Download pdf - PRJ 702 jasdeep kaur

1

2

Project Title

Cloud Data Confidentiality- Various Encryption techniques

Graduate Diploma in Information Technology

PRJ 702

2016

Submitted by -Jasdeep Kaur

Student Id- 13466554

Blog - https://jasdeepit.wordpress.com/

https://jasdeepit.wordpress.com/

3

Abstract

In the modern world, the data is growing at an exponential rate. It gives rise to the adoption of an advanced data

storage technology, which is known as cloud-computing.

Cloud-computing provides online access to a pool of resources including computational platform, storage,

applications, and services. Cloud-computing is a very cost effective as you have to pay only for the resources that

you have used. It is a user-friendly measure to handle vast amount of data. IT businesses are shifting towards the

cloud-computing. However, cloud-computing also facing several data security challenges. Integrity,

confidentiality and availability are the major concerns of the cloud-computing. Data integrity and confidentiality

has a significant effect on the cloud security and performance. This research report aims at identifying various

techniques for ensuring data confidentiality in the cloud. Encryption is widely accepted mechanism for cloud data

confidentiality. It is used to protect data in static and dynamic form. There are various types of encryption

techniques including Homomorphic Encryption. Identity-based encryption, Attribute based Encryption etc. Each

technique of encryption has its own complexity and usage. This paper demonstrated each encryption techniques in

context to its usage for cloud-data confidentiality.

Keywords

Cloud-Computing, Encryption, Data Confidentiality, Security, Algorithm, Cryptography, Encryption- Key

4

Acknowledgment

I would like to show my gratitude to every person who contributed for the successful completion of my

research report. First, I am very grateful to my research guide Mrs. Charanya Mohanakrishnan for her

valuable guidance and encouragement. She gave me opportunity to work in my interest area. I am really

thankful for her helpful discussions and suggestions.

I would also like to show my gratitude towards all NMIT staff members and my colleagues who helped

me during my research for this report.

5

Table of Contents Abstract ......................................................................................................................................................................3

Acknowledgment ........................................................................................................................................................4

Table of Figures ..........................................................................................................................................................7

Abbreviations .............................................................................................................................................................8

Introduction ................................................................................................................................................................9

Aims and Objectives ............................................................................................................................................ 11

Background .............................................................................................................................................................. 12

Basics of Cloud-Computing .................................................................................................................................. 12

Key Features Of Cloud Computing .................................................................................................................. 12

Deployment models ........................................................................................................................................ 13

Models of cloud-computing ............................................................................................................................ 14

Known Cloud Service Providers ....................................................................................................................... 15

Importance of security in cloud computing ............................................................................................................ 16

Cloud Data Security Requirement ........................................................................................................................... 17

Literature review ..................................................................................................................................................... 19

Ensuring Data Confidentiality in the cloud .............................................................................................................. 21

Cryptography fundamentals ................................................................................................................................ 22

Introduction to Encryption .................................................................................................................................. 23

Cryptographic techniques used in the cloud computing......................................................................................... 24

Identity-based Encryption (IBE) ........................................................................................................................... 24

Attribute-based Encryption ................................................................................................................................. 27

Fully homomorphic Encryption (FHE) .................................................................................................................. 29

AES (Sachdev & Bhansali, 2013) .......................................................................................................................... 31

DES Algorithm ...................................................................................................................................................... 34

3DES ..................................................................................................................................................................... 37

RC4 (Mousa & Hamad, 2006) .............................................................................................................................. 38

Blowfish ............................................................................................................................................................... 41

RSA ....................................................................................................................................................................... 43

Diffie-Hellman ...................................................................................................................................................... 45

ElGamal ................................................................................................................................................................ 46

Paillier Cryptosystem (Benzekki, Fergougui, & Alaoui, 2016) ............................................................................. 47

6

Goldwasser-Micali ............................................................................................................................................... 48

Conclusion ............................................................................................................................................................... 49

Bibliography ............................................................................................................................................................. 50

7

Table of Figures Figure 1 Unauthorized Access to Cloud Data (Maddineni & Ragi, 2011) .................................................................9

Figure 2 Survey Graph of Cloud Computing Challenges (Whyman, 2008) .............................................................. 16

Figure 3 Identity-based encryption scheme (Neven & Kiltz, p. 3) ........................................................................... 25

Figure 4 AES Algorithm (Pansotra & Singh, 2015) ................................................................................................... 32

Figure 5 Flow Diagram of DES Algorithm (T.N.Srimanyu & Singla) ......................................................................... 35

Figure 6 TDEA Algorithm (Pansotra & Singh, 2015) ................................................................................................ 37

Figure 7 RC4 Algorithm (Mousa & Hamad, 2006) ................................................................................................... 39

Figure 8 Blowfish Encryption (Verma & Singh, March 2012) .................................................................................. 42

8

Abbreviations 1. CSP-Cloud service Provider

2. NIST- National Institute of Standards and Technology

3. USDA- United States Department of Agriculture

4. IDC- International Data Corporation

5. DOJ-Department of Justice

6. ERP- Enterprise resource planning

7. CRM- Customer relationship management

8. AWS-Amazon Web Services

9. RSA- Rivest-Shamir-Adleman

10. EAP- Extensible Authentication Protocol

11. ROM-Read Only Memory

12. I/O- Input Output

13. FHE- Fully Homomorphic Encryption

14. CPU- Central Processing Unit

15. IT- Information Technology

16. XCP- Extensible Communications Platform

17. CA -Certification Authority

18. IBE-Identity-based Encryption

19. SSL- Secure Sockets Layer

20. ABE-Attribute-based Encryption

21. KP-ABE - Key-Policy based ABE

22. CP-ABE- Ciphertext-Policy based ABE

23. AES- Advanced Encryption Standard

24. DES-Data Encryption Standard

25. FIPS- Federal Information Processing Standard

26. IP-Initial Permutation

27. TDEA- Triple Data Encryption Algorithm

28. IV-Initialization Vector

29. NBS- National Bureau of Standards

9

Introduction Digital content has been growing at an exponential rate with recent advances in the technical field. By

2020 digital world will expand by the factor of 300 which will include 40 trillion gigabytes of replicated

data. To compensate such a rapid growth, the digital arena will need new storage and network utilities.

The demand for cost-effective data storage and high bandwidth networks will arise to store and transfer

such a huge amount of data. In this growing data field, Cloud Computing has gained popularity over

traditional storage models due to its numerous advantages and cost-effectiveness (Gantz & Reinsel,

December 2012).

Cloud Computing provides online access to a pool of resources including computational platform,

storage, applications, and services. The main cloud service providers in the market are Google,

Microsoft, IBM, Rackspace, Amazon etc. In the cloud computing, the major challenges are to secure,

protect and process the stored data efficiently.

