2015 17th UKSIM-AMSS International Conference on Modelling and Simulation
A Proposed System Concept on Enhancing the Encryption and Decryption Method for Cloud Computing Sakinah Ali Pitchay1, Wail Abdo Ali Alhiagem2, Farida Ridzuan3, Madihah Mohd Saudi4 Faculty of Science and Technology Universiti Sains Islam Malaysia (USIM) Bandar Baru Nilai, Nilai, Malaysia {sakinah.ali1, farida3, madihah4}@usim.edu.my,
[email protected] access the same data, which allows users to be unconfined to a single computer. Another important advantage is that cloud computing extremely lowers down the hardware cost of machines. Users are not required to use any high-end machines because the applications will be hosted in the cloud and the computer will only display the results of what their applications are intended to generate. Besides all these, cloud computing has very important factors such as administration, scalability and drastically reduced hardware and software costs. All of the factors provide extremely attractive solutions for personal users and small or big business holders [3].
Abstract—Individual user and organizations benefit from cloud computing services, which allow permanent online storage of files. The problem occurs when companies store highly confidential documents in cloud servers. Therefore, this paper aims to introduce a backbone structure for a cloud storage system where the security and personal privacy is highly maximized. It is very obvious that cloud computing servers are highly protected against unauthorized access, but in some cases these files stored can be accessible by the maintenance staffs. Fully protection is needed to ensure that the files stored in the server are only accessible to owners. This paper proposes a system that will employ Rivest-ShamirAdleman (RSA) and Advanced Encryption Standard (AES) combination encryption process using USB device. The files may be accessed in the cloud but all the files will remain encrypted till the USB device is plugged into the computer. The point of applying such method is to fully protect the files and avoid using one single password. The randomly generated passkeys are very complex combinations thus user will not be able to fully memorize them. The proposed system will detect the USB that contains the private-key used for the files to be downloaded from the cloud.
II.
Keywords-cloud computing security; encryption; decryption; RS; AES; cloud storage; cloud server;
I.
INTRODUCTION
In the recent years of Internet computing, the rising reputation of cloud computing have attracted a large amount of Internet users. Cloud computing can be defined as a model for enabling convenient, on-demand network access to a shared pool of configurable and reliable computing resources, referred as real-time network with a large number of connected devices [1]. The connected devices may be PC, smart phones or tablets. Basically, any device that has a valid MAC address of integrated network adapter is included. The cloud computing is all about sharing of resources among users in real-time. Real-time refers to the sharing of data to be visible instantly to other users who has the authentication to see it. One of the main advantages of cloud computing is that it delivers applications and storage spaces as services over the Internet for little to no cost [2]. Users have full access and control to their applications and data from anywhere at any time through internet connection. The access of their files is not limited to one computer, but multiple computers can
978-1-4799-8713-9/15 $31.00 © 2015 IEEE DOI 10.1109/UKSim.2015.74
SECURITY ISSUES IN CLOUD COMPUTING
Data security is one of the security issues in cloud computing that have been discussed by [4]. It is a common concern for any technology, but it becomes a major challenge when Software-as-a-service (SaaS) users have to rely on their providers for proper security [9-11]. In other words, the main issue in cloud computing is the security leaks, which prevent people to fully adopt the cloud systems. Since all the files are stored in the cloud servers and accessible at all times, hackers have full time of working hours for cracking the file security walls such as encryption and authentication. Following are the security issues in cloud service providers, which have been listed and are directly related to file storage. A. Secure Data Trasnfer Cloud computing is all about networking which has real time communication channel with clients in order to send and receive data packages. However, these data packages can be tracked easily because the internet is used for communication and it is vulnerable to attacks at any time. Therefore, the cloud computing service providers must guarantee that the files, or the data file chunk, are properly secured for full protection [5]. B. Secure Data Storage Clouds store huge amount of data from their users. Some of the stored data might be extremely important for some parties. In order to build customer trust, cloud services must
201
would have no impact of the encrypted data security. The private key is the one that carries the high risk of data compromise in case of a loss.
be very well integrated with data encryption and decryption [5]. In all known cloud services, data are encrypted and stored in the cloud servers. When the user requests to view the data, the decryption key is applied to decrypt the data and then viewed by the users. Such file encryption and decryption is applied in order to protect unauthorized access of users into cloud servers [5].
