Ensure data security in cloud computing by using cryptography Mufind Mukaz ebedon School of computing sciences, IUKL University, Malaysia
[email protected]
I. INTRODUCTION
Abstract Security is an important factor in cloud computing to ensure that the client data is placed in a secure place. Cloud computing help business to improves their organization by using the services the cloud provider offer such as shared network, valuable resources bandwidth, software and hardware in a cost effective manner. In this research paper, we are focusing on what encryption a client need before choosing a cloud provider, because good encryption will help you protect your data when you share it or use it, but if it is not consider before, the client will hand up losing data, paying more money to cloud provider, because the encryption offering by the cloud doesn’t much with his need. We are going to compare two encryption; asymmetric (DES and AES) and symmetric (RSA) algorithms. We have found that the encryption needed will depend on the confidentiality of your data, if the data confidentiality is high you will need a strong encryption such as RSA, if not you will need DES as encryption, so analyzing your data confidentiality is very important before deciding on which encryption to take. General Terms Security Keywords Cloud computing, confidentiality
Encryption,
Data
security,
Several trends now days are opening up to the era of cloud computing, which is, the use of internet and computer resources, cloud can provide a cheaper resources such as CPU, HDD, cheaper data center rather than buying your own resources and building your own data center, cloud is offering services combine with the platform and the infrastructure that allow you to use a software without carrying more on what infrastructure to use or what platform to install. There are a lot of advantages of cloud but one of the biggest concerns with data storage in cloud are data confidentiality, user and company are worry about what to do to secure their data and what encryption to use just to make their data confidential because their data are not control by them, they live it to a provider to secure it for them, so the importance of knowing the best encryption it is very crucial to make sure every data are protected. Our research will focus on encryption such as symmetric and asymmetric, It will be better for a new customer or company who wants to explore the benefit of cloud, to know what encryption to use for his data, so before deciding on which cloud provider to choose it will be better to know the encryption needed for your data then compare to what cloud provider offer, we know that all the data are not confidential so the client or company have to know which encryption to use for each types of data
I.1. Related work Data security in cloud has been a main point of researcher, but talking about the all issue of data security will not solve the problem, that way most of the researcher focus on a particular point or weaknesses of data security in cloud. Some are focusing on creating a better encryption to ensure that the share network are secure when we send a file, but their finding are not the same some use asymmetric algorithm [1] some combine both asymmetric and symmetric [2] [3] algorithm to come with a better encryption. other researcher focus on creating a third party audit [4] [5] to analyze if the cloud provider has a good security, to ensure their client that their data are well secure, other focus on creating a scheme [6] [7] and the rest are focusing in particular topic such as remote data integrity [8] [9]. We can see that most of the researcher focus on creating a new encryption or using a third party to investigate on behave of the client and other focus on creating scheme to make sure that the cloud has a good design and security at the high level, but no one has focus on how a new company or client will choose a particular encryption for it file before moving to cloud because all the data doesn't have the some value so a different encryption will be needed for each data, after choosing you can determine which cloud provider has that encryption and by doing that you will save the cost because you can use a combination of private cloud and public cloud depending of your data value. Our research is focusing on analyzing some encryption and give advice on what encryption to choose before moving to cloud Our work will be only focus on asymmetric and symmetric cryptography, analyze them and decide which one will be better for the client base on his need and also enhanced them if needed. The rest of the paper is organized as follows. In section II we discusses very briefly about some terms, technology, in cloud and encryption to be proposed in section III. Section III we discuss and provide a solution for what encryption to use and the last section will be our conclusion
II.