Below, a scenario is described where whole data of a company resides in the cloud.

UNAUTHORIZED USER

COMPANY’S DATA RESIDING ON CLOUD

Figure 1 Unauthorized Access to Cloud Data (Maddineni & Ragi, 2011)

10

In the above figure, total data of the company has been moved to the cloud. And only the authorized of

the company can access the data through the local network. But there also exists the possibility of

unauthorized users to access the confidential data of the company. The employees of the company have

allotted virtual machines with valid credentials in the cloud but these credentials can be cracked and

sensitive data of the company can be leaked.

Regarding this area of data confidentiality, lots of research is going on. Many efficient encryption

techniques have been developed that minimized this threat up to a significant level. This report

demonstrates various encryption models after a thorough literature review in the field cloud computing

data confidentiality.

11

Aims and Objectives

The main aim of the research paper is to understand and analyze various encryption techniques which

improve the data confidentiality in cloud computing. Also to understand the field of cloud computing

and its security concerns. The main objectives of the research are

To understand the cloud computing security concern especially dealing with data

confidentiality.

To identify the various encryption techniques for ensuring data confidentiality.

To understand the complexity behind each encryption technique.

To understand how one technique of encryption differs from another.

12

Background

Basics of Cloud-Computing As the Cloud-Computing paradigm is relatively new in the technical world, the term is overused. In

general terms- Cloud can be described as a sharable and scalable resource pool. These resources can be

provided on-demand by the external service providers over the Internet on the terms of pay per use.

Cloud is defined by NIST -

“A model for enabling convenient, on-demand network access to a shared pool of configurable

computing resources (e.g., networks, servers, storage, applications, and services) that can be

rapidly provisioned and released with minimal management effort or service provider

interaction”

The above NIST definition highlights key characteristics of cloud along with deployment

models and deliverable models.

Key Features Of Cloud Computing

The key features of cloud-computing are as following-

a. On demand resource availability

The cloud resources can be accessed anywhere over the internet as per the need of

the user without the requirement of human intervention. It is similar to autonomic

computing due to its self -managing feature and adaptation to unpredictable

changes by the user.

b. Reliability

Cloud-Computing resources are highly reliable as they are not affected by any

unforeseen incidents such as power failure. They are available all over the world

despite any geographical restrictions.

c. Scalability

The cloud resources can be easily scaled up or scaled down as per the change in

need of the user. Therefore, users need not worry about the limited capacities and

purchasing cost of physical machines.

13

d. Cost-effectiveness

Usage of similar cloud resources from thousands of users aggregates to achieve

economies of scale. Cloud works on the model of pay- as-you- go, so users need

not to provision the resources for future need and they pay only for what they use.

It is a measured service.

e. Shared Resources

Cloud works on the multi-tenant model. The cloud resources are not dedicated;

they are shared among several users. It makes use of virtualization technology and

users are not aware of any kind of resource limitation. Based on the demand of the

user, resources are provisioned and de-provisioned automatically.

Deployment models

Based on who is owner and who is user of the cloud, the following deployment

models are defined-

a. Public Clouds

Public clouds provide accessibility to the general public. The users of public

clouds are considered to be untrusted as anyone from anywhere has access to such

cloud. The third party is responsible for management of public clouds. Services

may be offered free or on the basis of the pay-as-you-go model. Google App

Engine, IBM’s blue cloud, and Amazon Elastic Compute Cloud are the examples

of popular public clouds.

b. Private Clouds

Resources are not shared in private clouds and they run only to serve the single

organization .It allows gaining the benefits of cloud architecture without

discarding the maintenance of own data centers. It is not a reasonable solution for

small to medium sized corporations due to it being an expensive measure.

StratoGen, Apache, and Rackspace are the famous private cloud providers.

The U.S. Army, Air Force, Navy, DOJ, USDA and more have been using the

private clouds due to their high need of data sensibility.

14

c. Community Clouds

Several organizations that have common requirements adopt community clouds.

They are more cost effective way than private clouds as the operating cost get

shared among the members of the community. The users of the community clouds

have trust relationship among themselves.

d. Hybrid Clouds

The combination of public, private and community clouds give rise to hybrid

clouds. Hence with such combination of more than one type of cloud, the benefits

of each model can be taken. For example, a company can outsource their

resources to the public cloud from their private clouds during the peak hours,

therefore saving the company operations to get slowed.

Models of cloud-computing

A flexible and scalable environment is offered by the cloud computing services.

Cloud Service Providers (CSPs) are considered to be responsible for the

management, maintenance and implementation of cloud infrastructure. Cloud

services can be categorized as below-

a. SaaS (Software as a Service)

It offers online delivery of the software without buying the software licenses for

the company’s ERP and CRM systems and without the need of installation of this

software on the company’s systems. The software is hosted by the third party

called as cloud service providers and company employees can access the software

through internet throughout the world. It is more cost effective way than using the

traditional installed software as the company is not responsible for the

maintenance (Dubey & Wagle, June 2007).

b. PaaS (Platform as a Service)

It provides on-demand computing platforms to the users where the application can

be developed and deployed. It reduces the cost and complexity of software

development as the user need to bother about underlying structure. It provides

computing platforms such as web server, operation system, database and

programming language execution platforms (Mell & Grance, September 2011).

15

c. IaaS (Infrastructure as a Service)

CPU, Memory and Server storage space are the resource that can be scaled up and

down very frequently as per the change in the need of the user. It allows the user

to start up their companies without the expensive start-up cost of hardware

resources (Giweli, 2013).

Cloud Computing services are widely used in the present times by the larger companies. There is also a

lot of competition in the market among various cloud service providers. The famous Cloud Service

Provider companies are discussed next.

Known Cloud Service Providers

The known cloud service providers of the present time in the IT market are Amazon, Google, Microsoft,

IBM, Salesforce, Rackspace, Oracle, VMware, Eucalyptus etc. The services offered by one vendor

differs other.

IBM: It provides platform as a service under the model name Lotus Life.

Google: Google App Engine cloud that supports interfaces of application programming

which can store data, provide email services and manipulate the images.

Amazon: AWS provides a very safe platform of cloud services that offers computing

power, data storage, content delivery etc. which help the businesses in their growth.

Amazon Web Services include Amazon simple storage services (S3) and elastic compute

cloud (EC2).

Eucalyptus: It is an open source cloud software infrastructure that helps the enterprises

to create their own private cloud architecture.

Microsoft: Window Azure Platform: It includes a group of cloud technologies that helps

the applications developers by providing them a specific set of services.

VMware cloud named as VMware vCloud Air provide virtualization infrastructure.

