Apr 18, 2018 - ELLIPTIC CURVE CRYPTOGRAPHY IN CLOUD COMPUTING. SECURITY ... cryptography (EEC)works, and how it can be used as an encryption solution to security related issues in ..... [3] William Stallings, Cryptography and Network Security. Principles and Practice Sixth Edition, Pearsons, ISBN10:0-13-.
International Journal of Computer Engineering and Applications, Volume XII, Issue III, March 18, www.ijcea.com ISSN 2321-3469
ELLIPTIC CURVE CRYPTOGRAPHY IN CLOUD COMPUTING SECURITY
First A.Santosh Kumar Singh, Research Scholar, Department of Computer Applications, Vinoba Bhave University Hazaribag, India, Second B. Dr. P.K. Manjhi, Assistant Professor, University Department of Mathematics, Vinoba Bhave University, Hazaribag, and Third C. Dr. R.K. Tiwari India , Professor, H.O.D CSE, R.V.S College of Engg & Tech., Jamshedpur, India
ABSTRACT: Cloud computing is a technological advancement that has been growing swiftly during the last decade. In simple terms, cloud computing is a technology that enables shared, remote, on-demand and ubiquitous access to services through the Internet. It enables consumers to access applications and services that reside on remote servers, without having to allocate large amounts of storage space on their own computer and without the need for extensive compatibility configurations. Many such cloud applications provide services that are meant to handle sensitive user data and thus the protection of this data in terms of access and integrity is of major concern. Space- and time complexity of encryption algorithms can prove to be imperative when it comes to system performance. In this paper we will briefly present how elliptic curve cryptography (EEC)works, and how it can be used as an encryption solution to security related issues in cloud computing.
Santosh Kumar Singh, Dr. P.K. Manjhi And Dr. R.K. Tiwari
179
ELLIPTIC CURVE CRYPTOGRAPHY IN CLOUD COMPUTING SECURITY
I. INTRODUCTION In this section we will briefly describe the notion of cloud computing to aid us in the discussion of ECC in cloud computing later. According to the National Institute of Standards and Technology (NIST), essential characteristics for a service based on the cloud computing model are [1]: 1. On-demand self-service: The consumer can provision service capabilities, such as server time and network storage, without actively interacting with the service provider. 2. Broad network access: the service is available through common client platforms that have network access, like mobile phones, laptops etc... 3. Resource pooling: Resources serve multiple consumers and dynamically reassigns, according to the demands of the consumer. Examples of re-sources are storage and network bandwidth. 4. Rapid elasticity: This term is related to the scalability of the service. On the consumer side, the cloud computing resources may seem infinite, even though allocation and de-allocation of resources may occur at the provider's end. In other words, service capabilities are provisioned and released to accommodate increase or decrease in demand. 5. Measured service: The provider of the cloud service can monitor and control the amount of resources used by, or available to, the consumers. Thus different options can be made available to the consumers, depending on their different needs. Furthermore, cloud computing services can usually be placed in one of three different categories of service models: 1.
2.
Software as a service: The consumer can use applications running on the provider's cloud servers. The underlying cloud infrastructure aspects of the service, such as network, storage and operating systems, are not controlled by the consumer. A possible exception is user-specific application configuration settings. Examples are: Dropbox and Google Docs. Platform as a service: The consumer can create applications using programming languages, libraries and tools supported by the provider and deploy these applications onto the provider's cloud platform. As before,
3.
most of the underlying cloud infrastructure is still not controlled by the consumer. However, the consumer has control over deployed applications. Examples are: Microsoft Azure and Google App Engine. Infrastructure as a service: The consumer is provided with resources like processing power, storage and networks to be able to deploy and run applications and operating systems. The consumer has control over operating systems, storage and deployed applications. Examples are: Amazon EC2 and Rackspace
As with most applications, cloud computing services face many security challenges. The ones we would like to address in this paper are those related to integrity, confidentiality and authentication, all of which concern data protection.
II. ELLIPTIC CURVE CRYPTOGRAPHY Elliptic curve cryptography (ECC)
Fig. 1.Characteristics of ECC
[5-9]It is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC requires smaller keys compared to non-ECC cryptography (based on plain Galois fields) to provide equivalent security. Elliptic curves are applicable for encryption, digital signatures, pseudorandom generators and other tasks. Its main characteristics are as shown in Fig. 1. Stronger encryption, efficient performance, highly scalable and it is future of cryptography technology. They are also used in several integer factorization algorithms that have applications in cryptography, such as Lenstra elliptic curve factorization. The primary benefit
Santosh Kumar Singh, Dr. P.K. Manjhi And Dr. R.K. Tiwari
180
International Journal of Computer Engineering and Applications, Volume XII, Issue III, March 18, www.ijcea.com ISSN 2321-3469 promised by ECC is a smaller key size, reducing storage and transmission requirements, as shown in fig. 2, i.e. that an elliptic curve group could provide the same level of security afforded by an RSA-based system with a large modulus and correspondingly larger key: for example, a 256-bit ECC public key should provide comparable security to a 3072-bit RSA public key.
