Upload
jasscheema
View
64
Download
1
Embed Size (px)
Citation preview
1
2
Project Title
Cloud Data Confidentiality- Various Encryption techniques
Graduate Diploma in Information Technology
PRJ 702
2016
Submitted by -Jasdeep Kaur
Student Id- 13466554
Blog - https://jasdeepit.wordpress.com/
3
Abstract
In the modern world, the data is growing at an exponential rate. It gives rise to the adoption of an advanced data
storage technology, which is known as cloud-computing.
Cloud-computing provides online access to a pool of resources including computational platform, storage,
applications, and services. Cloud-computing is a very cost effective as you have to pay only for the resources that
you have used. It is a user-friendly measure to handle vast amount of data. IT businesses are shifting towards the
cloud-computing. However, cloud-computing also facing several data security challenges. Integrity,
confidentiality and availability are the major concerns of the cloud-computing. Data integrity and confidentiality
has a significant effect on the cloud security and performance. This research report aims at identifying various
techniques for ensuring data confidentiality in the cloud. Encryption is widely accepted mechanism for cloud data
confidentiality. It is used to protect data in static and dynamic form. There are various types of encryption
techniques including Homomorphic Encryption. Identity-based encryption, Attribute based Encryption etc. Each
technique of encryption has its own complexity and usage. This paper demonstrated each encryption techniques in
context to its usage for cloud-data confidentiality.
Keywords
Cloud-Computing, Encryption, Data Confidentiality, Security, Algorithm, Cryptography, Encryption- Key
4
Acknowledgment
I would like to show my gratitude to every person who contributed for the successful completion of my
research report. First, I am very grateful to my research guide Mrs. Charanya Mohanakrishnan for her
valuable guidance and encouragement. She gave me opportunity to work in my interest area. I am really
thankful for her helpful discussions and suggestions.
I would also like to show my gratitude towards all NMIT staff members and my colleagues who helped
me during my research for this report.
5
Table of Contents Abstract ......................................................................................................................................................................3
Acknowledgment ........................................................................................................................................................4
Table of Figures ..........................................................................................................................................................7
Abbreviations .............................................................................................................................................................8
Introduction ................................................................................................................................................................9
Aims and Objectives ............................................................................................................................................ 11
Background .............................................................................................................................................................. 12
Basics of Cloud-Computing .................................................................................................................................. 12
Key Features Of Cloud Computing .................................................................................................................. 12
Deployment models ........................................................................................................................................ 13
Models of cloud-computing ............................................................................................................................ 14
Known Cloud Service Providers ....................................................................................................................... 15
Importance of security in cloud computing ............................................................................................................ 16
Cloud Data Security Requirement ........................................................................................................................... 17
Literature review ..................................................................................................................................................... 19
Ensuring Data Confidentiality in the cloud .............................................................................................................. 21
Cryptography fundamentals ................................................................................................................................ 22
Introduction to Encryption .................................................................................................................................. 23
Cryptographic techniques used in the cloud computing......................................................................................... 24
Identity-based Encryption (IBE) ........................................................................................................................... 24
Attribute-based Encryption ................................................................................................................................. 27
Fully homomorphic Encryption (FHE) .................................................................................................................. 29
AES (Sachdev & Bhansali, 2013) .......................................................................................................................... 31
DES Algorithm ...................................................................................................................................................... 34
3DES ..................................................................................................................................................................... 37
RC4 (Mousa & Hamad, 2006) .............................................................................................................................. 38
Blowfish ............................................................................................................................................................... 41
RSA ....................................................................................................................................................................... 43
Diffie-Hellman ...................................................................................................................................................... 45
ElGamal ................................................................................................................................................................ 46
Paillier Cryptosystem (Benzekki, Fergougui, & Alaoui, 2016) ............................................................................. 47
6
Goldwasser-Micali ............................................................................................................................................... 48
Conclusion ............................................................................................................................................................... 49
Bibliography ............................................................................................................................................................. 50
7
Table of Figures Figure 1 Unauthorized Access to Cloud Data (Maddineni & Ragi, 2011) .................................................................9
Figure 2 Survey Graph of Cloud Computing Challenges (Whyman, 2008) .............................................................. 16
Figure 3 Identity-based encryption scheme (Neven & Kiltz, p. 3) ........................................................................... 25
Figure 4 AES Algorithm (Pansotra & Singh, 2015) ................................................................................................... 32
Figure 5 Flow Diagram of DES Algorithm (T.N.Srimanyu & Singla) ......................................................................... 35
Figure 6 TDEA Algorithm (Pansotra & Singh, 2015) ................................................................................................ 37
Figure 7 RC4 Algorithm (Mousa & Hamad, 2006) ................................................................................................... 39
Figure 8 Blowfish Encryption (Verma & Singh, March 2012) .................................................................................. 42
8
Abbreviations 1. CSP-Cloud service Provider
2. NIST- National Institute of Standards and Technology
3. USDA- United States Department of Agriculture
4. IDC- International Data Corporation
5. DOJ-Department of Justice
6. ERP- Enterprise resource planning
7. CRM- Customer relationship management
8. AWS-Amazon Web Services
9. RSA- Rivest-Shamir-Adleman
10. EAP- Extensible Authentication Protocol
11. ROM-Read Only Memory
12. I/O- Input Output
13. FHE- Fully Homomorphic Encryption
14. CPU- Central Processing Unit
15. IT- Information Technology
16. XCP- Extensible Communications Platform
17. CA -Certification Authority
18. IBE-Identity-based Encryption
19. SSL- Secure Sockets Layer
20. ABE-Attribute-based Encryption
21. KP-ABE - Key-Policy based ABE
22. CP-ABE- Ciphertext-Policy based ABE
23. AES- Advanced Encryption Standard
24. DES-Data Encryption Standard
25. FIPS- Federal Information Processing Standard
26. IP-Initial Permutation
27. TDEA- Triple Data Encryption Algorithm
28. IV-Initialization Vector
29. NBS- National Bureau of Standards
9
Introduction Digital content has been growing at an exponential rate with recent advances in the technical field. By
2020 digital world will expand by the factor of 300 which will include 40 trillion gigabytes of replicated
data. To compensate such a rapid growth, the digital arena will need new storage and network utilities.
The demand for cost-effective data storage and high bandwidth networks will arise to store and transfer
such a huge amount of data. In this growing data field, Cloud Computing has gained popularity over
traditional storage models due to its numerous advantages and cost-effectiveness (Gantz & Reinsel,
December 2012).
Cloud Computing provides online access to a pool of resources including computational platform,
storage, applications, and services. The main cloud service providers in the market are Google,
Microsoft, IBM, Rackspace, Amazon etc. In the cloud computing, the major challenges are to secure,
protect and process the stored data efficiently.
Below, a scenario is described where whole data of a company resides in the cloud.
UNAUTHORIZED USER
COMPANY’S DATA RESIDING ON CLOUD
Figure 1 Unauthorized Access to Cloud Data (Maddineni & Ragi, 2011)
10
In the above figure, total data of the company has been moved to the cloud. And only the authorized of
the company can access the data through the local network. But there also exists the possibility of
unauthorized users to access the confidential data of the company. The employees of the company have
allotted virtual machines with valid credentials in the cloud but these credentials can be cracked and
sensitive data of the company can be leaked.
Regarding this area of data confidentiality, lots of research is going on. Many efficient encryption
techniques have been developed that minimized this threat up to a significant level. This report
demonstrates various encryption models after a thorough literature review in the field cloud computing
data confidentiality.
11
Aims and Objectives
The main aim of the research paper is to understand and analyze various encryption techniques which
improve the data confidentiality in cloud computing. Also to understand the field of cloud computing
and its security concerns. The main objectives of the research are
To understand the cloud computing security concern especially dealing with data
confidentiality.
To identify the various encryption techniques for ensuring data confidentiality.
To understand the complexity behind each encryption technique.
To understand how one technique of encryption differs from another.
12
Background
Basics of Cloud-Computing As the Cloud-Computing paradigm is relatively new in the technical world, the term is overused. In
general terms- Cloud can be described as a sharable and scalable resource pool. These resources can be
provided on-demand by the external service providers over the Internet on the terms of pay per use.