A. Key generation As mentioned in earlier sections, RSA algorithm works with a public key and a private key pairs. It is completely safe to distribute the public key to anyone for encryption purposes because the public key cannot be applied for the reverse process. The messages can only be decrypted with the private key. The keys for the RSA algorithm are generated based on the mathematical theorems and formulations. The algorithm uses prime factorization as shown in (1). (1) where p and q are prime numbers.
C. User permissions Another security factors in cloud computing is the accessibility limitations of users over other users’ files and documents. A user is authenticated in the server when the correct login credentials are provided. However, users are not permitted to access private files or non-public files uploaded by other users. Users should be clear of who has administration rights in the cloud service providers for data management purposes because these people has the authority of accessing data stored in the clouds [5].
The calculation of the private key of encryption is defined by the following formulation. The private key is the key for decryption of the cipher text so it must be kept secret at all times.
ENCRYPTION AND DECRYPTION According to [6], encryption is the transformation of any kind of data into a form that is not understandable. Decryption is the opposition of the encryption which converts encrypted data into understandable form. A cipher is called the decrypted text of the original message or signal [7, 12]. Encryption is mostly used by governments and army related foundations which carry a high level of confidential information. In order to decrypt the encryption, a key which is often called decryption key is required for reverse operations. Without a correct decryption key, a message may not be decrypted. In such conditions, decryption must be extracted from the encryption patterns however, a loss of the decryption key mostly result in loss of decrypted message. Therefore, a decryption key must be secured and protected properly. The more complicated the encryption algorithm, the more difficult it becomes to break the cipher for accessing the message without authorization. There are many encryption algorithms proposed since the availability of earlier computer communications. Encryption algorithms are normally categorized differently according to their working principles. The most common encryption algorithms [13] used is such as AES, WPA, RSA, Twofish and DES. RSA algorithm [8] is in the category of public-key based on cryptography implementations. The RSA algorithm is based on the mathematical equivalent, which is invented by the English mathematician Clifford Cocks. This equivalent is about factoring the large integers and then returning them back to their original values with reverse steps. This is called prime factorization of the selected prime numbers. The idea behind the RSA algorithm is that, the data is encrypted with an equation. This equation yields a number which is then used for the reverse process. In the RSA, there are two numbers known are the public key and private key. The public key is open for distribution to any person as it
1 ,
(2) 1
where is the totient function (a, b) is the greatest common divisor B. Encryption The encryption is done by both using the public key and private key. The public key belongs to the person who is going to receive the message. The private key belongs to the one who encrypts the message. In the encryption process, the message is converted to a number, say it m, by applying the padding scheme method. (3) The cipher text is then computing by following formula using exponentiation by squaring method. After the execution of the formula, instead of the original message m, the cipher text c is sent to the receiver. C. Decryption Decryption is the reverse process of the encryption method. The same formula is used by applying reverse padding scheme method. The received cipher text from the sender is applied the following formula in order to get the original message which is encrypted in the sender machine. In order to decrypt the message, the received must use the private key of its own. (4)
202
III.
