentation is a technique where a document is

partitioned into several fixed size / uniform size blocks generally called as partitions where

confidentiality level of documents was not considered.

Instead of storing the entire enterprise document/ software in one server, it can be spread over

multiple cloud servers. As there are several document partition techniques available, all those adopts

fixed size block splitting [1,2]. Encrypting the whole document using the same encryption key may

lead to information leakage when intruder tries to hack[3,4]. Confidentiality of data is being very

important factor in cloud environment, an efficient framework is proposed which provides data

security and integrity. Fragmentation is used to split files into various blocks, encryption/decryption is

used to provide security, key generation is based on the block information and the finally encrypted

data is stored in the cloud.

2.RELATED WORK

Many cryptography algorithms have been proposed but a lot of them are not completely

suitable for providing security. Arora et al.[5] analyzed the performance of different security

algorithms on a cloud network. The metrics taken into consideration for performance analysis are

processing speed, throughput, power consumption and data types used.RSA (asymmetric encryption

algorithm), MD5 (hashing algorithm) and AES (symmetric encryption algorithm) were compared on

different input sizes in the analysis. Ebru et al.[6] proposed a secured user authentication called

Modified AES (MAES) algorithm with hybrid of AES and Blowfish using access control mechanisms

for encryption/decryption which has potential impact on authentication and also on files over the

cloud. Abha Sachdev et al. [7] also claim that AES performs well in terms of packet size, time and

security by comparing AES, DES and Triple DES for different microcontrollers. He added that AES

International Journal of Pure and Applied Mathematics Special Issue

2426

3

has a computer cost of the same order as required for Triple DES. Loaj Tawalbeh et al.[8]

concentrated on issues like hacking threats and infeasibility of encrypting all data without considering

confidentiality degree. Data are encrypted based on the degree of confidentiality instead of encrypting

the entire data file with same costly encryption algorithm.

Swapnali More et al.[9]proposed a secure and efficient privacy preserving public auditing

scheme by considering privacy, auditing and confidentiality. The data is split into parts and then

stored in the encrypted format in the cloud storage, thus maintaining the confidentiality of data.

Guillou et al. [10] also used MAES that leverages of-the-shelf cryptographic schemes including

Attribute Based Encryption (ABE) and the hybrid of AES and Blowfish for encryption that performs

cryptographic key operations which provide security protection for basic file upload and download

operations. Asmaa et al.[11] have proposed a new method for secure data. A class combination

obfuscation, which can join several java class into one class, where resultant file content is not

changed, but efficient programmer can reverse the code easily using splitting /un-join the classes.

Ashish Anand[12] outlined that the code obfuscation is a set of program transformations that makes

program code and program execution difficult to analyze. Code obfuscation itself does not protect

code from code lifting/software piracy, but hides the preceding analysis phase.

Shah pratik [13]mentioned that obfuscation is appropriate to Java due to its architecture that

uses byte code to run on a machine that installed with JVM. Sridhar et al.[14]focuses on encryption

and decryption of multimedia data (Text, Images, Videos and Audio etc.) using a hybrid model based

on the symmetric encryption technique (AES) and asymmetrictechnique (ECC). Manish et

al.[15]proposed a framework which focuses on storing data on the cloud in the encrypted format using

fully homomorphic encryption. Nishtha et. al[16] proposed an improved AES algorithm by

introducing a key size of 192 bit with 12 rounds of iterations as compared to the basic AES model

which has only 128 bit key and 10 rounds of iterations. Rawya et.al[17]introduced a two-phase hybrid

cryptography algorithm for wireless sensor networks by combining AES and ECC which performs

better in terms of computation time. Valentina Ciriani et. al[18]proposed an approach that couples

encryption together with data fragmentation based on privacy requirements. Sathyamoorty et.al [19]

proposed a method for identity anonymization for data security in cloud using GDS (Group Digital

Signature). A new technique Elliptic Curve Cryptography (ECC) has been proposed by Laiphrakpam

Dolendro Singh et.al [20] where the affine points in the elliptic curve have been removed and the

corresponding ASCII values of the plain text are paired up.

Sourabh Chandra et.al [21] proposed a content-based algorithm, which follows the symmetric

key cryptography method where a binary addition operation is implemented with a circular bit

shifting operation and folding method. Benni Purnama et.al[22]modifies the Caesar cipher method

that produces cipher text that can be read. With the cipher text that can be read, then cryptanalysis not

suspicious of the cipher text. Caesar cipher modification is done by replacing the alphabet into two


2427

4

parts, the vocals were replaced with the alphabet vocal too, and the consonant alphabet was replaced

with a consonantal alphabet. Some modifications were proposed by Salim et.al[23] in order to

enhance the performance of AES algorithm in terms of time ciphering and pattern appearance. First

modification is decreasing the number of rounds to one while the second modification is replacing the

S-box with new S-box to decrease the hardware requirements. Das et.al[24]compared the two S-boxes

and analyzed the results. S-box (substitution-box) is a basic component of symmetric key algorithms

which performs substitution. In block ciphers, they are typically used to obscure the relationship

between the key and the cipher text. Most of the AES S-Boxes generated, are found to stand in the

better merit list comparing to the standard S-Box.