Cloud is defined by NIST -
“A model for enabling convenient, on-demand network access to a shared pool of configurable
computing resources (e.g., networks, servers, storage, applications, and services) that can be
rapidly provisioned and released with minimal management effort or service provider
interaction”
The above NIST definition highlights key characteristics of cloud along with deployment
models and deliverable models.
Key Features Of Cloud Computing
The key features of cloud-computing are as following-
a. On demand resource availability
The cloud resources can be accessed anywhere over the internet as per the need of
the user without the requirement of human intervention. It is similar to autonomic
computing due to its self -managing feature and adaptation to unpredictable
changes by the user.
b. Reliability
Cloud-Computing resources are highly reliable as they are not affected by any
unforeseen incidents such as power failure. They are available all over the world
despite any geographical restrictions.
c. Scalability
The cloud resources can be easily scaled up or scaled down as per the change in
need of the user. Therefore, users need not worry about the limited capacities and
purchasing cost of physical machines.
13
d. Cost-effectiveness
Usage of similar cloud resources from thousands of users aggregates to achieve
economies of scale. Cloud works on the model of pay- as-you- go, so users need
not to provision the resources for future need and they pay only for what they use.
It is a measured service.
e. Shared Resources
Cloud works on the multi-tenant model. The cloud resources are not dedicated;
they are shared among several users. It makes use of virtualization technology and
users are not aware of any kind of resource limitation. Based on the demand of the
user, resources are provisioned and de-provisioned automatically.
Deployment models
Based on who is owner and who is user of the cloud, the following deployment
models are defined-
a. Public Clouds
Public clouds provide accessibility to the general public. The users of public
clouds are considered to be untrusted as anyone from anywhere has access to such
cloud. The third party is responsible for management of public clouds. Services
may be offered free or on the basis of the pay-as-you-go model. Google App
Engine, IBM’s blue cloud, and Amazon Elastic Compute Cloud are the examples
of popular public clouds.
b. Private Clouds
Resources are not shared in private clouds and they run only to serve the single
organization .It allows gaining the benefits of cloud architecture without
discarding the maintenance of own data centers. It is not a reasonable solution for
small to medium sized corporations due to it being an expensive measure.
StratoGen, Apache, and Rackspace are the famous private cloud providers.
The U.S. Army, Air Force, Navy, DOJ, USDA and more have been using the
private clouds due to their high need of data sensibility.
14
c. Community Clouds
Several organizations that have common requirements adopt community clouds.
They are more cost effective way than private clouds as the operating cost get
shared among the members of the community. The users of the community clouds
have trust relationship among themselves.
d. Hybrid Clouds
The combination of public, private and community clouds give rise to hybrid
clouds. Hence with such combination of more than one type of cloud, the benefits
of each model can be taken. For example, a company can outsource their
resources to the public cloud from their private clouds during the peak hours,
therefore saving the company operations to get slowed.
Models of cloud-computing
A flexible and scalable environment is offered by the cloud computing services.
Cloud Service Providers (CSPs) are considered to be responsible for the
management, maintenance and implementation of cloud infrastructure. Cloud
services can be categorized as below-
a. SaaS (Software as a Service)
It offers online delivery of the software without buying the software licenses for
the company’s ERP and CRM systems and without the need of installation of this
software on the company’s systems. The software is hosted by the third party
called as cloud service providers and company employees can access the software
through internet throughout the world. It is more cost effective way than using the
traditional installed software as the company is not responsible for the
maintenance (Dubey & Wagle, June 2007).
b. PaaS (Platform as a Service)
It provides on-demand computing platforms to the users where the application can
be developed and deployed. It reduces the cost and complexity of software
development as the user need to bother about underlying structure. It provides
computing platforms such as web server, operation system, database and
programming language execution platforms (Mell & Grance, September 2011).
15
c. IaaS (Infrastructure as a Service)
CPU, Memory and Server storage space are the resource that can be scaled up and
down very frequently as per the change in the need of the user. It allows the user
to start up their companies without the expensive start-up cost of hardware
resources (Giweli, 2013).
Cloud Computing services are widely used in the present times by the larger companies. There is also a
lot of competition in the market among various cloud service providers. The famous Cloud Service
Provider companies are discussed next.
Known Cloud Service Providers
The known cloud service providers of the present time in the IT market are Amazon, Google, Microsoft,
IBM, Salesforce, Rackspace, Oracle, VMware, Eucalyptus etc. The services offered by one vendor
differs other.
IBM: It provides platform as a service under the model name Lotus Life.
Google: Google App Engine cloud that supports interfaces of application programming
which can store data, provide email services and manipulate the images.
Amazon: AWS provides a very safe platform of cloud services that offers computing
power, data storage, content delivery etc. which help the businesses in their growth.
Amazon Web Services include Amazon simple storage services (S3) and elastic compute
cloud (EC2).
Eucalyptus: It is an open source cloud software infrastructure that helps the enterprises
to create their own private cloud architecture.
Microsoft: Window Azure Platform: It includes a group of cloud technologies that helps
the applications developers by providing them a specific set of services.
VMware cloud named as VMware vCloud Air provide virtualization infrastructure.
Salesforce: Salesforce provides software as a service. It is a CRM solution that helps the
enterprises in all phases of sale. It speeds up and streamlines the sale process.
16
Importance of security in cloud computing
Figure 2 Survey Graph of Cloud Computing Challenges (Whyman, 2008)
The above depict the result of a survey conducted by IDC in August 2008 regarding the cloud
challenges/issues that affect the performance of cloud computing. The survey was conducted
among senior Business Administrators and IT specialists. From the above graph of the survey
result, it is clear that security is at the top of the list of concerns which declares its importance as
compared to other parameters of cloud computing.
Brad Smith is General Counsel & Executive Vice President of Legal & Corporate Affairs,
Microsoft. He also revealed the survey data of Microsoft at the Brookings Institution policy
forum “Cloud Computing for Business and Society”. He announced the survey result that 58%
of general population and more than 85% of business heads are very interested in the Cloud
Computing potentials. He also revealed that more than 90% of these people are much worried
about cloud security, access and privacy issues.
Hence, it is clear that cloud security is the biggest challenge that affects the performance and
growth of the cloud field.
0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00%
Not enough major supplies yet
Regulatory requirements prohibit cloud
Bringing back in-house may be difficult
Worried on-demand will cost more
Not enough ability to customise
Hard to integrate with in-house IT
Availability
Performance
Security
Challenges/issues ascribes to the cloud
% responding 4 or 5
17
Cloud Data Security Requirement Security is the biggest concern that resists the IT professional to adapt the cloud technology. As per the
survey (Khan, Kiah, Khan, & Madani, 2013) more than 74% of IT professionals do not intend to transfer
their company infrastructure to the cloud. Cloud provides distinctive features to the users but still the
adoption of cloud is not the first choice for them .Lack of privacy and data security are the main hurdles
for the cloud popularity. Advancements in the field of cloud data confidentiality are the way that can
help the cloud service providers to gain the trust of IT professionals. Security requirements of the cloud
are discussed below. These requirements address both user and provider perspectives.
2.1.1. Confidentiality
Data Confidentiality is the most important aspect of cloud security. It prevents unauthorized
access to the sensitive information on the cloud. It ensures data security and prevents data
from malicious attacks. Encryption is used widely to prevent such confidential violations.
Encryption can be used on all data forms i.e. static data, migrating data, and when data is
manipulated. Even the communication channels between Cloud Service Providers (CSP)
and the user can be encrypted. Encryption does not allow processing of the data. However,
current research in the field of encryption is trying to solve this issue also. Hence, data
confidentiality is mostly solved by the encryption.
2.1.2. Data Integrity and Consistency
Data Integrity defined as the measure of data accuracy and consistency. There are several
copies of same data on the cloud and all the copies should be identical. Omission and
Commission failures are responsible for consistency problems of the data. Failing to
respond to a request for data causes omission failure. Crash failure and unable to proceed
the requests come under omission failure. Commission failure occurs when the wrong
computation is done on data and the output is not the same what was expected. Data on the
cloud is replicated to address scalability, availability, and archival purposes. So the
consistency of replicated data must be ensured. Cryptographic methods can be used to
ensure data integrity.