PROPOSED SYSTEM
The proposed system suggests a new method of how the files are stored in the cloud by applying the existing encryption method and cloud computing system. Most users are not comfortable by knowing that their extremely private or confidential files can be accessed for various purposes by the cloud Server providers. This could be for maintenance purposes, security thread claims or even regular file backup processes. Normally, these reasons are complete valid in order to protect the cloud Server status and performance. However, users are reluctant to upload their confidential files into cloud servers. This proposed system aims to fill this gap by providing an advanced level of file protection. RSA is known to be the strongest publicly available encryption method. This algorithm works with both private key and public key. The only way of decrypting the files which are encrypted with the public key is to use the private key. Users’ file will be encrypted right before the upload process to the cloud Server. Only the encrypted file will be uploaded to the Server. Then, the private key to decrypt the file will be stored in the plugged in a removable device. A removable device must be present at the time of uploading process. When the user requests back the file from the cloud servers to his or her computer, the removable device must be plugged in as well. The encrypted file is downloaded from the cloud Server and then automatically decrypted by the private key which exists in the removable device. In case where users do lose the removable device, a backup feature must be available. If the user loses the removable device without having a backup, unfortunately, the files will not be able to be converted to their original forms. Figure 1 illustrates the overall view of the proposed concept clearly.
Figure 1. Proposed Concept Structure - Combination of cloud computing and RSA Algorithm
A. Comparison of Cloud System This section compares between the investigated systems and their features. The comparison is for the cloud simulation which is required for the implementation of the encryption. This simulation will act like a cloud server which allows uploading and downloading encrypted files. This simulation is to be equipped with some features in order to show the working prototype of encryption and decryption security suggestion. TABLE I. # 1 2 3 4 5 6
COMPARISON OF THE INVESTIGAED SYSTEMS
Features
DropBox
Encryption File Uploading File Downloading File Sharing Synchronization User Account
AES-256bit Supports Supports Supports Supports Supports
Google Drive Unencrypted Supports Supports Supports Supports Supports
SkyDrive Unencrypted Supports Supports Supports Supports Supports
The comparison shows that only DropBox encrypts the files stored in the servers. But this encryption still can be decrypted if the legal authorities ask DropBox to do so as they store the decryption key in their servers as well. The Google Drive does not encrypt the files but they count on their existing server protection protocols such as firewalls and user authentications. However, it is known that Google is working on the encrypting the files stored in the Google Drive. Microsoft’s SkyDrive does not encrypt the files at the moment and there is no known work for this issue at the moment. However, all these three cloud based services are well trusted by their regular users. It is a challenge for users who would like to have their files completely secured even if the legal authorities ask the service providers to reveal. It is noticed that the encryption is not very well integrated with the actual cloud storage. All the user files can be
203
accessed because files are stored unencrypted. Even when the files are encrypted; the decryption key is still stored in the cloud servers which still leave a trace to the original files. Based on these issues, the proposed system was suggested and a conceptual drawing is illustrated. IV.
METHODOLOGY
The proposed study is enriched with Waterfall Development Methodology which implements a sequential based stage by stage concept. The proposed system does not have many objectives or user requirements as it is a background process development of a service. In this type of developments, users are not involved due to user irrelevancy. The Waterfall model is a powerful methodology when the requirements are finalized and not intended to be changed because in order to move to the next development stage in the methodology, the current stage must be resolved completely.
Figure 3. Proposed System Concept
Figure 2. Waterfall Methodology Model
A. Requirements The first stage of the Waterfall model is the definition of system requirements. The proposed system is a background process development for filling security issues in cloud computing. Users use cloud computing mostly to store their data and make it accessible through different devices with their account. The overall proposed system structure is shown in Figure 3. It can be considered as a middleware between the user and cloud server. It will encrypt the files right before the upload progress starts.
Figure 4. Use Case Diagram
C. Implementation In order to implement the system efficiently, class diagram was designed which shows the entire relations of the inner application structure as shown in Figure 5.
B. Design The system serves to single type of users. Anyone can easily create an account and use the system to store their files. Once the account is created, users can upload files with encryption. The encryption requires any removable device to be connected into users’ computer. This drive will then be used to decrypt the files when the download process is initialized. The use case diagram for the users’ tasks is shown in Figure 4. The major tasks are the downloading and uploading processes with encryption supports. Users are allowed to use the system in unencrypted mode but, it is not advised.