Salesforce: Salesforce provides software as a service. It is a CRM solution that helps the

enterprises in all phases of sale. It speeds up and streamlines the sale process.

16

Importance of security in cloud computing

Figure 2 Survey Graph of Cloud Computing Challenges (Whyman, 2008)

The above depict the result of a survey conducted by IDC in August 2008 regarding the cloud

challenges/issues that affect the performance of cloud computing. The survey was conducted

among senior Business Administrators and IT specialists. From the above graph of the survey

result, it is clear that security is at the top of the list of concerns which declares its importance as

compared to other parameters of cloud computing.

Brad Smith is General Counsel & Executive Vice President of Legal & Corporate Affairs,

Microsoft. He also revealed the survey data of Microsoft at the Brookings Institution policy

forum “Cloud Computing for Business and Society”. He announced the survey result that 58%

of general population and more than 85% of business heads are very interested in the Cloud

Computing potentials. He also revealed that more than 90% of these people are much worried

about cloud security, access and privacy issues.

Hence, it is clear that cloud security is the biggest challenge that affects the performance and

growth of the cloud field.

0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00% 70.00% 80.00%

Not enough major supplies yet

Regulatory requirements prohibit cloud

Bringing back in-house may be difficult

Worried on-demand will cost more

Not enough ability to customise

Hard to integrate with in-house IT

Availability

Performance

Security

Challenges/issues ascribes to the cloud

% responding 4 or 5

17

Cloud Data Security Requirement Security is the biggest concern that resists the IT professional to adapt the cloud technology. As per the

survey (Khan, Kiah, Khan, & Madani, 2013) more than 74% of IT professionals do not intend to transfer

their company infrastructure to the cloud. Cloud provides distinctive features to the users but still the

adoption of cloud is not the first choice for them .Lack of privacy and data security are the main hurdles

for the cloud popularity. Advancements in the field of cloud data confidentiality are the way that can

help the cloud service providers to gain the trust of IT professionals. Security requirements of the cloud

are discussed below. These requirements address both user and provider perspectives.

2.1.1. Confidentiality

Data Confidentiality is the most important aspect of cloud security. It prevents unauthorized

access to the sensitive information on the cloud. It ensures data security and prevents data

from malicious attacks. Encryption is used widely to prevent such confidential violations.

Encryption can be used on all data forms i.e. static data, migrating data, and when data is

manipulated. Even the communication channels between Cloud Service Providers (CSP)

and the user can be encrypted. Encryption does not allow processing of the data. However,

current research in the field of encryption is trying to solve this issue also. Hence, data

confidentiality is mostly solved by the encryption.

2.1.2. Data Integrity and Consistency

Data Integrity defined as the measure of data accuracy and consistency. There are several

copies of same data on the cloud and all the copies should be identical. Omission and

Commission failures are responsible for consistency problems of the data. Failing to

respond to a request for data causes omission failure. Crash failure and unable to proceed

the requests come under omission failure. Commission failure occurs when the wrong

computation is done on data and the output is not the same what was expected. Data on the

cloud is replicated to address scalability, availability, and archival purposes. So the

consistency of replicated data must be ensured. Cryptographic methods can be used to

ensure data integrity.

2.1.3. Data Availability

Data Availability means that the user can access the data anytime whenever it is needed. On

another hand, it can be defined as timely and reliable access to the cloud data all times.

Cloud service Provider (CSP) is considered responsible for data availability.

The need of availability depends on the data’s critical nature. Too much critical data should

be made redundant and backed up regularly to have data available all the times.

18

Malicious attacks on the network connectivity between the user and CSP is a severe threat

to data availability. Hardware failure, Power failure, and other infrastructure failure are the

other threat to availability.

Beside these Data Access and Authentication and Accountability are also the major security

concerns of the cloud. Access and Authentication ensure only authorized person has access

to cloud and only to that cloud data for which authentication has provided to that user.

Accountability is defined as the capability to track what and when a user has done. All

these should also be addressed carefully to make cloud data secure.

19

Literature review

According to Singla and Singh, cloud computing is a technology where the users have access to a

remote pool of shared resources where users can store their data. Cloud service providers (CSP) and

Client are two major elements of the cloud environment. Data privacy and security is the major

challenge for cloud computing. Data can be attacked in the cloud as well as during the outsourcing

process. Encryption techniques are meant to provide data security. To provide efficient data security

encryption must be done by CSP as well as user (Singla & Singh, 2013).

As per Kaur and Verma, when the user outsourced sensitive data to share on the cloud many new data

security challenges come forth. Encryption methods are used to handle these security issues.

Homomorphic encryption is used which convert plain text into the cipher text and also generate an

encryption key which is used to read the ciphered text. Decryption keys are revealed only to trusted

users to ensure data confidentiality. There are many encryption techniques to ensure data confidentiality

(Kaur & Verma, July 2014).

In a journal article on The Security of Cloud Computing- availability, cost effectiveness and scalability

are the three factors that drive the innovation of new technology. Cloud computing is an upcoming

technology that provides these factors. Cloud computing is a term used for services provided over the

internet. Lack of security assurance by the providers has been a hindrance for business companies to

adopt the cloud computing services. This paper lists the threats towards cloud security. The paper

emphasizes the cloud provider’s side security. The threats include loss of integrity, denial of service,

untrusted access etc. this paper propose EAP solution for the unauthorized access and RSA solution for

the encryption of data on the cloud. In RSA, data can be encrypted using a public key by anyone, but

can only be decrypted by the private key held by the receiver (Sadia Marium, Ahmed, Ahthasham, &

Mehmood, 2012).

According to Geogre and Dr.Hemalatha , for security and integrity of cloud data encryption is very

important. A number of encryption techniques are available for protecting data integrity. These

techniques save the confidentiality of data. Cloud provides IaaS, PaaS, and SaaS services to the user on

demand and Cryptography enable the data security of shared cloud data. It maintains data integrity and

confidentiality. Identity-based encryption, Attribute-Based Encryption, Fully Homomorphic Encryption

and many other Modern Encryption Algorithms such as AES, DES, 3DES, RC4, Blowfish, RSA, and

Diffie-Hellman in XCP cloud environment are being used. A combination of two or more techniques

aids in efficient data security (George & Dr.M.Hemalatha, 2015).

20

Vikas Agrawal et. al. (2014) discussed cryptography is the technique used to encrypt the communication

to make it secure from a third party’s snooping. It is about building protocols and techniques to provide

data security which includes integrity, availability, and confidentiality. Cryptography includes

encryption and decryption which is the process of transforming plain text into coded text or ciphered

text. Symmetric key cryptography and public key cryptography are two methods used for the process of

encryption and decryption. Symmetric key cryptography is a method where both sides of

communication have the same key. AES and DES are two cryptographic algorithms that are

implemented in symmetric key cryptography. Public key cryptography is the design where receivers

have the different key than the sender. RSA algorithm is the solution for public key cryptography.

