Data security in Cloud Computing using Cramer - Shoup cryptosystem ...

DATA SECURITY IN CLOUD COMPUTING USING CRAMER – SHOUP CRYPTOSYSTEM Dr. S. Raju

Y. Mohamed Sirajudeen

Associate Professor Department of Computer Science and Engineering Sri Venkateswara College of Engineering Sriperumbudur- 602 117, Tamil Nadu, India. [email protected]

Post Graduate Student Department of Computer Science and Engineering Sri Venkateswara College of Engineering Sriperumbudur- 602 117, Tamil Nadu, India. [email protected]

Abstract -– Cloud computing is an emerging technology which has become today’s blistering research area due to the advancement of increased connectivity and it is most interesting and attractable technology which offers the on demand services to the users over the internet. Since Cloud Computing stores the user data and allows the user to work on the cloud system and so the security has become the main concern which creates threat and tries to deploy the Cloud environments. Even though the Cloud Computing is efficient, there are many challenges for data security, which may take away the users from using the cloud computing. To ensure the security of data, we proposed a method by implementing Cramer – Shoup cryptosystem. Keywords – Cloud Security; Cramer; Shoup; Cryptosystem

I. INTRODUCTION Cloud computing is a term used to describe the integrity of computing concepts that involve an enormous number of computers connected through a real-time communication network such as the Internet. Cloud computing is to describe the distributed computing over a network, that is intently meant for working on a different machine to provide the convenience to the users. Cloud Computing is highly helpful for many small, medium and large sized companies and as many cloud users seek the services of cloud computing, the major concern is the security of their data in the cloud. Securing data is always of vital importance and because of the critical nature of cloud computing and the large amounts of complex data it carries, the need is even more important. Hence forth, concerns regarding data privacy and security are proving to be a barrier to the broader uptake of cloud computing services. II. SECURITY ISSUES IN CLOUD COMPUTING A. Privacy and Confidentiality: When a client is hosting some confidential data to the cloud there should be some assurance that access to the data will be limited only to the authorized persons. Inappropriate access of the personnel data is also a risk that can pose potential threat to

c 978-1-4799-6629-5/14/$31.00 2014 IEEE

cloud data. Assurances should be given to the clients about the security issues. The safety policies should be much protective. The cloud seeker should be assured that data hosted on the cloud will be confidential. B. Data Integrity: Along with providing the security to the data, cloud service provider should also ensure the data integrity and monitoring the dataset is also mandatory. They should be able to tell what happened to the dataset, at any point. Making the users aware of what particular data is hosted on the cloud and the integrity mechanism is responsible of cloud service provider. And also it is necessary to have exact records what data is placed in the cloud, when it is placed, at what virtual memories (VMs) and storage it resided on, and where it was processed. When such data integrity details are supervised, it is easy to prevent from tampering or altering the place where the data actually resides. C. Data location and Relocation: The data which are stored in the cloud will have the high degree of mobility. Possibly it could float on the virtual machines time to time. Small users may not need of knowing their data, where does actually resides. But when some high-level companies or enterprises wants their data to be stored in a particular geological places then the cloud service provider and enterprisers has to put an agreement about the location of data to be stored. And also it’s the responsibility of the cloud service provider to ensure the security of systems and providing robust authentication to safeguard customer’s information. Since the data is been floating over the devices, the cloud providers has to been in some agreement with other cloud providers to use their storage devices. D. Data Availability: Customer data is normally fragmented and stored on different servers often residing in different locations or in

343

different Clouds. In this case, data availability becomes a major issue as the availability of uninterruptible becomes relatively difficult. 1. Storage, Backup and Recovery: When a user decides to move the data to the cloud, the cloud service provider has to ensure the adequate data storage devices. At a minimum they should be able to provide RAID (Redundant Array of Independent Disks) storage systems although most cloud providers will store the data in multiple copies across many independent servers. In addition to that, most cloud providers should be able provide options on backup services which are certainly important for those businesses that run cloud based applications so that in the event of a serious hardware failure they can roll back to an earlier state. III. DATA SECURITY Data protection tops the list of cloud concerns today. Vendor security capabilities are keys to establishing strategic value, reports the 2012 Computerworld “Cloud Computing” study, which measured cloud computing trends among technology decision makers. When it comes to public, private, and hybrid cloud solutions, the possibility of compromised information creates tremendous angst. Organizations expect third-party providers to manage the cloud infrastructure, but are often uneasy about granting them visibility into sensitive data. Such issues give rise to tremendous anxiety about security risks in the cloud. Enterprises worry whether they can trust their employees or need to implement additional internal controls in the private cloud, and whether third-party providers can provide adequate protection in multitenant environments that may also store competitor data. There’s also ongoing concern about the safety of moving data between the enterprise and the cloud, as well as how to ensure that no residual data remnants remain upon moving to another cloud service provider.