Fig. 2.Memory used by ECC, RSA
For current cryptographic purposes, an elliptic curve is a plane curve over a finite field (rather than the real numbers) as shown in Fig. 3 which consists of the points satisfying the equation along with a distinguished point at infinity, denoted ∞.
The Elliptic Curve Digital Signature Algorithm (ECDSA) is based on the Digital Signature Algorithm, The Edwards-curve Digital Signature Algorithm (EdDSA) is based on Schnorr signature and uses twisted Edwards curves, The ECMQV key agreement scheme is based on the MQV key agreement scheme, The ECQV implicit certificate scheme.
Diffie-Hellman: A cryptographic key exchange method developed by Whitfield Diffie and Martin Hellman in 1976. Also known as the "Diffie-HellmanMerkle" method and "exponential key agreement," it enables parties at both ends to derive a shared, secret key without ever sending it to each other. Using a common number, both sides use a different random number as a power to raise the common number. The results are then sent to each other. The receiving party raises the received number to the same random power they used before, and the results are the same on both sides. Elliptic curve cryptography and key management shown in Fig. 4
Fig. 3.Elliptic Curve
This set together with the group operation of elliptic curves is an Abelian group, with the point at infinity as identity element. The structure of the group is inherited from the divisor group of the underlying algebraic variety.
Cryptographic schemes: Several discrete logarithmbased protocols have been adapted to elliptic curves, replacing the group with an elliptic curve[6]
The elliptic curve Diffie–Hellman (ECDH) key agreement scheme is based on the Diffie–Hellman scheme, The Elliptic Curve Integrated Encryption Scheme (ECIES), also known as Elliptic Curve Augmented Encryption Scheme or simply the Elliptic Curve Encryption Scheme, Santosh Kumar Singh, Dr. P.K. Manjhi And Dr. R.K. Tiwari
181
ELLIPTIC CURVE CRYPTOGRAPHY IN CLOUD COMPUTING SECURITY
a subgroup of it follows from Lagrange's theorem that the number is an integer. In cryptographic applications this number h, called the cofactor, must be small ( ) and preferably . To summarize: in the prime case, the domain parameters are ; in the binary case, they are . Unless there is an assurance that domain parameters were generated by a party trusted with respect to their use, the domain parameters must be validated before use. The generation of domain parameters is not usually done by each participant because this involves computing the number of points on a curve which is time-consuming and troublesome to implement. As a result, several standard bodies published domain parameters of elliptic curves for several common field sizes. Such domain parameters are commonly known as "standard curves" or "named curves"; a named curve can be referenced either by name or by the unique object identifier defined in the standard documents:
Fig. 4. ECC Diffie-Hellman Key Exchange
Implementation: Some common implementation considerations include: Domain parameters: To use ECC, all parties must agree on all the elements defining the elliptic curve, that is, the domain parameters of the scheme. The field is defined by p in the prime case and the pair of m and f in the binary case. The elliptic curve is defined by the constants a and b used in its defining equation. Finally, the cyclic subgroup is defined by its generator (base point) G. For cryptographic application the order of G, that is the smallest positive number n such that , is normally prime. Since n is the size of
NIST, Recommended Elliptic Curves for Government Use SECG, SEC 2: Recommended Elliptic Curve Domain Parameters ECC Brainpool (RFC 5639), ECC Brainpool Standard Curves and Curve Generation
Table 1, from NIST SP800-57 (Recommendation for Key Management), compares various algorithms by showing comparable key sizes in terms of computational effort for cryptanalysis. As can be seen, a considerably smaller key size can be used for ECC compared to RSA. Furthermore, for equal key lengths, the computational effort required for ECC and RSA is comparable. Thus, there is a computational advantage to using ECC with a shorter key length than a comparably secure RSA [3]. Table 1 Comparable Key Size in Terms of Computational Effort for Cryptanalysis (NIST SP-800-57)
Symmetric Key Algorithms
Diffie-Hellman, Digital Signature Algorithm
RSA (size of n in bits)
ECC (modulus size in bits)
80 112 128 192 256
L=1024, N=160 L=2048, N=224 L=3072, N=256 L=7680, N=384 L=15360, N=512
1024 2048 3072 7680 15,360
160-223 224-255 256-383 384-511 512+
Santosh Kumar Singh, Dr. P.K. Manjhi And Dr. R.K. Tiwari
182