BASICS
1. Cloud computing Cloud computing can be define as a distributed architecture system featuring virtualized and dynamically scalable resources, e.g, storage, platforms, computer power and services which are delivered on demand to customer via internet. The cloud provides services what we called “everything as a service” model. Like we said in the last paragraph we have a lot of services cloud offer but the most used or popular are software as a service(Saas) provide software that runs over a platform and infrastructure that is manage by the company offering the services, e.g. sales forces, infrastructure as a service(Iaas)provides an infrastructure to client such as storage, hardware and others computer services and finally platform as a services (Paas) provides a platform ready for use and allow user to develop their own application via this platform [10]. We have three major cloud deployment model such as Public clouds which allow customer to pay to access their services, via internet, web application or application programming interface (API) on the other hand we have Private clouds, it offer services to a limited number of clients by restricting the rest to access that means it is working as a company services. The last one is a hybrid cloud which combine those two for example we have a public storage combine with a companywide storage. There are a lot of clouds computing provider base on those services we talk earlier, but the most known are: Amazon, Microsoft and Google
cryptography. Conventional encryption is the use of a single key for both encryption and decryption but in public key they use separate keys. A. Symmetric key encryption For our research we will focus on two encryption Data encryption standard (DES) and advanced encryption Standard (AES) [11]
Figure : Cloud services
2. Data security Data security in cloud as created a lot of question, in which people are wondering if security is well implemented because of the services offered by cloud, client and company are moving a lot of data or access their services via a third party who control and handle their data. The issue with that is most of researches in security affirm that if two programming are running in the same place a hacker can access the data by using a eavesdropping program and also another problem is two virtual machine running in the some physical computer that pause the some problem. There are a lot of concern about the security in cloud such as the services is use via internet and we know what is the insecurity of internet that will also affect the cloud, insecurity via API and so on. Major cloud computing security solutions are based on encryption. The most secure ways nowadays is getting the encrypted data from the cloud to a secure location, decrypting it, then use it and work with, and at last, return the data encrypted again back to the cloud. 3. Cryptography In this field of cryptography we have several techniques for encryption/decryption; this technique can be classified in two groups Symmetric key encryption and Asymmetric or public key
Figure : Symmetric key schema
A.1. Data encryption standard (DES) DES is based on a cipher known as the Feistel block cipher. This was a block cipher developed by the IBM cryptography researcher Horst Feistel in the early 70’s. It consists of a number of rounds where each round contains bit shuffling, nonlinear substitutions (S-boxes) and exclusive OR operations. Most symmetric encryption schemes today are based on this structure (known as a feistel network). As with most encryption schemes, DES expects two inputs the plaintext to be encrypted and the secret key. The manner in which the plaintext is accepted, and the key arrangement used for encryption and decryption, both determine the type of cipher it is. DES is therefore a symmetric, 64 bit block cipher as it uses the same key for both encryption and decryption and only operates on 64 bit blocks of data at a time5 (be they plaintext or ciphertext). The key size used is 56 bits, however a 64 bit (or eight-byte) key is actually input. The least significant bit of each byte is either used for parity
(odd for DES) or set arbitrarily and does not increase the security in any way. All blocks are numbered from left to right which makes the eight bit of each byte the parity bit. Once a plain-text message is received to be encrypted, it is arranged into 64 bit blocks required for input. If the number of bits in the message is not evenly divisible by 64,then the last block will be padded. Multiple permutations and substitutions are incorporated throughout in order to increase the difficulty of performing a cryptanalysis on the cipher. A.2. Advanced encryption Standard (AES)
B. Asymmetric methods
or
Public
Key
encryption
In the modern cryptographic algorithms, the encryption and decryption keys are not only different, but also one of them is placed in the public domain, such algorithms are referred as asymmetric key cryptography, public key cryptography. And for our research we will be focusing on RSA
AES is based on a design principle known as a substitution-permutation network, and is fast in both software and hardware unlike its predecessor DES, AES does not use a Feistel network. AES is a variant of Rijndael which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits. By contrast, the Rijndael specification per se is specified with block and key sizes that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits. AES operates on a 4×4 column-major order matrix of bytes, termed the state, although some versions of Rijndael have a larger block size and have additional columns in the state. Most AES calculations are done in a special finite field [12]. The key size used for an AES cipher specifies the number of repetitions of transformation rounds that convert the input, called the plaintext, into the final output, called the ciphertext. The number of cycles of repetition are as follows: • 10 cycles of repetition for 128-bit keys. • 12 cycles of repetition for 192-bit keys. • 14 cycles of repetition for 256-bit keys. Each round consists of several processing steps, including one that depends on the encryption key itself. A set of reverse rounds are applied to transform ciphertext back into the original plaintext using the same encryption key.