2.1.3. Data Availability
Data Availability means that the user can access the data anytime whenever it is needed. On
another hand, it can be defined as timely and reliable access to the cloud data all times.
Cloud service Provider (CSP) is considered responsible for data availability.
The need of availability depends on the data’s critical nature. Too much critical data should
be made redundant and backed up regularly to have data available all the times.
18
Malicious attacks on the network connectivity between the user and CSP is a severe threat
to data availability. Hardware failure, Power failure, and other infrastructure failure are the
other threat to availability.
Beside these Data Access and Authentication and Accountability are also the major security
concerns of the cloud. Access and Authentication ensure only authorized person has access
to cloud and only to that cloud data for which authentication has provided to that user.
Accountability is defined as the capability to track what and when a user has done. All
these should also be addressed carefully to make cloud data secure.
19
Literature review
According to Singla and Singh, cloud computing is a technology where the users have access to a
remote pool of shared resources where users can store their data. Cloud service providers (CSP) and
Client are two major elements of the cloud environment. Data privacy and security is the major
challenge for cloud computing. Data can be attacked in the cloud as well as during the outsourcing
process. Encryption techniques are meant to provide data security. To provide efficient data security
encryption must be done by CSP as well as user (Singla & Singh, 2013).
As per Kaur and Verma, when the user outsourced sensitive data to share on the cloud many new data
security challenges come forth. Encryption methods are used to handle these security issues.
Homomorphic encryption is used which convert plain text into the cipher text and also generate an
encryption key which is used to read the ciphered text. Decryption keys are revealed only to trusted
users to ensure data confidentiality. There are many encryption techniques to ensure data confidentiality
(Kaur & Verma, July 2014).
In a journal article on The Security of Cloud Computing- availability, cost effectiveness and scalability
are the three factors that drive the innovation of new technology. Cloud computing is an upcoming
technology that provides these factors. Cloud computing is a term used for services provided over the
internet. Lack of security assurance by the providers has been a hindrance for business companies to
adopt the cloud computing services. This paper lists the threats towards cloud security. The paper
emphasizes the cloud provider’s side security. The threats include loss of integrity, denial of service,
untrusted access etc. this paper propose EAP solution for the unauthorized access and RSA solution for
the encryption of data on the cloud. In RSA, data can be encrypted using a public key by anyone, but
can only be decrypted by the private key held by the receiver (Sadia Marium, Ahmed, Ahthasham, &
Mehmood, 2012).
According to Geogre and Dr.Hemalatha , for security and integrity of cloud data encryption is very
important. A number of encryption techniques are available for protecting data integrity. These
techniques save the confidentiality of data. Cloud provides IaaS, PaaS, and SaaS services to the user on
demand and Cryptography enable the data security of shared cloud data. It maintains data integrity and
confidentiality. Identity-based encryption, Attribute-Based Encryption, Fully Homomorphic Encryption
and many other Modern Encryption Algorithms such as AES, DES, 3DES, RC4, Blowfish, RSA, and
Diffie-Hellman in XCP cloud environment are being used. A combination of two or more techniques
aids in efficient data security (George & Dr.M.Hemalatha, 2015).
20
Vikas Agrawal et. al. (2014) discussed cryptography is the technique used to encrypt the communication
to make it secure from a third party’s snooping. It is about building protocols and techniques to provide
data security which includes integrity, availability, and confidentiality. Cryptography includes
encryption and decryption which is the process of transforming plain text into coded text or ciphered
text. Symmetric key cryptography and public key cryptography are two methods used for the process of
encryption and decryption. Symmetric key cryptography is a method where both sides of
communication have the same key. AES and DES are two cryptographic algorithms that are
implemented in symmetric key cryptography. Public key cryptography is the design where receivers
have the different key than the sender. RSA algorithm is the solution for public key cryptography.
As per Aized Amin Soofi et. al. (Soofi, Khan, & Fazal-e-Amin, 2014), cloud computing area is an
exponentially growing area where users can use the services over the internet without installing any new
software or hardware. This area is quite popular because of the advantages it gives to its users but there
are some difficulties it is facing that hinders its growth. These difficulties mainly include the security
threats. Data confidentiality is the main concern for the users of the cloud computing. There are some
solutions that are introduced to implement this. Encryption is one of the solutions and it is widely
implemented to maintain the data confidentiality. This paper reviews different encryption methods and
types of approaches and types of validations to validate these approaches are discussed.
For data sharing, achieving and backup cloud services are gaining popularity. Cloud data confidentiality
is the major hurdle for the universal adoption of cloud infrastructure. Use of data encryption techniques
ensures data confidentiality. However, the encrypted data is very difficult to handle for computational
purposes. In order to handle this situation, information dispersion and decomposition comes into play
where data can be stored on distributed hosts (Branco, Machado, & Filho, October 6-9, 2014).
21
Ensuring Data Confidentiality in the cloud
Cloud security field is too vast and not easy to address together. Data confidentiality is the big security
concern of cloud which will be discussed in the report.
In the multi-tenant environment providing data-confidentiality is very challenging. The users outsourced
their data on servers which are located in remote geographical areas as compared to user’s location. The
servers are managed by third party known as Cloud Service Provider. There are a number of techniques
that can protect the data from unauthorized users by maintaining its confidentiality. Passwords,
Biometrics, and cryptography are famous techniques for data confidentiality. Low entropy is the
drawback of using passwords. Biometric techniques are very costly and hence cannot be implemented
on the large scale. In this scenario, cryptography is considered to be the best solution.
According to Folch (2011), companies and individuals are switching to the cloud as they want to
continue backup of their sensitive data. Frequent backup of the cloud data ensures data availability that
allows the users to access their data anywhere at any time without any delay. Before the evolution of the
cloud, the companies used to do periodic backups on their physical servers to prevent any data loss. The
backup data and the original data were present at the same physical location so the companies need not
to worry about the data protection. In cloud data is stored on the public servers which can be accessed
over the internet. Hence, data suffers from both external and internal attacks. Data should be protected in
such a way even if an authorized body able to reach the data, the data should remain unchanged. In other
words, it can be said that data confidentiality should be maintained. To handle this issue the best and
easy way is to Encrypt the data .Number of secure encryption techniques are available which are also
free to use. To guarantee the confidentiality the data should be encrypted both at user and CSP end. The
encryption done on the cloud provider side protects the data from external attacks. To save from inside
attacks the data should be encrypted by the user before uploading on the cloud.
22
Cryptography fundamentals
For a long time, military, government, and other secret services are relying on cryptography for data
security. It is art of coding information into secrets to preserve data integrity and confidentiality. In the
second of twenties, the field of cryptography expanded at a very significant level. The generation of
supercomputers and fast communication media is considered to be the reason for popularity of
cryptography. The first scheme of data encryption was given by Diffie Hellman in 1976 which was an
asymmetric cryptography mechanism. In 1978 well defined RSA algorithm came into the world. It was
given by Rivest, Shamir and Adelman. Concurrently, Miller and Koblitz proposed elliptic curve
encryption schemes. In this way all encryption techniques come to existence. With the evolution and
popularity of cloud-computing the techniques of the data encryption are also adopted for cloud data
security. In the future, quantum encryption is considered as the next step in this research area. Optics
will be the basis of quantum cryptography (KAANICHE, 2014) .
23
Introduction to Encryption
The process of converting plain text into secret cipher text to protect data its confidentiality and integrity
is called as encryption. It is used to protect data in transit and also in storage. It makes used of an
algorithmic scheme that convert plain readable text information into non-readable text form called as the
cipher-text. The reverse process is called as decryption which reconverts information again into a
readable format. A secret value is used for encryption and decryption process. The secret value is known
as key (A Guide to Cloud Encryption and SaaS Security).There are many categories of Encryption
techniques. On the broad aspect, Encryption is classified into two categories in respect to the relation
between key-pair.
a. Symmetric Encryption (Maha TEBAA, 2012)
In symmetric key encryption same key is used for data encryption and decryption
process.