D. Verification Users will upload their confidential files into cloud servers. The files will be encrypted before the actual upload process starts. The verification process is required for downloading the encrypted files. The contents of the files must not be damaged during encryption. In order to test such functionality, some of the testing files will be selected and all of these files will be uploaded with encryption. When the files are downloaded, the file size must be exactly same in the byte level and the content must be decrypted. This will assure that the files encrypted can be decrypted back into their original forms.
204
process using the USB device. The system will detect the USB that contains the private-key used for the files to be downloaded from the cloud. ACKNOWLEDGMENT The authors would like to express their gratitude to Ministry of Education (MOE) and Universiti Sains Islam Malaysia (USIM) for the support and facilities provided. This research paper is supported by USIM funds.
REFERENCES [1] [2]
[3]
[4] Figure 5. Proposed system class diagram. [5]
E. Maintenance The maintenance stage of the Waterfall model ensures that the system is supported even after the final release is accomplished. However, the maintenance part is not applicable at this stage to the proposed system. The proposed system is at its prototyping stage.
[6]
[7]
This section discusses the stages of the proposed methodology which is the Waterfall model. The stages are illustrated with various drawings such as Use Case diagram and Class Diagram in order to define the requirements and expectations clearly. This section states the baseline of the proposed system for its implementation.
V.
[8] [9]
[10]
[11]
CONCLUSIONS AND FUTURE WORKS
[12]
This paper presents a proposed system implementing the RSA and AES combination encryption process using USB device as a method to encrypt and decrypt data. This paper further provides the backbone structure for cloud storage systems where the security and personal privacy is highly maximized. Four stages in Waterfall methodology have been described for the proposed system. It is expected that this proposed system will lead on designing the implementation of the combination for both encryption and decryption
[13]
205
K.Yang and J.Xiaohua, “Security for Cloud Storage Systems”, Springer Brief in Computer Science, 2014. T. Chou, “Security Threats on Cloud Computing Vulnerabilities,” International Journal of Computer Science & Information Technology, vol. 5(3), pp. 79–88, 2013. J. Strickland, “How Cloud Computing Works,” Howstuffworks.com. Retrieved from http://computer.howstuffworks.com/cloudcomputing.htm, 2011. K.Hashizume, D.G. Rosado, E. Fernandez-Medina, and E.B. Fernandez, “An analysis of security issues for cloud computing,” Journal of Internet Services and Application, 4:5, Feb 2013. Beckham, The top five security risks of cloud computing, Available on internet: http://blogs.cisco.com/smallbusiness/the-top-5-securityrisks-of-cloud-computing, 2011. F. Kerby, , “Understanding Encryption,” The Monthly Security Awareness Newsletter for Computer Users, The SANS Institute, Editorial Board: B. Wyman, W. Scrivens, P.Hoffman, L.Spitzner, C.R. Hardy , July 2011. Alanazi, H. O., Zaidan, B. B., Zaidan, a. a., Jalab, H. a., Shabbir, M., & Al-Nabhani Y, “New Comparative Study Between DES, 3DES and AES within Nine Factors,” Journal of Computing, vol. 2(3), 152–157, Mar 2010. E. Milanov , “The RSA Algorithm,” pp. 1–11, June 2009. JW. Rittinghouse and JF Ransome, “Security in the Cloud,” In: Cloud Computing. Implementation, Management, and Security, CRC Press, 2009. S. Subashini and V.Kavitha, “A survey on Security issues in service delivery models of Cloud Computing,” Journal Network and Computer Applications, vol. 34(1), pp. 1-11, 2011. J Viega, “Cloud Computing and the Common Man,” Journal Computer vol. 42(8), pp. 106-108, Aug 2009. P.K. Pagadala and J.Sabeena, "Enhancing the Security and Reliability of the Data over Computer Networks using RSA cryptosystem," Int. Journal of Innovative Research in Technology," vol. 1(6), pp. 195202, 2014. Dr A.M. Gonsai and L.M. Raval, "Evaluation of Common Encryption Algorithm and Scope of Advanced Algorithm for Simulated Wireless Network,", Int. Journal of Computer Trends and Technology, vol.11(1), pp. 7-12, May 2014.