Figure : Asymmetric Schema
RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted in a reasonable amount of time using the private key. The keys for the RSA algorithm are generated the following way: 1. Choose two distinct prime numbers p and q. o For security purposes, the integers p and q should be chosen at random, and should be of similar bit-length. Prime integers can be efficiently found using a primality test. 2. Compute n = pq. o n is used as the modulus for both the public and private keys. Its length, usually expressed in bits, is the key length.
3. Compute φ(n) = (p – 1)(q – 1), where φ is
Euler's totient function. 4. Choose an integer e such that 1 < e < φ(n) and greatest common divisor gcd(e, φ(n)) = 1; i.e., e and φ(n) are coprime. o e is released as the public key exponent. o e having a short bit-length and small Hamming weight results in more efficient encryption – most commonly 216 + 1 = 65,537. However, much smaller values of e (such as 3) have been shown to be less secure in some settings. 5. Determine d as d ≡ e−1 (mod φ(n)), i.e., d is the multiplicative inverse of e (modulo φ(n)). • This is more clearly stated as solve for d given de ≡ 1 (mod φ(n)) • This is often computed using the extended Euclidean algorithm. • d is kept as the private key exponent. By construction, d⋅e ≡ 1 (mod φ(n)). The public key consists of the modulus n and the public (or encryption) exponent e. The private key consists of the modulus n and the private (or decryption) exponent d, which must be kept secret. p, q, and φ(n) must also be kept secret because they can be used to calculate d [13]. • An alternative, used by PKCS#1, is to choose d matching de ≡ 1 (mod λ) with λ = lcm(p − 1, q − 1), where lcm is the least common multiple. Using λ instead of φ(n) allows more choices for d. λ can also be defined using the Carmichael function, λ(n). • The ANSI X9.31 standard prescribes, IEEE 1363 describes, and PKCS#1 allows, that p and q match additional requirements: being strong primes, and being different enough that Fermat factorization fails.
III.
DISCUSSION
Symmetric key encryption is also known as shared-key, single-key, secret-key, and private-key or one-key encryption. In this type of message encryption, both sender and receiver share the same key which is used to both encrypt and decrypt messages. Sender and receiver only have to specify the shared key in the beginning and then they can begin to encrypt and decrypt messages between them using that key. Examples include AES (Advanced Encryption Standard) and DES (Data Encryption Standard) [14]. The advantages offer by this encryption are simple to use because of the share key, simple encryption and decryption of files, there are very fast compare to other, they use less computer resources, some disadvantages of it is that the need for secure channel for secret key exchange, you have to generate too many keys went you start a transferring a new file, problem of origin authentication of message since both sender and receiver use the same key, message cannot be verify very easy for a hacker to penetrate Asymmetric algorithm or public key encryption, this method of encrypting messages makes use of two keys: a public key and a private key. The public key is made publicly available and is used to encrypt messages by anyone who wishes to send a message to the person that the key belongs to. The private key is kept secret and is used to decrypt received messages. An example of asymmetric key encryption system is RSA. The advantages of this algorithm is that is very convenient because the private key are secret, it provides an authentication of message by using a digital signatures which enables the recipient of a message to verify the sender, provide a detection of tampering to check if the message was not altered as a disadvantages it is slow, use more computer resources, and very easy to crack if the hacker knows the private keys Our proposal We have seen both advantage and disadvantages of symmetric and asymmetric
algorithm, for a new customer or company to move to cloud they have to access which file are they going to transfer or use often and share with customer or employee, those will be the criteria to take in consideration, for example if the file are not confidential so they can opt for a symmetric algorithm DES even this encryption offer 56 bit but it will be relevant, if the information is more confidential then they should opt for a better encryption and better checking of the provenance of the message they can use RSA. So classifying the data base on high confidentiality to low confidentiality it is a need before looking for what encryption the provider offer, that will also save you the cost of investing in cloud because you can use different cloud provider base on security they offer and the cost will be different.