Consider M is the plain text, C is Ciphertext, k is the encryption key, E is the encryption
scheme, and D is the decryption scheme.
For Symmetric-key encryption
D (E (M, k), k) = M
This means same key is used for encryption and decryption.
The Vernam one-time pad is symmetric key encryption proposed by G. Vernam in
1917.It is known as one- time pad as the key is renewed for every message. One-time pad
gives perfect secrecy (KAANICHE, 2014).
b. Asymmetric Encryption (Maha TEBAA, 2012)
In asymmetric key encryption, two different keys are used. Encryption is done with one
key and the other key is used to decrypt the message. Keys are named as public key and
private key. It is also known as public-key cryptography.
24
Cryptographic techniques used in the cloud computing The various encryption techniques that are used in cloud computing are discussed below.
Identity-based Encryption (IBE) The Idea of IBE was given by Adi Shamir. He is an Israeli cryptographer. During that time, he was
working at The Weizmann Institute of Science, Israel. It eliminates the need of Certification Authority
(CA) which was essential for traditional public-key schemes.
Shamir (1985) presented the scheme, which enables two parties to communicate securely and allows
them to verify each other without the exchange of any key-pair and without using any third-party
services. The scheme is based on public-key cryptography with a little extra twist. In place of generating
a random key pair, the user uses his name and network address to be used as the public key. The
combination of name and network address should be unique. Corresponding to the name and address
combination a unique key is generated by the company’s key generation center. This unique key is given
to the user in the form of a smart card to the user when he joins the network for the first time. The card
consist an embedded micro circuit, a secret key, encryption/decryption programs and
generation/verification for signature.
An IBE scheme resembles traditional mail communication in many aspects. Hence, it makes the
cryptographic communication very transparent for a user and it is very easy to use even without the
knowledge of keys and communication protocols.
For example - a user “A” want to send a message to another user “B”. User A signs the message with a
secret key in his smart card. User A also encrypts the signed message with the use of B’s name and
network address and sends it to B. B decrypt the received message with the secret key in his smart card
and also verify he sender by comparing with A’s name and network address as a verification key. The
secret key of the smart card is computed by key generation center.
The security of the scheme depends on-
a. Underlying Cryptographic functions
b. Key generation center privileged information
c. Saving the smart card from losing and unauthorized access
IBE scheme attaches identity information “i” with the message and the card holder ties it
further with physical user identity. The key generation center must prevent card
misinterpretation and should take necessary precaution to prevent card duplication.
25
The Scheme
The IBE is depicted in the following figure-
Figure 3 Identity-based Encryption scheme (Neven & Kiltz, p. 3)
It consists of four algorithms (IBE Secure E-mail) as below.
a. Setup- It generates two keys named as a public key and a master key
b. Keygen-It uses master key ad identity information of the receiver to generate a
private key.
c. Encrypt- It encrypts the message using sender’s identity and public key.
d. Decrypt- To decrypt the message, private key is used.
Setup Keygen
Encrypt Decrypt
Master key
Private key Public key
Communication
channel
Message
Identity
Identity
Message
Sender Receiver
26
The communication channel between the sender and the receiver is not encrypted. IBE make use of
elliptic curve functions.
IBE is used widely for cloud data security. It was first adopted for grid networks. In 2004, Lim and
Robshaw explored the idea of IBE usage in grid computing. Li et al. proposed IBE as an alternative to
SSL authentication for cloud systems. It was a three level model. Top level includes Cloud-
administrations. The middle level includes data-center. The third level is presented by cloud user. This
scheme suffers for lack of trust hierarchy between model layers. To solve this problem, Schridde et al.
gave a security infrastructure based on IBE. As per this scheme, each client has to register with
corresponding server known as authority server. Each user is given a private key during registration with
authority server. The key is unique for each user. This solved the problem of certificate based schemes
(KAANICHE, 2014).
27
Attribute-based Encryption
Attribute-based encryption was proposed by Sahai and Waters in 1984.It is one-to-many encryption in
which ciphertext is encrypted for only those users who fulfill some requirements. It provides fine-
grained access control to the cloud data. Specific access policies are associated with the ciphertext which
are determined by the encryptor. Attributes describe the user’s characteristics. These attributes are
embedded in the user’s secret key. The user whose attributes satisfy the access structure of the cipher
text can decrypt the text. The scheme preserves the cloud flexibility even after the encryption as the
cloud data sharing is possible without any knowledge about the data receiver (Horv´ath).
A secret key is used to decrypt the ciphertext. The secret key is based on a set of attributes w. The text is
encrypted with a public key based on a set of attributes w’. Sufficient overlapping should be there
between w and w’. The extent of overlap is defined by a deterministic threshold value denoted as t. A
party can encrypt the messages for a group of users. The user group has certain defined attribute set as
defined from an attribute pool. For example, a user encrypts scholarship details for all students who have
done bachelors. The scholarship is available for all the students from a particular age group and who
have achieved specific grades. An attribute subset {“Grade-A”, “Age- under 25 years”, “Education-
Bachelors”} defines the document encryption criteria. Only the user with these three attributes can hold
the private key to decrypt the encrypted scholarship document (A.Balu & K.Kuppusamy).
ABE is categorized as-
a. Key-Policy based ABE (KP-ABE)
b. Ciphertext-Policy based ABE(CP-ABE)
In Key-Policy based ABE scheme an attribute set is associated with the ciphertext. The secret-key is
defined on the basis of access policy. A descriptive attribute set is required to decrypt the encrypted text.
These attributes are defined by the encryptor. A trusted authority defines the secret key based on a
combination of attributes. (A.Balu & K.Kuppusamy)
In Ciphertext-Policy based ABE scheme the idea is exactly reverse to the Key-Policy based ABE. An
access policy is defined with respect to the encrypted text. The encrypting party is responsible for
determining the policy under which ciphertext can be decrypted. The secret key is set based on a number
of attributes (A.Balu & K.Kuppusamy). A user will be able to decrypt the cipher-text, only if the
attributes of the user satisfy the policy defined for respective encrypted text. Conjunction, disjunctions
and threshold gates can be used to define the policies. For example, consider {A, B, C, D} defines the
universe of attributes. User1 has a key to attributes {A, B}.User 2 has a key to attribute {D}.Policy
(A∧C)∨D is defined to encrypt the text. In this case, user 2 will be able to decrypt the cipher text but
28
user 1 will be unable to decrypt. This is because as per the rule of (k, n) threshold gates i.e. n number of
attributes should be present out of total k attributes (What is Attribute Based Encryption?) .
Both CP- AND KP-ABE should have collision resistance property. It should not allow distinct users to
pool their individual secret keys such that they could decrypt the ciphertext with the help of pooled key,
which was not allowed with their individual secret keys.
ABE can be viewed as generalized IBE scheme. ABE allows defining complex rules for defining private
keys of decryption. Private keys are related to set of attributes. So during encryption, an access policy is
encrypted. The access policy defines which decryption key (Bethencourt, Sahai, & Waters).
ABE is very adaptive solution that ensures fine grained access to outsourced data which is distributed on
untrusted cloud servers. ABE allows searching over the ciphertext. Each authorized user have right to
decrypt different piece of data based on the match of user identity and decryption key. A lot of research
is going on ABE to make it useful for cloud environments. In 2010, Yu et al. proposed ABE in a new
form in which a single user is allowed to share his data among multiple users in encrypted form. This is
possible with the help of key distribution among the users (KAANICHE, 2014).