As per Aized Amin Soofi et. al. (Soofi, Khan, & Fazal-e-Amin, 2014), cloud computing area is an

exponentially growing area where users can use the services over the internet without installing any new

software or hardware. This area is quite popular because of the advantages it gives to its users but there

are some difficulties it is facing that hinders its growth. These difficulties mainly include the security

threats. Data confidentiality is the main concern for the users of the cloud computing. There are some

solutions that are introduced to implement this. Encryption is one of the solutions and it is widely

implemented to maintain the data confidentiality. This paper reviews different encryption methods and

types of approaches and types of validations to validate these approaches are discussed.

For data sharing, achieving and backup cloud services are gaining popularity. Cloud data confidentiality

is the major hurdle for the universal adoption of cloud infrastructure. Use of data encryption techniques

ensures data confidentiality. However, the encrypted data is very difficult to handle for computational

purposes. In order to handle this situation, information dispersion and decomposition comes into play

where data can be stored on distributed hosts (Branco, Machado, & Filho, October 6-9, 2014).

21

Ensuring Data Confidentiality in the cloud

Cloud security field is too vast and not easy to address together. Data confidentiality is the big security

concern of cloud which will be discussed in the report.

In the multi-tenant environment providing data-confidentiality is very challenging. The users outsourced

their data on servers which are located in remote geographical areas as compared to user’s location. The

servers are managed by third party known as Cloud Service Provider. There are a number of techniques

that can protect the data from unauthorized users by maintaining its confidentiality. Passwords,

Biometrics, and cryptography are famous techniques for data confidentiality. Low entropy is the

drawback of using passwords. Biometric techniques are very costly and hence cannot be implemented

on the large scale. In this scenario, cryptography is considered to be the best solution.

According to Folch (2011), companies and individuals are switching to the cloud as they want to

continue backup of their sensitive data. Frequent backup of the cloud data ensures data availability that

allows the users to access their data anywhere at any time without any delay. Before the evolution of the

cloud, the companies used to do periodic backups on their physical servers to prevent any data loss. The

backup data and the original data were present at the same physical location so the companies need not

to worry about the data protection. In cloud data is stored on the public servers which can be accessed

over the internet. Hence, data suffers from both external and internal attacks. Data should be protected in

such a way even if an authorized body able to reach the data, the data should remain unchanged. In other

words, it can be said that data confidentiality should be maintained. To handle this issue the best and

easy way is to Encrypt the data .Number of secure encryption techniques are available which are also

free to use. To guarantee the confidentiality the data should be encrypted both at user and CSP end. The

encryption done on the cloud provider side protects the data from external attacks. To save from inside

attacks the data should be encrypted by the user before uploading on the cloud.

22

Cryptography fundamentals

For a long time, military, government, and other secret services are relying on cryptography for data

security. It is art of coding information into secrets to preserve data integrity and confidentiality. In the

second of twenties, the field of cryptography expanded at a very significant level. The generation of

supercomputers and fast communication media is considered to be the reason for popularity of

cryptography. The first scheme of data encryption was given by Diffie Hellman in 1976 which was an

asymmetric cryptography mechanism. In 1978 well defined RSA algorithm came into the world. It was

given by Rivest, Shamir and Adelman. Concurrently, Miller and Koblitz proposed elliptic curve

encryption schemes. In this way all encryption techniques come to existence. With the evolution and

popularity of cloud-computing the techniques of the data encryption are also adopted for cloud data

security. In the future, quantum encryption is considered as the next step in this research area. Optics

will be the basis of quantum cryptography (KAANICHE, 2014) .

23

Introduction to Encryption

The process of converting plain text into secret cipher text to protect data its confidentiality and integrity

is called as encryption. It is used to protect data in transit and also in storage. It makes used of an

algorithmic scheme that convert plain readable text information into non-readable text form called as the

cipher-text. The reverse process is called as decryption which reconverts information again into a

readable format. A secret value is used for encryption and decryption process. The secret value is known

as key (A Guide to Cloud Encryption and SaaS Security).There are many categories of Encryption

techniques. On the broad aspect, Encryption is classified into two categories in respect to the relation

between key-pair.

a. Symmetric Encryption (Maha TEBAA, 2012)

In symmetric key encryption same key is used for data encryption and decryption

process.

Consider M is the plain text, C is Ciphertext, k is the encryption key, E is the encryption

scheme, and D is the decryption scheme.

For Symmetric-key encryption

D (E (M, k), k) = M

This means same key is used for encryption and decryption.

The Vernam one-time pad is symmetric key encryption proposed by G. Vernam in

1917.It is known as one- time pad as the key is renewed for every message. One-time pad

gives perfect secrecy (KAANICHE, 2014).

b. Asymmetric Encryption (Maha TEBAA, 2012)

In asymmetric key encryption, two different keys are used. Encryption is done with one

key and the other key is used to decrypt the message. Keys are named as public key and

private key. It is also known as public-key cryptography.

24

Cryptographic techniques used in the cloud computing The various encryption techniques that are used in cloud computing are discussed below.

Identity-based Encryption (IBE) The Idea of IBE was given by Adi Shamir. He is an Israeli cryptographer. During that time, he was

working at The Weizmann Institute of Science, Israel. It eliminates the need of Certification Authority

(CA) which was essential for traditional public-key schemes.

Shamir (1985) presented the scheme, which enables two parties to communicate securely and allows

them to verify each other without the exchange of any key-pair and without using any third-party

services. The scheme is based on public-key cryptography with a little extra twist. In place of generating

a random key pair, the user uses his name and network address to be used as the public key. The

combination of name and network address should be unique. Corresponding to the name and address

combination a unique key is generated by the company’s key generation center. This unique key is given

to the user in the form of a smart card to the user when he joins the network for the first time. The card

consist an embedded micro circuit, a secret key, encryption/decryption programs and

generation/verification for signature.

An IBE scheme resembles traditional mail communication in many aspects. Hence, it makes the

cryptographic communication very transparent for a user and it is very easy to use even without the

knowledge of keys and communication protocols.

For example - a user “A” want to send a message to another user “B”. User A signs the message with a

secret key in his smart card. User A also encrypts the signed message with the use of B’s name and

network address and sends it to B. B decrypt the received message with the secret key in his smart card

and also verify he sender by comparing with A’s name and network address as a verification key. The

secret key of the smart card is computed by key generation center.

The security of the scheme depends on-

a. Underlying Cryptographic functions

b. Key generation center privileged information

c. Saving the smart card from losing and unauthorized access

IBE scheme attaches identity information “i” with the message and the card holder ties it

further with physical user identity. The key generation center must prevent card

misinterpretation and should take necessary precaution to prevent card duplication.