data governance. The public cloud compounds these challenges with data that is readily portable, accessible to anyone connecting with the cloud server, and replicated for availability. And with the hybrid cloud, the challenge is to protect data as it moves back and forth from the enterprise to a public cloud. Reliability in terms of a safe and secure environment for the personal data and info of the user is still required. IV. PROPOSED WORK The Cramer–Shoup cryptosystem is an asymmetric key encryption algorithm, and was the first efficient scheme proven to be secured against adaptive chosen cipher text attack using standard cryptographic assumptions. Its security is based on the computational intractability (widely assumed, but not proved) of the decisional Diffie–Hellman assumption. Developed by Ronald Cramer and Victor Shoup in 1998, it is an extension of the Elgamal cryptosystem. In contrast to Elgamal, which is extremely malleable, Cramer–Shoup adds other elements to ensure non-malleability even against a resourceful attacker. This non-malleability is achieved through the use of a universal oneway hash function and additional computations, resulting in a cipher text which is twice as large as in Elgamal. Cramer-Shoup System algorithm involves three steps: 1. Key Generation 2. Encryption 3. Decryption Consider a group G of prime order q, where q is large and presume that the original messages or the encoded messages are to be stored as the element of G. Normally one way hash function (SHA-1) is used for encryption and decryption. 1. Key Generation The key generation algorithm chose the random element g1, g2 € G and random elements x1, x2, y1, y2, z € Zq are chosen. Next step is to compute the group element. C = g1x1.g2x2, d = g1y1.g2y2, h = g1z Then one-way hash function (SHA-1) is chosen. The public keys is (g1, g2, c, d, h, H) and the private key is x1, x2, y1, y2, z € Zq 2. Encryption The encryption algorithm encrypts the given message M € G. It also chooses the value r € Zq. u1 = g1r, u2 = g2r, e = hrm, α = H (u1, u2, e,), v = crdr α. Where H denotes the hash function. And the cipher text is (u1, u2, e, v) transfer through internet to the receiver. 3. Decryption

Fig. 1 Issues in cloud security Unquestionably, virtualized environments and the private cloud involve new challenges in securing data, mixed trust levels, and the potential weakening of separation of duties and

344

The decryption algorithm decrypts the cipher text (u1, u2, e, and v). It computes α = H (u1, u2, e,) and checks,

2014 International Conference on Contemporary Computing and Informatics (IC3I)

u1 x1+y1α + u2x1+ y2α = v It the conditions in satisfied then message can be decrypted by m = e/u1z

your message. The operation of all the functions f1, f2, f3, f4, can be expressed by the following diagram.

V. CRAMER- SHOUP ALGORITHM EXAMPLES

After Computing the value of α, compute the value v, where v = 2433 * 196833α. Cipher text is computed (9, 343, 1.93*109, v) is transferred to the receiver side.

1) Key generation Consider the cyclic group G = {0, 1, 2, 3, 4, 5, 6} and the message transferred to be 5 (M = 5). Consider g1 = 3, g2 = 7. Randomly chosen values are, x1 = 2, x2 = 3, y1 = 4, y2 = 5, z = 6 all belong to the set Zq. Compute the group element, c = 32*33 = 243, d = 34*35= 19683, h = 36= 729. Public key is (3, 7, 243, 19683, 729) and private key is (2, 3, 4, 5, 6) 2) Encryption Choose any value for r from Zq, Let us assume r = 3. u1 = 33 = 9, u2 = 73 = 343, e = 7293(5) = 1.93 * 109. Then to compute α = H (9, 343, 1.93 * 10 9). a) SHA-1 A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. The inputs are fed to the system as 512 bits and the system produces the 160bits as output.

Fig.3. Elementary SHA Operation (Single Step)

3) Decryption Receiver gets the cipher text as (9, 343, 1.93*109, v). It computes the value of α = H (u1, u2, e,) and then checks whether 92+3α + 3432+3α = v is equal or not. If they are equal then, M = e/u1z. VI. IMPLEMENTATION Experimental methodology: We use the following steps to implement the Cramer Shoup algorithm in cloud. Create goggle application: Step 1: Go to http://accounts.google.com/ and enter your google user name, password Step 2: Select your own google application link (MyApplications) Step 3: Select “create application” button, give application identifier, application title and click “Create Application “button. Now application is ready.