29
Fully homomorphic Encryption (FHE) Ronald Rivest, Leonard Adleman, and Michael Dertouzos suggested the idea of FHE in 1978.Fully
homomorphic Encryption allows calculations on the encrypted data and results are exactly the same as if
the computation is done on plain data. It is defined as
Consider an input list m1, m2, m3…. mn. The user wants to perform a function “f” on this input list. But
the data is in the encrypted form as c1, c2, c3….. cn . It is also possible to apply function “f” on
encrypted data instead of decrypting the data. As under FHE
f (m1, m2, m3…. mn) = f (c1, c2, c3….. cn)
Homomorphic encryption is distinguished as Additive Homomorphic Encryption and Multiplicative
Homomorphic Encryption. This categorization is done on the basis of mathematical operation to be done
on data (Maha TEBAA, 2012).
a. Additive Homomorphic Encryption
A homomorphic Encryption is said to be additive if
Encryption (x⊕y) = Encryption(x) ⊕ Enc(y)
l l
Encryption (Σ mi) = Σ Encryption (mi)
i=1 i=1
Consider C1 and C2 are two cipher texts and
C1= gm1
. r1n mod n
2
C2= gm2
. r2n mod n
2
C1.C 2 = gm1
. r1n. g
m2. r2
nmod n
2 = g
m1+ m2 (r1r2)
n mod n
2
Paillier Cryptosystem have property of Additive Homomorphic Encryption.
The electronic Voting system makes use of additive homomorphic encryption. Each
vote is encrypted but the total number of votes is decrypted.
b. Multiplicative Homomorphic Encryption
A homomorphic Encryption is said to be Multiplicative if
Encryption (x ⊗ y) = Encryption (x) ⊗ Enc(y)
l l
Encryption (∏mi) = ∏ Encryption (mi)
i=1 i=1
Consider C1 and C2 are two cipher texts and
C1 = m1e mod n
C2 = m2e mod n
C1.C2 = m1em2
e mod n = (m1m2)
e mod n
30
RSA cryptosystem is Multiplicative Homomorphic Encryption. The application of FHE on the cloud is
really an important advancement in the cloud computing security. Simple deterministic computations on
the data make FHE a feasible solution for cloud security. Homomorphic scheme have a number of
advantages in cloud environment. It allows searching on the encrypted data. It also allows operations to
be performed on encrypted data. FHE has a significant importance in cloud when dealing with finance
sector. In financial world, data security is the biggest concern as compared to other industrial sectors.
Both data and function should be in encrypted form. With homomorphic encryption functions can be
performed privately in encrypted form (KAANICHE, 2014).
31
AES (Sachdev & Bhansali, 2013) Advanced Encryption Standard is an encryption method that was implemented as a replacement to Data
Encryption Method (DES). It is now recognized by National Institute of Standards and Technology
(NIST). NIST was working to find an algorithm that will be more secure than DES. Five algorithms
were selected for the study and after the process, the encryption algorithm name Rijndael was selected.
It was later named as AES which is commonly used today. AES is now formally recognized as a Federal
standard by the NIST.
AES is a block cipher algorithm that is implemented with an encryption key and multiple rounds of
encryption. It works on a block of data that is most commonly 128 bits or 16 bytes in length. The coded
cipher is encrypted again and again ten to fourteen times during the execution of the algorithm, the
number of loop rounds depends on the length of key.
AES accepts three lengths for the encryption key that is 128 bits, 192 bits, and 256 bits. For 128 bits
length key the number of rounds is 10 and for 192 bits key the number of rounds is 12 and for 256 bits
key, it is 14. AES is a symmetric encryption algorithm that means the encryption and decryption are
both done by the same key. The encryption key used is private.
Input state array and first four words of the key schedule are XORed before the execution of rounds.
Encryption key of length 16 bytes i.e. 4-byte words is extended to form a key schedule having a set of
44 4-byte words. The input of 128 bits is transformed into 4*4 matrixes of bytes which are called the
state array.
At each round of the encryption, following steps occur-
a. Sub Bytes
This step includes byte to byte substitution; each byte is substituted with the help of a
Substitution table. Every byte from the input is sub-divided into 24-bit pattern; this
pattern will be an integer from 0 to 15 that can be interpreted as the hexadecimal
value. The digit at the left is the row index and digits at the right are column index for
the Substitution box. The value at the intersection of row index and column index is
substituted.
b. Shift Rows
This step includes the scrambling of the byte order over multiple rounds. The row 0 is
not shifted at all and row 1 is shifted in circular fashion by one byte and row 2 is
shifted by two bytes, and row 3 is shifted in the same manner by three bytes
32
c. Mix Columns
In this step, the values in matrix’s column are multiplied with every row value of a
given matrix and then these values are XORed to get the final value. The purpose of
this step is also to provide diffusion over multiple rounds.
CIPHER KEY
KEY-EXPANSION UNIT
ROUND 1
SUB BYTES
ROW SHIFTING
COLUM MIXING
ADDING ROUND KEY
CIPHERED TEXT
FREE ROUND
TRANSFORMATIONROUND “n”
Figure 4 AES Algorithm (Pansotra & Singh, 2015)
33
d. Add Round Key
The matrix’s values are XORed with the round key values in this step. The 128-bit key
is represented as a 4*4 matrix. The four-word key is then transformed to 43 words
key. The first four words are w [0], w[1], w[2] and w[3]. The rest are expanded as
For (j=0; j<44; j++)
{
T= w [j-1];
If (j mod 4==0)
T= Substitute (Rotate (T));
XOR R Constant [j/4];
W[j]=w[j-4] XOR T;
}
Rotate is one-byte circular shift on 4-byte word.
Substitute means byte substitution for every byte using Substitution box.
R Constant is round constant of 4-byte length which is XORed with the bytes.
w[4] to w[43] are generated using this method. The same steps are carried out in decryption; the order of
the execution of steps is different.
Implementing AES for the data confidentiality is beneficial as it can minimize memory consumption and
computation time is also less compared to other available encryption methods.
34
DES Algorithm
DES stands for Data Encryption Standard. It is the name of Federal Information Processing Standard
(FIPS) 46-3.DES defines encryption method known as data encryption algorithm (DEA).It is most
widely used symmetric key Encryption algorithm. It is a specific16-round Feistel Cipher.
DES is a block cipher. It encrypts data into the block of 64-bit size. The same key is used by the sender
to encrypt the message and receiver to decrypt the message. The same key is also used to generate and
verify a Message Authentication Code (MAC).DES uses a 56-bit key for encryption-decryption. The
operational mode of DES is Cipher Block Chaining mode. Each block of Encrypted Cipher Block is
XORed with next plaintext block to be encrypted. In this way, text blocks are dependent on each other.
In order to decrypt a particular cipher block, the key and previous message blocks are needed. A random
64-bit number is used for the encryption of first message block as there is no block on the first block.
This number is known as “the initialization vector”. DES is more secure than ECB (Electronic Code
Book) as XOR adds one more security layer to encryption (Gandhi, Bansal, Kapoor, & Dhawan,
September 2013).
Confusion and Diffusion are the two basic encryption techniques used by DES. Diffusion is achieved
through numerous permutations and XOR operation is done to achieve confusion. The basic process of
encrypting 64-bit block with the use of 56-bit key consist of following steps-
a. An initial permutation(IP)
b. 16 rounds of calculation “f” which are dependent on complex key
c. A final permutation (inverse of IP)
35
64-bit PLAIN TEXT
INITIAL PERMUTATION (IP)
ITERATION 1
ITERATION 2
ITERATION 16
SWAP (32-bit)
FINAL PERMUTATION
(INVERSE)
64-bit CIPHER TEXT
PERMUTATED CHOICE 1
LEFT CIRCULAR SHIFT
LEFT CIRCULAR SHIFT
LEFT CIRCULAR SHIFT
PERMUTATED CHOICE 2
PERMUTATED CHOICE 2
PERMUTATED CHOICE 2
K1
K2
K16
Figure 5 Flow Diagram of DES Algorithm (T.N.Srimanyu & Singla)
The above figure describes the DES encryption steps. All the data is divided into 64-bit blocks. If the
message bits are not divisible by 64, then the last block is padded with extra bits. Hence, DES is 64-bit
block cipher symmetric algorithm. Multiple permutations and substitutions are performed to increase the
encryption efficiency. DES performs initial permutation on the input data block. Then it is divided into
two equal sized sub-blocks of 32-bit each. The sub-blocks are denoted as Li and Ri , which are passed
into next round. There are 16 such rounds. Multiple rounds add more security to the encryption process.
36
Each of rounds is identical and has two purposes- Increase the security of the algorithm and decrease the
temporal efficiency of algorithm. At the end of last 16th
round, output quantities Li and Ri are swapped
and pre-output is created with this swapping process. The pre-output is permuted using a function which
is called as the inverse initial permutation. Final permutation gives 64-bit ciphertext (T.N.Srimanyu &
Singla).