[3]
[4]
[5] [6]
[7]
IV. CONCLUSION In this paper, we investigated what encryption needed by the user by comparing two cryptographic asymmetric and symmetric algorithms to help them to decide on what encryption is better for their need before they choose a cloud service provider. We have found that the need of cryptography will depend of the confidentiality of the data, the more high confidentiality the more encryption such as RSA to detect who send the message and to use two key rather than one in symmetric and the low confidentiality will need low encryption, so before deciding it will be better to know the confidentiality of your data. That will help you to save money because you do not have to use high cryptography offer by the cloud computer if you do not need it.
[8]
[9]
[10]
[11]
References
[1] YARLAGADDA, VAMSEE KRISHNA, and SRIRAM RAMANUJAM, "Data Security in Cloud Computing," Journal of Computer and Mathematical Sciences Vol, pp. 1-169, 2011. [2] M. Sudha, "Enhanced Security Framework to Ensure Data Security in Cloud Computing Using
[12]
[13]
Cryptography," Advances in Computer Science and its Applications, pp. 32-37, 2012. Ronny, Stephan Grob, and Alexander Schill. Seigner, "SecCSIE: A Secure Cloud Storage Integrator for Enterprises," Commerce and Enterprise Computing (CEC), 2011 IEEE 13th Conference on, pp. 252-255, 2011. S Nepal, S. Chen, and J. Yao, "DIaaS: Data integrity as a service in the cloud," Cloud Computing (CLOUD), 2011 IEEE International Conference on, pp. 308-315, 2011. C. Wang, K. Ren, W. Lou, and J. Li, "Toward publicly auditable secure cloud data storage services," Network, IEEE, pp. 19-24, 2010. Q. LIeu, G. Wang, and J. Wu, "Efficient sharing of secure cloud storage services," Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on, vol. 29, 2010. M. Raykova, H. Zhao, and S. Bellovin, "Privacy enhanced access control for outsourced data sharing," Financial Cryptography and Data Security, pp. 223-238, 2012. Y. Zhu, H. HU, and G.J. Ahn, "Comparisonbased encryption for fine-grained access control in clouds," Proceedings of the second ACM conference on Data and Application Security and Privacy, pp. 105-116, 2012. Z. Hao, S. Zhong, and N. Yu, "A privacypreserving remote data integrity checking protocol with data dynamics and public verifiability," Knowledge and Data Engineering, IEEE Transactions on, vol. 23, no. 9, pp. 14321437, 2011. D. Lin and A. Squicciarini, "Data protection models for service provisioning in the cloud," Proceedings of the 15th ACM symposium on Access control models and technologies, pp. 183192, 2010. M. Almorsy and J. Grundy, "An analysis of the cloud computing security problem," the proc. of the 2010 Asia Pacific Cloud Workshop, Colocated with APSEC2010, Australia, 2010. T Mather, S Kumaraswamy, and S Latif, Cloud security and privacy: an enterprise perspective on risks and compliance.: O'Reilly Media, Incorporated, 2009. G. Wang, Q. Liu, and J. Wu, "Achieving finegrained access control for secure data sharing on cloud servers," Concurrency and Computation:
Practice and Experience, pp. 1443-1464, 2011. [14] M.A. AlZain, E. Pardede, B. Soh, and J.A. Thom, "Cloud computing security: from single to multiclouds," System Science (HICSS), 2012 45th Hawaii International Conference on, pp. 54905499, 2012. [15] V.J.R. Winkler, securing the cloud: cloud computer security techniques and tactics.: Syngress, 2011.