3.PROPOSED WORK

This paper, targets to handle issues that the user encounters when using cloud computing

services. The first one is about hacking threat on the cloud whereas other one is the infeasibility of

encrypting entire data without considering its confidentiality degree. Therefore, we propose a

framework that allows the users to encrypt own data using a key at the client side. In addition we

encrypt data based on the degree of confidentiality. The Architecture of the proposed framework

shown in Fig 1 has a special module to select the appropriate encryption algorithm.

Fig 1: Architecture of Proposed Work

Block splitter

On client side, before uploading the document, it is partitioned into a certain number of

blocks with variable length size before encrypting the data.

Algorithm Selector


2428

5

Based on the degree of confidentiality,encryption algorithm is selected automatically to

encrypt the data using the key generated with predefined format.

Key generator

Key with desired format is generated with varied size symmetric key is used to encrypt and

decrypt the data based on the level of security.

3.1 Fragmenting the file

It is very time consuming to provide encryption to whole block of data rather than providing

security only to the confidential one. Therefore proposed framework is based on the data to be

classified automatically based on its confidentiality. The files are fragmented with variable size blocks

before encryption. Figure 2 depicts the time taken to fragment the blocks.

Fig 2: Time taken to fragment the blocks

For fragmenting the data, pseudo random generator is used to split files into blocks based on

its confidentiality using hashing by analyzing the data in the file. For splitting the file, algorithm is

described below.

3.1.1. PSEUDOCODE FOR VARIABLE BLOCK SIZE SPLITTING

Input: Files with certain Length

Initialize the segments (degree, file_number)

Split the segments (split number, degree)

IF (degree is low)

CONSTRUCT (file with low secrecy)

Else if


2429

6

Split = secrecy (file block, degree)

Else

Assign degree = high

FUNCTION Secrecy (file block, position)

{begin

Pseudo (split_file, degree)

File is splitted for encryption

End}

3.2 Key Generation

Before encryption the key should be generated to secure the data in the file. For key

generation the key format should be in the desired format eg: A1FNAMEb21mb where A1 is

algorithm1, FNAME is file name, b2 is block 2 in the file named FNAME and 1mb is file size. Using

this key format intruder cannot reveal the logic behind the key and using this key desired file is

encrypted. Before uploading this encrypted file in the cloud splitted files which are all same are

attached with a common tag. During decryption these common tagged files are downloaded from the

cloud at the client side. After downloading they are decrypted using the same key and combines the

multiple files into one file and made available to the user.

3.3 Encryption/Decryption based on confidentiality degree

The main aim of this framework is to upload their text documents, images and java class files

by the users to provide security. For eg: If the user uploads a file whether it is a text or image or class

file it should be splitted into multiple files with variable length or size it should not be splitted into

equal size. The splitting of these files should be based on confidentiality degree (i.e) while splitting

the files, with highly confidential data should be provided with high level of encryption algorithm

using AES and other files are encrypted with basic level of encryption algorithm like DES

automatically. Before encryption the key should be generated to secure the data in the file.

3.4 Uploading the data in cloud

Finally, after encryption data is uploaded in the cloud. If we have a large number of files to

upload you can use the gsutil -m option, to perform a parallel (multi-threaded/multi-processing) copy.

To recursively copy subdirectories, use the -R flag of the cp command. For example, to copy files

including subdirectories from a local directory named top-level-dir to a bucket, we can use:

gsutil -m cp -R top-level-dir gs://example-bucket

We can use wildcards to match a specific set of names for an operation. For example, to copy

only files that start with image:

gsutil -m cp -R top-level-dir/subdir/image* gs://example-bucket

we can remove files using the same wildcard:


2430

7

gsutil -m rm gs://example-bucket/top-level-dir/subdir/image*

4.RESULTS AND DISCUSSION

To give more prospective about the performance of the compared algorithms, this section

discusses the results obtained from the encryption algorithm used in our proposed model. The below

Table 1 contains the speed benchmarks for some of the most commonly used cryptographic

algorithms. These results are good to have an indication about the presented comparison results. It is

shown that TDES and AES have the best performance when compared to RC5. And both of them are

known to have better encryption (i.e. stronger against data attacks) than RC5.