Fig.2. SHA-1 Processing of a Single 512-bit Block (SHA-1 Compression Function) After all the 512 bit-block have been processed a 160bit message digest is produced, which is a function of all the bits of

Implement Cramer Shoup algorithm in google cloud SQL: The following are the procedure to create Database, Tables in google Cloud SQL and to implement Cramer Shoup algorithm: Step 1: Go to https://code.google.com/apis/console and select Google Cloud SQL option Step 2: Select “New instance” button from the right upper corner and popup window displayed

2014 International Conference on Contemporary Computing and Informatics (IC3I)

345

Step 3: Type instance name and associate an authorized application, which was created earlier and click “Create instance” button Step 4: Click instance name to see the properties associated with it Step 5: Select “SQL Prompt” tab. All databases automatically loaded Step 6: Create database for the application by using “create database…” query and create necessary tables Step 7: Insert records to the tables by using “Insert into” Query Step 8: Create user interface for the application Step 9: Write Java code to implement Cramer Shoup algorithm in cloud and debug the application in google cloud. Step 10: Store the data in an encrypted format. Display the content in decrypted format while accessing

control over the data. Thus, the amount of protection needed to secure data is directly proportional to the value of the data. Security of the Cloud relies on trusted computing and cryptography. Thus, in our proposed work, only the authorized user can access the data. Even if some intruder (unauthorized user) gets the data accidentally or intentionally if he captures the data also, he can’t decrypt it and get back the original data from it. Hence forth, data security is provided by implementing Cramer – Shoup cryptosystem.

1) Execution Flow The user puts the data in the google cloud. Consider the data are uploaded to the cloud using a SQL commands. Then the system generate the public key and private key for the appropriate data (Message). The next step is about implementing the algorithm and creates the cipher text. At the receiver side the cipher text is been analyzed and checks whether the values u1 x1+y1α + u2x1+ y2α = v are equal or not.

[2]. P. Kalpana, “Cloud Computing – Wave of the Future”, International Journal of Electronics Communication and Computer Engineering, Vol 3, Issue 3, ISSN 2249–071X, June 2012.

REFERENCES [1] Ronald Cramer and Victor Shoup “A Practical Public Key Cryptosystem Provably Secure against Adaptive Chosen Cipher text Attack” in 1998.

[3]. Zaigham Mahmood, “Data Location and Security Issues in Cloud Computing”, Proceedings of International Conference on Emerging Intelligent Data and Web Technologies-2011. [4] Vishwa gupta, Gajendra Singh, Ravindra Gupta, “Advance Cryptography algorithm for improving data security”, International Journal of Advanced Research in Computer Science and Software Engineering, Vol 2, Issue 1, Jan 2012. [5] V. Sandhya, “A Study on Various Security Methods in Cloud Computing”, International Journal of Advanced Research in Computer Science, Volume 2, No.6, Nov-Dec 2011. [6]. Simarjeet Kaur, “Cryptography and Encryption in Cloud Computing”, VSRD International Journal of Computer Science and Information Technology, Vol.2 (3), 242-249, 2012. [7] Birendra Goswani, Dr.S.N.Singh, “Enhancing Security in Cloud computing using Public Key Cryptography with Matrices”, International Journal of Engineering Research and Applications, Vol 2, Issue 4, 339-344, July-Aug 2012.

Fig.4 Execution Flow of Cramer Shoup Algorithm

[8].William Stallings, “Network Security Essentials Applications and Standards”, Third Edition, Pearson Education, 2007.

If both the values are equal then the receiver decrypts the value and will display the original message M.

[9]. Parsi Kalpana ,et al, International Journal of Research in Computer and Communication technology, IJRCCT, ISSN 22785841, Vol 1, Issue 4, September 2012.

VII. CONCLUSION Cloud Computing is still a new and evolving paradigm where computing is regarded as on-demand service. Once the organization takes the decision to move to the cloud, it loses

[10]. G. Jai Arul Jose, C.Sanjeev, “Implementation of Data Security in Cloud Computing”, International Journal of P2P Network Trends and Technology, Vol 1, Issue 1, 2011.

346

2014 International Conference on Contemporary Computing and Informatics (IC3I)