DES is defined as-
For plaintext and ciphertext block of n-bit, there is an encryption key and an encryption function. DES
encryption function is a bijection and denoted as
E: Pn x K → Cn
Such that for all key k ∈ K,
E(x, k) is an invertible mapping and it is written Ek(x).
The inverse mapping is decryption function written as Dk(x).
E= Encryption Process
Pn = Plaintext of block size “n”
Cn=Ciphertext of block size “n”
K= encryption key
Ek(x) = Encryption function
Dk(x) = Decryption function
Decryption is the same encryption algorithm where sub keys k1, k2 ……….k16 are applied in reverse
order.
Features of block ciphers-
a. The size of block- Large sized block is more secure than smaller block.
b. The size of key- The bigger encryption key is more efficient.
c. Number of Encryption rounds- Multiple rounds provides more security.
d. Modes of the Encryption- It define how the messages which are longer than block size are
encrypted.
37
3DES
3DES is the name of triple DES (TDEA) algorithm. In 3DES, DES algorithm is applied three times. It
overcomes the shortcoming of DES by eliminating brute-force attack. The combined triple key size is
168 bits. TDEA uses three DEA keys (K1, K2, and K3). The keys are used in a mode known as EDE
(Encrypt-Decrypt-Encrypt) mode. The set of three keys is known as key-bundle. ANSI X9.52 states
three modes of key bundle selection as follows (Triple DES cryptography software).
a. Three mutually independent keys i.e. K1 K2 K3 K1.
b. Two mutually independent key with same first and third key
i.e.K1 K2 and K3 = K1
c. Three identical key bundle i.e. K1 = K2 = K3
Encrypt DES
Decrypt DES
Encrypt DES
K1
K2
K3
Figure 6 TDEA Algorithm (Pansotra & Singh, 2015)
The basic TDEA process is described as-
a. The input block is read by first DEA 1 algorithm and KEY 1 is used to encrypt
it.
b. The output of the first step is sent to second DEA 2 algorithm and decrypted
using second KEY 2.
c. The second stage output is then encrypted in the third DES 3 algorithm using
third key KEY3.
38
RC4 (Mousa & Hamad, 2006) RC4 was developed by Ron Rivest in 1987.It is a symmetric key stream cipher that uses 24-bit
Initialization Vector (IV). Encryption and decryption process uses the same algorithm as the simple
XOR operation is performed on the data stream and generated key. RC4 is divided into two stages-
Initialization and Operation
Steps of RC4-
a. First, RC4 encryption (Rise, Cho, & Kaylor, 2008) needs a user defined
key between 40 bits and 256 bits.
b. Next, it uses Key-Scheduling Algorithm (KSA).It comes under
Initialization step of the algorithm. KSA is described as-
For (i = 0 to 2n – 1)
S[i] = i; here value is assigned to an array element.
j = 0
For (i = 0 to 2n – 1)
j = j + S[i] + K [i mod l]
Swap(S[i], S[j]); here values are interchanges for array
elements
39
ARRAY “S”
SYSTEMATIC SWAPPING
KEY-SCHEDULING ALGORITHM
SYSTEATIC SWAPPING
PSEUDO RANDOM GENERATOR
ALGORITHM
FINAL ARRAY
XOR PLAIN TEXTCIPHER
TEXT
CHOSEN KEY
INITIALIZATION
NUMBER
Figure 7 RC4 Algorithm (Mousa & Hamad, 2006)
KSA creates an array S. It contains 256 entries from 0 to 255.Each
entry in the array is then swapped as per the KSA. At the end of the
KSA, a new array with all swapped values is formed.
c. Next, RC4 uses PRGA (Pseudo Random Generator Algorithm). It is an
operational step of RC4.It gain swapped the array elements .The
algorithm steps are listed next.
40
Initialize i= 0; j = 0
Generating output:
While
i = i + 1
j = j + S[i]
Swap(S[i], S[j])
Output z = S[S[i] + S[j]]
End while
The number of iterations of the algorithm is dependent on the length of the
key.
d. The final key stream of array S is XORed with Input value to get final
cipher text.
The RC4 encryption is approximately 10 times faster than DES algorithm.
41
Blowfish Blowfish-Algorithm is a block cipher algorithm and it takes encryption key from 32 bits to 448 bits
length. It is a symmetric algorithm where both sender and receiver side have the same key. It was
introduced by Bruce Schneier in 1993. This algorithm is free for all users as it is unpatented.
Blowfish algorithm implements (Blowfish Encryption Algorithm) Feistel Network. It is a technique to
transform a function into a permutation. Feistel Network was designed by Horst Feistel. It includes 16
iterations of encryption. The input is 64-bits. It works as:
1. Every block is divided into two halves.
2. The right half is now the left half.
3. The left half after the second step is XORed with the result after applying function
F to the right and encryption key and it is the final result.
This algorithm encrypts large blocks of data. The block size is 64 bits. It uses operations that are simple
in nature and are efficient like addition, table lookup, XOR etc. The algorithm includes two parts; the
first part is key-expansion and second is encryption part. The first part transforms 448 bits length key to
several subkey arrays of 4168 bytes.
Encryption of data is done by 16 rounds of Feistel network method. In every round, there is permutation
depending on the key and substitution depending on the key and data. XORs and additions are done in
every operation on 32-bit length words.
Encryption is done as
The input block is 64 bit x is divided into two 32-bit parts denoted as L and R.
For j=1 to 16
L = L XOR Pi
R = F(L) XOR R
Swap the values of L & R
Pi is one of the elements the array that consists of 18 32-bit subkeys.
After all the 16 iterations both halves are reversed again to undo the values of
swap
Now, R = R XOR P17 and L = L XOR P18
L and R combines is the final encrypted text.
42
Decryption is the same as encryption but the order of the array of subkeys are
reversed.
Blowfish uses Feistel Network which is designed to be simple and still have the required cryptographic
characteristics. In any algorithm, there are two methods to make sure that key’s length is proper to
maintain the security level. First is designing of the algorithm in a manner that key’s entropy is
conserved and it does not allow any method to cryptanalyze the algorithm except the brute force. The
second solution is to have lengthy key so that attacks to minimize key length effect becomes irrelevant.
Blowfish algorithm has been designed for large microprocessors that are having large memories and it is
designed by keeping second solution in mind.
F
F
14 MORE ROUNDS
P1
P16
P17P18
Figure 8 Blowfish Encryption (Verma & Singh, March 2012)
Subkeys are generated in large amount so that key’s entropy is conserved. With every subkey
generation, there is a slight difference between each pair this helps against the attacks that exploit the
43
information of a known subkey. Subkey generation adds complexity to the algorithm that makes it
secure against brute force attack.
RSA Ron Rivest, Adi Shamir and Leonard Adleman were the scientists who introduced RSA algorithm. It
was a replacement for less secure National Bureau of Standards (NBS) algorithm.
The algorithm has implemented these two important ideas:
1. Public key encryption
RSA algorithm accepts encryption keys that are public, but the decryption keys are
private, only the recipient with the private key can decrypt the ciphered text. Senders
and receivers have their own set of encryption and decryption keys. Decryption keys
are selected as such that it cannot be deduced by using the public encryption key.
2. Digital Signatures
Digital signatures are used by the receiver to verify the sender’s identity. It ensures
that message is sent by the supposed sender. Sender’s public encryption key verify it’s
identity. Digital signatures provide the benefit of being unique and senders cannot
deny that the message was sent from them.
RSA is not much useful for emails but it is rather successful with other electronic transmissions for
example fund transfer online. RSA algorithm’s security is validated over the time.
In RSA algorithm, two huge prime numbers are chosen and then multiplied to get the primary key. The
prime number can be of 100 to 200 digits each. The primary key is public but the two prime numbers are
kept secret. It is rather difficult to find the prime numbers from the public key.
Following steps occur during the encryption execution:
1. Two prime numbers p and q are selected which are large in size.
2. The public key is calculated by multiplying the two selected prime numbers
which is revealed to receivers.