Table 1 Comparison results using encryption time

Input size in (Kbytes) AES TDES RC5

49 63 53 35

59 58 51 28

100 60 57 58

247 76 77 66

321 149 87 100

694 142 147 87

899 171 171 150

963 164 177 116

5345 655 835 684

7310 882 1101 745

Average Time 242 275.8 210

Throughput(Mb/sec) 6.452 5.665 7.43


2431

8

Fig 3: Throughput of encryption algorithm

The figure 3 & 4 depicts the evaluated performance of the suggested system; a performance

test was conducted for a method with an TDES, AES and RC5 encryption algorithm, which has been

applied in the existing systems. The comparison was performed on the following algorithms: DES,

Triple DES (3DES), RC2 and AES (Rijndael). The results shows that TDES outperformed other

algorithms in both the number of requests processes per second in different user loads, and in the

response time in different user-load situations. The limitation of the new improver algorithm is

Memory used in new method is higher than the old method. This is because of the algorithms which

we have used is providing a very high security. So from these results we can conclude that we have

reduced the time complexity and enhanced the security level for the Data Transmission.

Fig 4:Throughput of decryption algorithm

6.665

7.013

7.93

6.

6.5

7.

7.5

8.

8.5

TDES AES RC5

Throughput of Encryption Algorithms

Throughput

6.665

7.013

7.93

6.

6.5

7.

7.5

8.

8.5

TDES AES RC5

Throughput of Decryption Algorithms

Throughput


2432

9

The below figure 5 shows that 3DES and AES support other settings, but these settings

represent the maximum security settings they can offer. Longer key lengths mean more effort must be

put forward to break the security. Since it uses different encryption modes and key size, the load data

are divided into the data blocks and they are created using the Random Number Generator class

available in System.Security.Cryptography.

Fig 5:Comparison using key size and encryption mode

Due to the automatic classification of encryption algorithm it reduces the time to encrypt

the whole data whereas pre-defined format of a key with desired format will make the work difficult

for an intruder to hack the key. This framework will enhance the efficiency of security level of data.

Finally using the common tag identifiers will reduce the difficulty while decrypting the data.

Fig 6:Comparison between fragmentation of variable size and fixed size blocks

In the above figure 6 comparison between fragmentation of variable and fixed size blocks

have been illustrated for varying file size with their execution time. In case of file space, variable size

blocks are used nowadays and then it reduces the encryption time. Fixed size blocks leads to the

wastage of memory and takes long time to process the data. To overcome the wastage of memory and

reduces its encryption time variable size blocks have been used in this proposed approach.

CONCLUSION

Providing security of its data that is stored into the cloud is the major problem. Security of

cloud is dependent on trusted computing and cryptography. The proposed method has given a new

64

1


2433

10

idea of fragmentation before encryption in order to enhance better security in the enterprise data.

Automatic selection of encryption algorithm and random generation of key provides additional

security, which helps to safeguard the information from intruders. Due to interface implemented

between cloud and the application it can be deployed and easily accessed from any remote server all

over the world. Experimental results have shown an improved performance for varying file size with

different encryption algorithms.As a future work, the application focus on to secure image files with

additional features like automatic encryption of pixels with sensitive information and deploying the

application in the cloud server at run time to access it from any parts of the world.

REFERENCES

[1] Behrouz A Forouzan, “Data Communications and Networking”, McGraw-Hill, 4th Edition.

[2] William Stallings, “Cryptography and Network Security: Principles and Practice”, Pearson

Education/Prentice Hall, 5th Edition.

[3] Omer K. Jasim, Safia Abbas, El-Sayed M. orbaty, Abdel-Badeeh M. Salem, “Evolution of an Emerging Symmetric Quantum Cryptographic Algorithms”.

[4]Kashish Goyal, Supriya Kinger, “Hybrid Approach Using Encryption Algorithms For Data

Storage”, International Journal of Scientific & Engineering Research, Volume 4, Issue 7,2013.

[5]Priyanka Arora, Arun Singh and Himanshu Tiyagi,"Evaluation and Comparison of Security Issues on Cloud Computing Environment", World of Computer Science and Information Technology

Journal (WCSIT), Vol. 2, No. 5, pp. 179-183, 2012.

[6] Ebru Celikel Cankaya and Than Kywe, “Private Cloud Data Security: Secured User

Authentication by using Hybrid Algorithms”, The International Conference on Soft Computing and Software Engineering, Vol.4, Issue.4, pp.118-124, 2015.

[7] Abha Sachdev and Mohit Bhansali, “Enhancing Cloud Computing Security using AES“,

International Journal of Computer Applications (0975 –8887), Vol.67, pp.9-12,2014.