25

The Scheme

The IBE is depicted in the following figure-

Figure 3 Identity-based Encryption scheme (Neven & Kiltz, p. 3)

It consists of four algorithms (IBE Secure E-mail) as below.

a. Setup- It generates two keys named as a public key and a master key

b. Keygen-It uses master key ad identity information of the receiver to generate a

private key.

c. Encrypt- It encrypts the message using sender’s identity and public key.

d. Decrypt- To decrypt the message, private key is used.

Setup Keygen

Encrypt Decrypt

Master key

Private key Public key

Communication

channel

Message

Identity

Identity

Message

Sender Receiver

26

The communication channel between the sender and the receiver is not encrypted. IBE make use of

elliptic curve functions.

IBE is used widely for cloud data security. It was first adopted for grid networks. In 2004, Lim and

Robshaw explored the idea of IBE usage in grid computing. Li et al. proposed IBE as an alternative to

SSL authentication for cloud systems. It was a three level model. Top level includes Cloud-

administrations. The middle level includes data-center. The third level is presented by cloud user. This

scheme suffers for lack of trust hierarchy between model layers. To solve this problem, Schridde et al.

gave a security infrastructure based on IBE. As per this scheme, each client has to register with

corresponding server known as authority server. Each user is given a private key during registration with

authority server. The key is unique for each user. This solved the problem of certificate based schemes

(KAANICHE, 2014).

27

Attribute-based Encryption

Attribute-based encryption was proposed by Sahai and Waters in 1984.It is one-to-many encryption in

which ciphertext is encrypted for only those users who fulfill some requirements. It provides fine-

grained access control to the cloud data. Specific access policies are associated with the ciphertext which

are determined by the encryptor. Attributes describe the user’s characteristics. These attributes are

embedded in the user’s secret key. The user whose attributes satisfy the access structure of the cipher

text can decrypt the text. The scheme preserves the cloud flexibility even after the encryption as the

cloud data sharing is possible without any knowledge about the data receiver (Horv´ath).

A secret key is used to decrypt the ciphertext. The secret key is based on a set of attributes w. The text is

encrypted with a public key based on a set of attributes w’. Sufficient overlapping should be there

between w and w’. The extent of overlap is defined by a deterministic threshold value denoted as t. A

party can encrypt the messages for a group of users. The user group has certain defined attribute set as

defined from an attribute pool. For example, a user encrypts scholarship details for all students who have

done bachelors. The scholarship is available for all the students from a particular age group and who

have achieved specific grades. An attribute subset {“Grade-A”, “Age- under 25 years”, “Education-

Bachelors”} defines the document encryption criteria. Only the user with these three attributes can hold

the private key to decrypt the encrypted scholarship document (A.Balu & K.Kuppusamy).

ABE is categorized as-

a. Key-Policy based ABE (KP-ABE)

b. Ciphertext-Policy based ABE(CP-ABE)

In Key-Policy based ABE scheme an attribute set is associated with the ciphertext. The secret-key is

defined on the basis of access policy. A descriptive attribute set is required to decrypt the encrypted text.

These attributes are defined by the encryptor. A trusted authority defines the secret key based on a

combination of attributes. (A.Balu & K.Kuppusamy)

In Ciphertext-Policy based ABE scheme the idea is exactly reverse to the Key-Policy based ABE. An

access policy is defined with respect to the encrypted text. The encrypting party is responsible for

determining the policy under which ciphertext can be decrypted. The secret key is set based on a number

of attributes (A.Balu & K.Kuppusamy). A user will be able to decrypt the cipher-text, only if the

attributes of the user satisfy the policy defined for respective encrypted text. Conjunction, disjunctions

and threshold gates can be used to define the policies. For example, consider {A, B, C, D} defines the

universe of attributes. User1 has a key to attributes {A, B}.User 2 has a key to attribute {D}.Policy

(A∧C)∨D is defined to encrypt the text. In this case, user 2 will be able to decrypt the cipher text but

28

user 1 will be unable to decrypt. This is because as per the rule of (k, n) threshold gates i.e. n number of

attributes should be present out of total k attributes (What is Attribute Based Encryption?) .

Both CP- AND KP-ABE should have collision resistance property. It should not allow distinct users to

pool their individual secret keys such that they could decrypt the ciphertext with the help of pooled key,

which was not allowed with their individual secret keys.

ABE can be viewed as generalized IBE scheme. ABE allows defining complex rules for defining private

keys of decryption. Private keys are related to set of attributes. So during encryption, an access policy is

encrypted. The access policy defines which decryption key (Bethencourt, Sahai, & Waters).

ABE is very adaptive solution that ensures fine grained access to outsourced data which is distributed on

untrusted cloud servers. ABE allows searching over the ciphertext. Each authorized user have right to

decrypt different piece of data based on the match of user identity and decryption key. A lot of research

is going on ABE to make it useful for cloud environments. In 2010, Yu et al. proposed ABE in a new

form in which a single user is allowed to share his data among multiple users in encrypted form. This is

possible with the help of key distribution among the users (KAANICHE, 2014).

29

Fully homomorphic Encryption (FHE) Ronald Rivest, Leonard Adleman, and Michael Dertouzos suggested the idea of FHE in 1978.Fully

homomorphic Encryption allows calculations on the encrypted data and results are exactly the same as if

the computation is done on plain data. It is defined as

Consider an input list m1, m2, m3…. mn. The user wants to perform a function “f” on this input list. But

the data is in the encrypted form as c1, c2, c3….. cn . It is also possible to apply function “f” on

encrypted data instead of decrypting the data. As under FHE

f (m1, m2, m3…. mn) = f (c1, c2, c3….. cn)

Homomorphic encryption is distinguished as Additive Homomorphic Encryption and Multiplicative

Homomorphic Encryption. This categorization is done on the basis of mathematical operation to be done

on data (Maha TEBAA, 2012).

a. Additive Homomorphic Encryption

A homomorphic Encryption is said to be additive if

Encryption (x⊕y) = Encryption(x) ⊕ Enc(y)

l l

Encryption (Σ mi) = Σ Encryption (mi)

i=1 i=1

Consider C1 and C2 are two cipher texts and

C1= gm1

. r1n mod n

2

C2= gm2

. r2n mod n

2

C1.C 2 = gm1

. r1n. g

m2. r2

nmod n

2 = g

m1+ m2 (r1r2)

n mod n

2

Paillier Cryptosystem have property of Additive Homomorphic Encryption.