3. Another number e is selected; it will be co-prime to (p-1) (q-1). e is also revealed
as it is a part of the public key.
4. The message is encoded as C = Me (mod N). Here M is the message to be sent
and N is the public key.
5. Receiver side decryption is done by using a number d which is found by using the
expression ed = 1(mod (p − 1)(q − 1)).
6. The message can be decoded finally by calculating the expression Cd(mod N).
44
RSA algorithm is one of the most secure algorithms. The security of RSA mainly depends on the how
difficult is to factor the public key. Nobody has succeeded in breaking the encryption by factoring or
other mechanisms till date.
RSA is slower than some of the symmetric encryption algorithms. The issues that can affect the security
by RSA algorithm are timing attacks and issues from improper key distribution.
Riemann hypothesis’s development can be a major threat to RSA. The solution to Riemann hypothesis
can simplify the procedure to find the factors i.es prime numbers for the public key and thus making
RSA vulnerable to attacks.
45
Diffie-Hellman Diffie-Hellman key exchange is an algorithm to exchange secret keys between sender and receiver. This
algorithm allows two parties to secretly share a key communicating over an insecure channel. This key
is then used to encrypt further messages. It was introduced by Whitfield Diffie and Martin Hellman
during 1976.
Diffie-Hellman is not used to encrypt data but an algorithm that helps in encrypting key that is to be
shared with both sending and receiving parties. The use of Diffie-Hellman algorithm reduces the issues
linked with symmetric cryptosystems.
The algorithm makes the use of a prime number p. A base number g is also used in the algorithm. G is
nonzero generator and g∈ Z*p. The algorithm is as:
1. Sender and Receiver both select p (a prime number) and g (a base number) which is
the primitive root modulo p.
2. Now, the sender selects another secret number a. Then transmit the value of
expression ga mod p i.e. A to the receiver.
3. Receiver chooses another secret number b and then transmit the value of expression
gb mod p i.e. B to the sender.
4. The sender calculates the value s to be Ba mod p.
5. The receiver calculates s to be Ab mod p.
6. Sender and receiver have s, a secret key to encode messages.
To make this transmission secures a, b and p should be large digit numbers. P is a prime number. P is at
least 300 digits. a and b must be minimum of 100 digit length.
Diffie-Hellman algorithm can be used for more than two parties; more parties can participate in the
exchange of keys by performing the iteration of the steps listed above of the protocol.
“Man-in-middle attack” is the major weakness of Diffie-Hellman Algorithm.
46
ElGamal ElGamal was introduced by Taher ElGamal in 1984. Diffie-Hellman presented an algorithm to share the
secret key over an insecure communication channel. But the problem arises if they are unable to interact
in real time because of delays in message transmission. ElGamal modified the algorithm Diffie-
Hellman. This modification simplified the process as now second party did not need to take part
actively.
ElGamal includes three steps as described below-
1. Key Generation
A prime number p is chosen of length 200 to 30 digits. p should be chosen in a way
that (p-1)/2 is also a prime number. N is the length of p number. A base alpha is
selected and it is less than p. And a private key a is selected which is less than p. beta
is computed as alpha (mod p). p, alpha, beta is published as a public key.
2. Message encryption
Plaintext is divided into blocks of N-1 bits. A secret number k chosen randomly such
as gcd (k, p-1) = 1. For every block of N-1 bits, calculate e(x, k) = (i, j), here i is
alphak (mod p) and j is betakx(mod p). These i and j are the blocks of ciphertext with
the length N.
3. Message Decryption
Ciphertext is divided into blocks of N bits. i and j are the blocks of ciphertext, for
successive i and j, iax = j(mod p) is calculated for x. And d (I, j) = x = j(xa)-1(mod p)
is the decrypted text.
ElGamal does not only provide encryption and decryption but the digital signing of messages is also
done. The digital signing has three main properties- first is creation of the signature i.e. sender find the
signature for message by using the private key, message and signature are sent together to the receiver,
second is verification of the signature by the receiver using the public key, receiver can also verify that
message has not been altered during the transmission, and third is that signature of the receiver cannot
be forged by a third party by using the public key.
ElGamal is a secure algorithm as it is based on Discrete Logarithm problem and it is hard to crack this
algorithm. Randomized selection of the prime number for encryption also makes it more secure.
47
Paillier Cryptosystem (Benzekki, Fergougui, & Alaoui, 2016) Pascal Paillier introduced an additive homomorphic encryption scheme in 1999.It was published in
"Public-Key Cryptosystems Based on Composite Degree Residuosity Classes". The algorithm is
asymmetric probabilistic public key cryptosystem.
The algorithm takes message input m ∈ Zn and choose a random integer r ∈ Zn* .This random number
should fulfill the property of the probabilistic algorithm. As per probabilistic algorithm feature, one plain
text can have many ciphertext.
Algorithm steps- Key generation, encryption, and decryption are described follow-
a. Key Generation-
KeyGen (a, b)
KeyGen is generation function that gives out keys
a, b ∈ P
Compute k= ab
Choose g ∈ Z*n2
So that
Greatest common divisor (L (gλ mod n
2),n)=1 with L(u)=u-1/n
Public key is denoted as pk where pk = (n, g)
Secret key is denotes as sk where sk = (a, b)
b. Encryption-
Consider Enc (m, pk) is encryption function
m ∈ Zn
Choose r ∈ Zn*
Compute c=gm
. rn modn
2
Where c ∈ Zn2
c. Decryption-
Consider Dec (c, sk) is decryption function.
Where c is ciphered text and sk is secret key
48
Dec is decryption function
Compute m where m= (L (cλ mod n
2)/ L (g
λmod n
2)) mod n
And m ∈ Zn
Goldwasser-Micali Goldwasser-Micali (Goldwasser-Micali Public Key Encryption) is a public key encryption technique. It
is similar to Rabin and of ElGamal encryption. It uses randomness in the data encryption in order to
ensure that same ciphertext should not be produced in the second transmission of same plaintext.
The algorithm is as –
Consider two number p and q. Both numbers should be prime.
Calculate n= pq and p, q should be such numbers that will not be able to drive from the factorization of
n.
Choose a random integer y such that y ∈ Zn and y/n=1
y is non –square modulo of p and q
Public key is (n, y) where y is not a quadratic residue of n
Private Key (p, q)
p, q must be secret numbers
To encrypt the message m with this public key, m is written in binary manner such
that m= m1m2…….mn. Consider “t” be the block size.
For j (1 ≤ j ≤ t), find a random xj ∈ Zn. Perform the following steps-
Cj = yx2
j (mod n) if mj = 1
Cj = x2
j (mod n) if mj = 0
The ciphertext is C1C2C3……..Cn.
To decrypt the cipher text reverse process if done.
For each j calculate ej = Cj / p where p is a prime number
If ej = 1 Cj is a quadratic residue
If ej = -1 Cj is non-quadratic residue
The reverse of encryption is done based on the value of ej.
49
Conclusion
The cloud-computing is a growing field in information-systems. Cloud-computing is very cost-effective
measure as compared to traditional data storage systems. Still the companies are not moving confidently
towards cloud. The main cause behind it is that cloud services are hosted by third party and hence it is
not easy for users to trust them easily. Security-concerns are the biggest hurdles for the adoption of
cloud. Cloud security is a very wide field that cannot be addressed at one time. Cloud-confidentiality is
one of main security concern. This paper presented encryption techniques that are used to ensure cloud
data confidentiality. Encryption techniques are considered to be promising mechanism for mitigating
cloud confidentiality concerns. High security concerns have been a motivation for organizations to find
the preventive measures for the mitigation of these risks. Started with the general cloud-computing area,
encryption mechanism, and finally various well-known encryption techniques are discussed in this
paper. All the encryption schemes are discussed in context to their importance in cloud-computing. Each
encryption technique has its own advantages and shortcomings. The usage of a specific technique
depends on the type of data stored on the cloud and the need of the client. The encryption also adds
complexity for cloud provider and cloud user. Still the research is going on a large scale in the field of
cloud-data encryption. The future of cloud-security will be very promising as the quantum physics will
be a base for encryption in the future. The use of optics in place of mathematical operation will make the
encryption techniques more fast and reliable for the user.