International Journal of Computer Engineering and Applications, Volume XII, Issue III, March 18, www.ijcea.com ISSN 2321-3469
L = size of public key, N = size of private key
III. APPLICATION OF ECC IN CLOUD ARCHITECTURE When it comes to the application of ECC to cloud computing security, Tirthani and Ganesan propose a simple architecture based on the Diffie-Hellman Key Exchange and ECC to secure a cloud system [2]. In this section we present their proposed architecture for a client/cloud server system, which uses a four step procedure that consists of connection establishment, account creation, authentication and data exchange. Establishing the connection to the system and the creation of an account for a first time user constitute the two first steps. When a first time user accesses the system for the first time, an initial connection can be made using HTTPS and SSL protocols. During account creation, the cloud server will generate a unique user ID and the private/public key pair necessary for ECC encryption. The third step is the authentication of a user that logs in to the system. This is done by having the user provide the user ID that was created during account creation. The final step, the data exchange, is done by using the Diffie-Hellman key exchange protocol. When the client wants to retrieve data from the server, the client's query is stored in a file which is encrypted with the servers public key and the client's private key. The encrypted file is sent to the server, where the file is decrypted using the server's private key to retrieve and process the query. Thereafter, the server encrypts the resulting data with the server's private key and the client's public key, and sends this back to the client who can retrieve the queried data by decrypting the package with his/her own private key. IV. CONCLUSION
is quite compatible with predominant cryptographic methods, like the Diffie-Hellman key exchange, as shown earlier. Therefore, with this paper, we encourage further development and usage of ECC in cloud computing security. REFERENCES [1]
[2]
[3]
[4]
[5] [6] [7]
[8] [9]
National Institute of Standard and Technology: The NIST definition of cloud computing, Web: http:// faculty. Winthrop .edu/ domanm/ csci411 /handouts/NIST.pdf.2011 Tirthani, Ganesan: Data Security in Cloud Architecture Based on Diffie Hellman and Elliptical Curve Cryptography. Web:https://eprint.iacr. org/2014/049.pdf. 2014. William Stallings, Cryptography and Network Security Principles and Practice Sixth Edition, Pearsons, ISBN10:0-13335469-5. Santosh kumar Singh, Dr. P.K.Manjhi, Dr. R.K.Tiwari “An Efficient and Secure Protocol for Ensuring Data Storage Security in Cloud Computing Using ECC ” International Journal of Advance Research in Computer and Communication Engineering, (IJARCCE), Vol-5, Issue 7, July2016, ISSN: 2278-1021, pp. 5-15, DOI 10.17148/IJARCCE.2016.5702. Amazon.com, “Amazon Web Services (AWS),” Online at http://aws. amazon.com, 2008. Apple “ICloud” Online at http://www.apple.com/icloud/whatis.html 2010 . N. Gohring, “Amazon’s S3 down for several hours” Online at http://www.pcworld.com/businesscenter/article/142549/amazo nss3 down for several hours.html, 2008. C. K. Koc: Cryptographic Engineering. Springer 2009. D. Hankerson, A. Menezes, S. Vanstone: Guide to Elliptic Curve Cryptography. Springer. 2004.
BIOGRAPHY
First A. Author Santosh Kumar Singh is a Research Scholar in the Department of Computer Applications, Vinoba Bhave University, Hazaribag, Photograph Jharkhand, India. He received M. Phil (Computer Science) degree in 2011 and Master of Philosophy Dissertation entitled “study on the network security & network topology”. He Qualified Doctoral (Ph.D) Eligibility Test 2014 of Vinoba Bhave University, Hazaribag. His research interests are Cloud Computing, Parallel and Distributed Computing etc. He is currently working on Cloud Computing.
Cloud computing security is of major relevance as a result of the growing number of services that have emerged in the recent years. Most of these services have to handle and protect the consumers' sensitive data. From the points presented, it is evident that as intruders gain more resources and develop new techniques to crack our systems, we have to modify them to be more robust against these attacks. Cryptosystems like the RSA, which is widely used today, seem to be reaching a point where they are outdated when performance is on the line. Elliptic curve cryptography has been around for a while, but has not garnered widespread usage yet, compared to other cryptosystems. However, ECC has considerable advantages when it comes to security performance and Santosh Kumar Singh, Dr. P.K. Manjhi And Dr. R.K. Tiwari
183