The electronic Voting system makes use of additive homomorphic encryption. Each

vote is encrypted but the total number of votes is decrypted.

b. Multiplicative Homomorphic Encryption

A homomorphic Encryption is said to be Multiplicative if

Encryption (x ⊗ y) = Encryption (x) ⊗ Enc(y)

l l

Encryption (∏mi) = ∏ Encryption (mi)

i=1 i=1

Consider C1 and C2 are two cipher texts and

C1 = m1e mod n

C2 = m2e mod n

C1.C2 = m1em2

e mod n = (m1m2)

e mod n

30

RSA cryptosystem is Multiplicative Homomorphic Encryption. The application of FHE on the cloud is

really an important advancement in the cloud computing security. Simple deterministic computations on

the data make FHE a feasible solution for cloud security. Homomorphic scheme have a number of

advantages in cloud environment. It allows searching on the encrypted data. It also allows operations to

be performed on encrypted data. FHE has a significant importance in cloud when dealing with finance

sector. In financial world, data security is the biggest concern as compared to other industrial sectors.

Both data and function should be in encrypted form. With homomorphic encryption functions can be

performed privately in encrypted form (KAANICHE, 2014).

31

AES (Sachdev & Bhansali, 2013) Advanced Encryption Standard is an encryption method that was implemented as a replacement to Data

Encryption Method (DES). It is now recognized by National Institute of Standards and Technology

(NIST). NIST was working to find an algorithm that will be more secure than DES. Five algorithms

were selected for the study and after the process, the encryption algorithm name Rijndael was selected.

It was later named as AES which is commonly used today. AES is now formally recognized as a Federal

standard by the NIST.

AES is a block cipher algorithm that is implemented with an encryption key and multiple rounds of

encryption. It works on a block of data that is most commonly 128 bits or 16 bytes in length. The coded

cipher is encrypted again and again ten to fourteen times during the execution of the algorithm, the

number of loop rounds depends on the length of key.

AES accepts three lengths for the encryption key that is 128 bits, 192 bits, and 256 bits. For 128 bits

length key the number of rounds is 10 and for 192 bits key the number of rounds is 12 and for 256 bits

key, it is 14. AES is a symmetric encryption algorithm that means the encryption and decryption are

both done by the same key. The encryption key used is private.

Input state array and first four words of the key schedule are XORed before the execution of rounds.

Encryption key of length 16 bytes i.e. 4-byte words is extended to form a key schedule having a set of

44 4-byte words. The input of 128 bits is transformed into 4*4 matrixes of bytes which are called the

state array.

At each round of the encryption, following steps occur-

a. Sub Bytes

This step includes byte to byte substitution; each byte is substituted with the help of a

Substitution table. Every byte from the input is sub-divided into 24-bit pattern; this

pattern will be an integer from 0 to 15 that can be interpreted as the hexadecimal

value. The digit at the left is the row index and digits at the right are column index for

the Substitution box. The value at the intersection of row index and column index is

substituted.

b. Shift Rows

This step includes the scrambling of the byte order over multiple rounds. The row 0 is

not shifted at all and row 1 is shifted in circular fashion by one byte and row 2 is

shifted by two bytes, and row 3 is shifted in the same manner by three bytes

32

c. Mix Columns

In this step, the values in matrix’s column are multiplied with every row value of a

given matrix and then these values are XORed to get the final value. The purpose of

this step is also to provide diffusion over multiple rounds.

CIPHER KEY

KEY-EXPANSION UNIT

ROUND 1

SUB BYTES

ROW SHIFTING

COLUM MIXING

ADDING ROUND KEY

CIPHERED TEXT

FREE ROUND

TRANSFORMATIONROUND “n”

Figure 4 AES Algorithm (Pansotra & Singh, 2015)

33

d. Add Round Key

The matrix’s values are XORed with the round key values in this step. The 128-bit key

is represented as a 4*4 matrix. The four-word key is then transformed to 43 words

key. The first four words are w [0], w[1], w[2] and w[3]. The rest are expanded as

For (j=0; j<44; j++)

{

T= w [j-1];

If (j mod 4==0)

T= Substitute (Rotate (T));

XOR R Constant [j/4];

W[j]=w[j-4] XOR T;

}

Rotate is one-byte circular shift on 4-byte word.

Substitute means byte substitution for every byte using Substitution box.

R Constant is round constant of 4-byte length which is XORed with the bytes.

w[4] to w[43] are generated using this method. The same steps are carried out in decryption; the order of

the execution of steps is different.

Implementing AES for the data confidentiality is beneficial as it can minimize memory consumption and

computation time is also less compared to other available encryption methods.

34

DES Algorithm

DES stands for Data Encryption Standard. It is the name of Federal Information Processing Standard

(FIPS) 46-3.DES defines encryption method known as data encryption algorithm (DEA).It is most

widely used symmetric key Encryption algorithm. It is a specific16-round Feistel Cipher.

DES is a block cipher. It encrypts data into the block of 64-bit size. The same key is used by the sender

to encrypt the message and receiver to decrypt the message. The same key is also used to generate and

verify a Message Authentication Code (MAC).DES uses a 56-bit key for encryption-decryption. The

operational mode of DES is Cipher Block Chaining mode. Each block of Encrypted Cipher Block is

XORed with next plaintext block to be encrypted. In this way, text blocks are dependent on each other.

In order to decrypt a particular cipher block, the key and previous message blocks are needed. A random

64-bit number is used for the encryption of first message block as there is no block on the first block.

This number is known as “the initialization vector”. DES is more secure than ECB (Electronic Code

Book) as XOR adds one more security layer to encryption (Gandhi, Bansal, Kapoor, & Dhawan,

September 2013).

Confusion and Diffusion are the two basic encryption techniques used by DES. Diffusion is achieved

through numerous permutations and XOR operation is done to achieve confusion. The basic process of

encrypting 64-bit block with the use of 56-bit key consist of following steps-

a. An initial permutation(IP)

b. 16 rounds of calculation “f” which are dependent on complex key

c. A final permutation (inverse of IP)

35

64-bit PLAIN TEXT

INITIAL PERMUTATION (IP)

ITERATION 1

ITERATION 2

ITERATION 16

SWAP (32-bit)

FINAL PERMUTATION

(INVERSE)

64-bit CIPHER TEXT

PERMUTATED CHOICE 1

LEFT CIRCULAR SHIFT

LEFT CIRCULAR SHIFT

LEFT CIRCULAR SHIFT

PERMUTATED CHOICE 2

PERMUTATED CHOICE 2

PERMUTATED CHOICE 2

K1

K2

K16

Figure 5 Flow Diagram of DES Algorithm (T.N.Srimanyu & Singla)

The above figure describes the DES encryption steps. All the data is divided into 64-bit blocks. If the

message bits are not divisible by 64, then the last block is padded with extra bits. Hence, DES is 64-bit

block cipher symmetric algorithm. Multiple permutations and substitutions are performed to increase the

encryption efficiency. DES performs initial permutation on the input data block. Then it is divided into

two equal sized sub-blocks of 32-bit each. The sub-blocks are denoted as Li and Ri , which are passed

into next round. There are 16 such rounds. Multiple rounds add more security to the encryption process.