50
Bibliography A Guide to Cloud Encryption and SaaS Security. (n.d.). Retrieved 4 21, 2016, from www.bluecoat.com:
https://www.bluecoat.com/resources/cloud-data-protection/encryption
A.Balu, & K.Kuppusamy. (n.d.). Ciphertext policy Attribute based Encryption with anonymous access
policy. Tamil Nadu, India: Department of Computer Science & Engg.,Alagappa University,
Karaikudi.
A.Balu, & K.Kuppusamy. (n.d.). Ciphertext policy Attribute based Encryption with anonymous access
policy. Karaikudi: Department of Computer Science & Engg.,Alagappa University.
Agrawal, V., Agrawal, S., & Deshmukh, R. (2014). Analysis and Review of Encryption and Decryption
for Secure Communication. International Journal of Scientific Engineering and Research .
Benzekki, K., Fergougui, A. E., & Alaoui, A. E. (2016). A Secure Cloud Computing Architecture Using
Homomorphic Encryption. International Journal of Advanced Computer Science and
Applications.
Bethencourt, J., Sahai, A., & Waters, B. (n.d.). Ciphertext-Policy,Attribute-Based Encryption. Retrieved
April 2016, from College of Natural Sciences:
https://www.cs.utexas.edu/~bwaters/presentations/files/cpabe.ppt
Blowfish Encryption Algorithm. (n.d.). Retrieved April 2016, from PocketBrief:
http://pocketbrief.net/related/BlowfishEncryption.pdf
Branco, E. C., Machado, J. d., & Filho, J. M. (October 6-9, 2014). A strategy to preserve data
confidentiality in cloud storage services. 29th SBBD.
Dubey, A., & Wagle, D. (June 2007). Delivering software as a service. The McKinsey Quarterly: The
Online Journal of McKinsey & Co. .
Folch, A. (2011). Interface development for Eucalyptus based cloud (Masters Thesis). Retrieved April
20, 2016, from UP Commons: upcommons.upc.edu/bitstream/handle/2099.1/14597/70010.pdf
Gandhi, V., Bansal, S., Kapoor, R., & Dhawan, A. (September 2013). CLOUD COMPUTING
SECURITY ARCHITECTURE-IMPLEMENTING DES ALGORITHM IN CLOUD FOR
DATA SECURITY. International Journal of Innovative Research in Engineering & Science.
51
Gantz, J., & Reinsel, D. (December 2012). THE DIGITAL UNIVERSE IN 2020: Big Data,Bigger Digital
Shadow s, and Biggest Grow th inthe Far East. IDC.
George, J. A., & Dr.M.Hemalatha. (2015). Cryptographic Techniques, Threats and Privacy Challenges
in Cloud Computing. International Journal of Computer Science and Information Technologies.
Giweli, N. (2013). Enhancing Cloud Computing Security and Privacy (Master of Science Thesis).
Sydney: University of Western Sydney.
Goldwasser-Micali Public Key Encryption. (n.d.). Retrieved April 2016, from Texas A& M University
Mathematics: http://calclab.math.tamu.edu/~rundell/m471/goldwasser-micali.pdf
Horv´ath, M. (n.d.). Attribute-Based Encryption Optimized for Cloud Computing*. Retrieved april 18,
2016, from Cryptology ePrint Archive: https://eprint.iacr.org/2014/612.pdf
IBE Secure E-mail. (n.d.). Retrieved April 20, 2016, from Applied Cryptography Group:
https://crypto.stanford.edu/ibe/
KAANICHE, N. (2014, December 15). Cloud data storage security based on cryptographic
mechanisms(PHD THESIS). Retrieved april 2016, from HALl archives ouvertes‒france:
https://tel.archives-ouvertes.fr/tel-01146029/document
Kaur, R., & Verma, A. (July 2014). A Review on Encryption Techniques to Secure a Cloud.
International Journal of Science and Research (IJSR).
Khan, A. N., Kiah, M. M., Khan, S. U., & Madani, S. A. (2013, July). Towards secure mobile cloud
computing: A survey. Retrieved April 2016, from ScienceDirect:
http://www.sciencedirect.com/science/article/pii/S0167739X12001598
Maddineni, V. S., & Ragi, S. (2011, November ). Security Techniques for Protecting Data in Cloud
Computing(Master's Thesis). Karlskrona,Sweden: School of Computing,Blekinge Institute of
Technology.
Maha TEBAA, S. E. (2012). Homomorphic Encryption Applied to the Cloud Computing Security.
World Congress on Engineering 2012 Vol I. London: ISSN.
Mell, P., & Grance, T. (September 2011). The NIST Definition of Cloud. Gaithersburg: National Institute
of Standards and Technology.
Microsoft. (2010, January 20). Microsoft Urges Government and Industry to Work Together to Build
Confidence in the Cloud. Retrieved April 2016, from Microsoft:
https://news.microsoft.com/2010/01/20/microsoft-urges-government-and-industry-to-work-
together-to-build-confidence-in-the-cloud/#sm.00004vk7w9xyre2uutl19shi0v4el
52
Mousa, A., & Hamad, A. (2006). Evaluation of the RC4 Algorithm for Data Encryption. International
Journal of Cputer Science and Apllications.
Neven, G., & Kiltz, E. (n.d.). Identity-Based Encryption. Retrieved April 20, 2016, from 3rd ECRYPT
PhD SUMMER SCHOOL: http://summerschool08.iaik.tugraz.at/slides/gregory_eike_ibe.pdf
Pansotra, E. A., & Singh, E. S. (2015). Cloud Security Algorithms. International Journal of Security and
Its Applications.
Rise, R. (., Cho, S.-H., & Kaylor, D. (2008). RC4 Encryption. Retrieved 2016, from Department of
Mathematics The University of Washington:
https://www.math.washington.edu/~nichifor/310_2008_Spring/Pres_RC4%20Encryption.pdf
Sachdev, A., & Bhansali, M. (2013). Enhancing Cloud Computing Security using AES Algorithm.
International Journal of Computer Applications.
Sadia Marium, Q. N., Ahmed, A., Ahthasham, S., & Mehmood, M. A. (2012). Implementation of Eap
with RSA for Enhancing The Security of Cloud Computing. International Journal of Basic and
Applied Sciences.
Shamir, A. (1985). IDENTITY-BASED CRYPTOSYSTEMS AND SIGNATURE SCHEMES. Retrieved
April 2016, from discovery.csc.ncsu.edu: https://discovery.csc.ncsu.edu/Courses/csc774-
S08/reading-assignments/shamir84.pdf
Singla, S., & Singh, J. (2013). Survey on Enhancing Cloud Data Security using EAP with Rijndael
Encryption Algorithm. Global Journal of Computer Science and Technology.
Soofi, A. A., Khan, M., & Fazal-e-Amin. (2014). Encryption Techniques for Cloud Data
Confidentiality. International Journal of Grid Distribution Computing.
Subashin, S. ( January 2011). A survey on security issues in service delivery models of cloud
computing. Journal of Network an d Computer Application, 1-11.
T.N.Srimanyu, & Singla, R. (n.d.). Data Encryption Standard-DES. Retrieved April 2016, from
Slideshare: http://www.slideshare.net/nagamanyu190288/des-14719610
Triple DES cryptography software. (n.d.). Retrieved April 2016, from CryptoSys:
http://www.cryptosys.net/3des.html
Verma, H. K., & Singh, R. K. ( March 2012). Performance Analysis of RC5, Blowfish and DES Block
Cipher Algorithms. International Journal of Computer Applications .
What is Attribute Based Encryption? (2014, January 25). Retrieved April 24, 2016, from Cryptography:
http://crypto.stackexchange.com/questions/17893/what-is-attribute-based-encryption
53
Whyman, B. (2008, 12 5). Cloud Computing: Information Security and Privacy Advisory Board.
Retrieved April 18, 2016, from National Institute of Standards and Technology:
http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2008-12/cloud-computing-industry-
trends-FISMA_ISPAB-Dec2008_B-Whyman.pdf