[8] Lo’ai Tawalbeh, Nour S. Darwazeh, Raad S. Al-Qassas and Fahd AlDosari, “A Secure Cloud

Computing Model based on Data Classification”, First International Workshop on Mobile Cloud Computing Systems, Management, and Security (MCSMS-2015), Vol 2(52), pp. 1153 –1158, 2015.

[9] Swapnali More, Sangita Chaudhari, “Third Party Public Auditing Scheme For Cloud Storage”,

International Symposium on Big Data and Cloud Computing, Vol.2, Issue.3, pp.118-124, 2016.

[10] L. C. Guillou and J.-J.Quisquater, “A Practical Zero-Knowledge Protocol fitted to security microprocessor minimizing both transmission and memory”, Computer Science on …...Advances .in

cryptology, Vol.8, Issue.3, pp.123-128, Springer-Verlag New York, Inc, 2014.

[11]Asmaa M. Alhakimy and Abu Bakar Md. Sultan, ”Hybrid Algorithm to Protect Java’s Code from

Reverse Engineering ”, The International Conference on Mobile Computing, Vol. 3, Issue.8, pp.1-5, 2013.

[12]Ashish Anand, “Securing Android Code using White box Cryptography and Obfuscation

technique”, International journal of computer science and mobile computing, Vol.4, Issue.4, pp.347-

352, 2015.

[13] Shah Pratik,”Architecture Of Class Loader System In Java Bytecode Obfuscation”,International Workshop on Mobile Cloud Computing Systems, Vol.4, Issue.4, pp. 119-123, 2016.

[14]Sridhar C. Iyera, R.R. Sedamkar, Shiwani Gupta, ”A Novel Idea On Multimedia Encryption

Using Hybrid Crypto Approach ”, International Conference on Environmental …….Science and

Information Application Technology, Vol. 9, Isuue.6, pp.72-77, 2015.

[15] Manish M Potey, C A Dhote, Deepak H Sharma, ”Homomorphic Encryption For Security of

Cloud Data ”, Indian Journal of Fundamental and Applied Life Sciences, Vol.1, Issue.4, pp.68-72,

2015.


2434

11

[16] Nishtha Mathur and Rajesh Bansode, ”AES Based Text Encryption Using 12 Rounds with

Dynamic Key Selection”, The International Conference on Communication, Computing and Virtualization, Vol. 10, Issue.79, pp.1036-1045, 2015.

[17] Rawya Rizk and Yasmin Alkady, ”Two-phase hybrid cryptography algorithm”, Journal of

Electrical Systems and Information Technology , Vol. 2, Issue.25,pp.296-313,2015.

[18]Valentina Ciriani, Sabrina De Capitani Di Vimercati and Sara Foresti, “Combining Fragmentation

and Encryption to Protect Privacy in Data Storage”, ACM Transactions on Information and System Security (TISSEC), Volume 13, Issue 3,pp.1-30,2013.

[19] K.Govind and Dr.E.Sathiyamoorthy, “Identity Anonymization and Secure Data Storage using

Group Signature”, The International Conference on Communication,Computing and Virtualization,

Vol. 10,Issue.9,pp.495-499,2013.

[20] Laiphrakpam Dolendro Singh and Khumanthem Manglem Singh, “Implementation of Text

Encryption using Elliptic Curve Cryptography”, Eleventh International Multi-Conference on

Information Processing, Vol. 3, Issue.54, pp.73-82, 2015.

[21] Sourabh Chandra, Bidisha Mandal, Sk. safikul Alam and Siddhartha Bhattacharyya, “Content based double encryption algorithm using symmetric key cryptography”, International Conference on

Recent Trends in Computing, Vol. 3, Issue.57, pp.1228-1234,2015.

[22]Benni Purnama and Hetty Rohayani.AH,“A New Modified Caesar Cipher Cryptography Method

With Legible Ciphertext From A Message To Be Encrypted”, International Conference on Computer Science and Computational Intelligence, Vol. 3, Issue.59, pp.195-204, 2015.

[23]Salim M.Wadia and Nasharuddin Zainala, “Rapid Encryption Method Based on AES Algorithm

for Grey Scale HD Image Encryption”, International Conference on Electrical Engineering and

Informatics”, Vol.3, Issue.11, pp.51-56, 2015.

[24]S. Das, J.K.M.S. Uz Zaman and R. Ghosh, “Generation of AES S-Boxes with various modulus and additive constant polynomials and testing their randomization”, International Conference on

Computational Intelligence, Vol.1, Issue.10, pp.957-962, 2013.


2435

enhancing cloud security through efficient fragment based … · as cryptographic techniques take a...

Documents