36

Each of rounds is identical and has two purposes- Increase the security of the algorithm and decrease the

temporal efficiency of algorithm. At the end of last 16th

round, output quantities Li and Ri are swapped

and pre-output is created with this swapping process. The pre-output is permuted using a function which

is called as the inverse initial permutation. Final permutation gives 64-bit ciphertext (T.N.Srimanyu &

Singla).

DES is defined as-

For plaintext and ciphertext block of n-bit, there is an encryption key and an encryption function. DES

encryption function is a bijection and denoted as

E: Pn x K → Cn

Such that for all key k ∈ K,

E(x, k) is an invertible mapping and it is written Ek(x).

The inverse mapping is decryption function written as Dk(x).

E= Encryption Process

Pn = Plaintext of block size “n”

Cn=Ciphertext of block size “n”

K= encryption key

Ek(x) = Encryption function

Dk(x) = Decryption function

Decryption is the same encryption algorithm where sub keys k1, k2 ……….k16 are applied in reverse

order.

Features of block ciphers-

a. The size of block- Large sized block is more secure than smaller block.

b. The size of key- The bigger encryption key is more efficient.

c. Number of Encryption rounds- Multiple rounds provides more security.

d. Modes of the Encryption- It define how the messages which are longer than block size are

encrypted.

37

3DES

3DES is the name of triple DES (TDEA) algorithm. In 3DES, DES algorithm is applied three times. It

overcomes the shortcoming of DES by eliminating brute-force attack. The combined triple key size is

168 bits. TDEA uses three DEA keys (K1, K2, and K3). The keys are used in a mode known as EDE

(Encrypt-Decrypt-Encrypt) mode. The set of three keys is known as key-bundle. ANSI X9.52 states

three modes of key bundle selection as follows (Triple DES cryptography software).

a. Three mutually independent keys i.e. K1 K2 K3 K1.

b. Two mutually independent key with same first and third key

i.e.K1 K2 and K3 = K1

c. Three identical key bundle i.e. K1 = K2 = K3

Encrypt DES

Decrypt DES

Encrypt DES

K1

K2

K3

Figure 6 TDEA Algorithm (Pansotra & Singh, 2015)

The basic TDEA process is described as-

a. The input block is read by first DEA 1 algorithm and KEY 1 is used to encrypt

it.

b. The output of the first step is sent to second DEA 2 algorithm and decrypted

using second KEY 2.

c. The second stage output is then encrypted in the third DES 3 algorithm using

third key KEY3.

38

RC4 (Mousa & Hamad, 2006) RC4 was developed by Ron Rivest in 1987.It is a symmetric key stream cipher that uses 24-bit

Initialization Vector (IV). Encryption and decryption process uses the same algorithm as the simple

XOR operation is performed on the data stream and generated key. RC4 is divided into two stages-

Initialization and Operation

Steps of RC4-

a. First, RC4 encryption (Rise, Cho, & Kaylor, 2008) needs a user defined

key between 40 bits and 256 bits.

b. Next, it uses Key-Scheduling Algorithm (KSA).It comes under

Initialization step of the algorithm. KSA is described as-

For (i = 0 to 2n – 1)

S[i] = i; here value is assigned to an array element.

j = 0

For (i = 0 to 2n – 1)

j = j + S[i] + K [i mod l]

Swap(S[i], S[j]); here values are interchanges for array

elements

39

ARRAY “S”

SYSTEMATIC SWAPPING

KEY-SCHEDULING ALGORITHM

SYSTEATIC SWAPPING

PSEUDO RANDOM GENERATOR

ALGORITHM

FINAL ARRAY

XOR PLAIN TEXTCIPHER

TEXT

CHOSEN KEY

INITIALIZATION

NUMBER

Figure 7 RC4 Algorithm (Mousa & Hamad, 2006)

KSA creates an array S. It contains 256 entries from 0 to 255.Each

entry in the array is then swapped as per the KSA. At the end of the

KSA, a new array with all swapped values is formed.

c. Next, RC4 uses PRGA (Pseudo Random Generator Algorithm). It is an

operational step of RC4.It gain swapped the array elements .The

algorithm steps are listed next.

40

Initialize i= 0; j = 0

Generating output:

While

i = i + 1

j = j + S[i]

Swap(S[i], S[j])

Output z = S[S[i] + S[j]]

End while

The number of iterations of the algorithm is dependent on the length of the

key.

d. The final key stream of array S is XORed with Input value to get final

cipher text.

The RC4 encryption is approximately 10 times faster than DES algorithm.

41

Blowfish Blowfish-Algorithm is a block cipher algorithm and it takes encryption key from 32 bits to 448 bits

length. It is a symmetric algorithm where both sender and receiver side have the same key. It was

introduced by Bruce Schneier in 1993. This algorithm is free for all users as it is unpatented.

Blowfish algorithm implements (Blowfish Encryption Algorithm) Feistel Network. It is a technique to

transform a function into a permutation. Feistel Network was designed by Horst Feistel. It includes 16

iterations of encryption. The input is 64-bits. It works as:

1. Every block is divided into two halves.

2. The right half is now the left half.

3. The left half after the second step is XORed with the result after applying function

F to the right and encryption key and it is the final result.

This algorithm encrypts large blocks of data. The block size is 64 bits. It uses operations that are simple

in nature and are efficient like addition, table lookup, XOR etc. The algorithm includes two parts; the

first part is key-expansion and second is encryption part. The first part transforms 448 bits length key to

several subkey arrays of 4168 bytes.

Encryption of data is done by 16 rounds of Feistel network method. In every round, there is permutation

depending on the key and substitution depending on the key and data. XORs and additions are done in

every operation on 32-bit length words.

Encryption is done as

The input block is 64 bit x is divided into two 32-bit parts denoted as L and R.

For j=1 to 16

L = L XOR Pi

R = F(L) XOR R

Swap the values of L & R

Pi is one of the elements the array that consists of 18 32-bit subkeys.

After all the 16 iterations both halves are reversed again to undo the values of

swap

Now, R = R XOR P17 and L = L XOR P18

L and R combines is the final encrypted text.

42

Decryption is the same as encryption but the order of the array of subkeys are

reversed.

Blowfish uses Feistel Network which is designed to be simple and still have the required cryptographic

characteristics. In any algorithm, there are two methods to make sure that key’s length is proper to

maintain the security level. First is designing of the algorithm in a manner that key’s entropy is

conserved and it does not allow any method to cryptanalyze the algorithm except the brute force. The

second solution is to have lengthy key so that attacks to minimize key length effect becomes irrelevant.

Blowfish algorithm has been designed for large microprocessors that are having large memories and it is

designed by keeping second solution in mind.

F

F

14 MORE ROUNDS

P1

P16

P17P18

Figure 8 Blowfish Encryption (Verma & Singh, March 2012)

Subkeys are generated in large amount so that key’s entropy is conserved. With every subkey

generation, there is a slight difference between each pair this helps against the attacks that exploit the

43

information of a known subkey. Subkey generation adds complexity to the algorithm that makes it

secure against brute force attack.

RSA Ron Rivest, Adi Shamir and Leonard Adleman were the scientists who introduced RSA algorithm. It

was a replacement for less secure National Bureau of Standards (NBS) algorithm.

The algorithm has implemented these two important ideas:

1. Public key encryption

RSA algorithm accepts encryption keys that are public, but the decryption keys are

private, only the recipient with the private key can decrypt the ciphered text. Senders

and receivers have their own set of encryption and decryption keys. Decryption keys

are selected as such that it cannot be deduced by using the public encryption key.

2. Digital Signatures

Digital signatures are used by the receiver to verify the sender’s identity. It ensures

that message is sent by the supposed sender. Sender’s public encryption key verify it’s

identity. Digital signatures provide the benefit of being unique and senders cannot

deny that the message was sent from them.

RSA is not much useful for emails but it is rather successful with other electronic transmissions for

example fund transfer online. RSA algorithm’s security is validated over the time.

In RSA algorithm, two huge prime numbers are chosen and then multiplied to get the primary key. The

prime number can be of 100 to 200 digits each. The primary key is public but the two prime numbers are

kept secret. It is rather difficult to find the prime numbers from the public key.

Following steps occur during the encryption execution:

1. Two prime numbers p and q are selected which are large in size.

2. The public key is calculated by multiplying the two selected prime numbers

which is revealed to receivers.

3. Another number e is selected; it will be co-prime to (p-1) (q-1). e is also revealed

as it is a part of the public key.

4. The message is encoded as C = Me (mod N). Here M is the message to be sent

and N is the public key.

5. Receiver side decryption is done by using a number d which is found by using the

expression ed = 1(mod (p − 1)(q − 1)).

6. The message can be decoded finally by calculating the expression Cd(mod N).

44

RSA algorithm is one of the most secure algorithms. The security of RSA mainly depends on the how

difficult is to factor the public key. Nobody has succeeded in breaking the encryption by factoring or

other mechanisms till date.

RSA is slower than some of the symmetric encryption algorithms. The issues that can affect the security

by RSA algorithm are timing attacks and issues from improper key distribution.

Riemann hypothesis’s development can be a major threat to RSA. The solution to Riemann hypothesis

can simplify the procedure to find the factors i.es prime numbers for the public key and thus making

RSA vulnerable to attacks.

45

Diffie-Hellman Diffie-Hellman key exchange is an algorithm to exchange secret keys between sender and receiver. This

algorithm allows two parties to secretly share a key communicating over an insecure channel. This key

is then used to encrypt further messages. It was introduced by Whitfield Diffie and Martin Hellman

during 1976.

Diffie-Hellman is not used to encrypt data but an algorithm that helps in encrypting key that is to be

shared with both sending and receiving parties. The use of Diffie-Hellman algorithm reduces the issues

linked with symmetric cryptosystems.

The algorithm makes the use of a prime number p. A base number g is also used in the algorithm. G is

nonzero generator and g∈ Z*p. The algorithm is as:

1. Sender and Receiver both select p (a prime number) and g (a base number) which is

the primitive root modulo p.

2. Now, the sender selects another secret number a. Then transmit the value of

expression ga mod p i.e. A to the receiver.

3. Receiver chooses another secret number b and then transmit the value of expression

gb mod p i.e. B to the sender.

4. The sender calculates the value s to be Ba mod p.

5. The receiver calculates s to be Ab mod p.

6. Sender and receiver have s, a secret key to encode messages.

To make this transmission secures a, b and p should be large digit numbers. P is a prime number. P is at

least 300 digits. a and b must be minimum of 100 digit length.

Diffie-Hellman algorithm can be used for more than two parties; more parties can participate in the

exchange of keys by performing the iteration of the steps listed above of the protocol.

“Man-in-middle attack” is the major weakness of Diffie-Hellman Algorithm.

46

ElGamal ElGamal was introduced by Taher ElGamal in 1984. Diffie-Hellman presented an algorithm to share the

secret key over an insecure communication channel. But the problem arises if they are unable to interact

in real time because of delays in message transmission. ElGamal modified the algorithm Diffie-

Hellman. This modification simplified the process as now second party did not need to take part

actively.

ElGamal includes three steps as described below-

1. Key Generation

A prime number p is chosen of length 200 to 30 digits. p should be chosen in a way

that (p-1)/2 is also a prime number. N is the length of p number. A base alpha is

selected and it is less than p. And a private key a is selected which is less than p. beta

is computed as alpha (mod p). p, alpha, beta is published as a public key.

2. Message encryption

Plaintext is divided into blocks of N-1 bits. A secret number k chosen randomly such

as gcd (k, p-1) = 1. For every block of N-1 bits, calculate e(x, k) = (i, j), here i is

alphak (mod p) and j is betakx(mod p). These i and j are the blocks of ciphertext with

the length N.

3. Message Decryption

Ciphertext is divided into blocks of N bits. i and j are the blocks of ciphertext, for

successive i and j, iax = j(mod p) is calculated for x. And d (I, j) = x = j(xa)-1(mod p)

is the decrypted text.

ElGamal does not only provide encryption and decryption but the digital signing of messages is also

done. The digital signing has three main properties- first is creation of the signature i.e. sender find the

signature for message by using the private key, message and signature are sent together to the receiver,

second is verification of the signature by the receiver using the public key, receiver can also verify that

message has not been altered during the transmission, and third is that signature of the receiver cannot

be forged by a third party by using the public key.

ElGamal is a secure algorithm as it is based on Discrete Logarithm problem and it is hard to crack this

algorithm. Randomized selection of the prime number for encryption also makes it more secure.

47

Paillier Cryptosystem (Benzekki, Fergougui, & Alaoui, 2016) Pascal Paillier introduced an additive homomorphic encryption scheme in 1999.It was published in

"Public-Key Cryptosystems Based on Composite Degree Residuosity Classes". The algorithm is

asymmetric probabilistic public key cryptosystem.

The algorithm takes message input m ∈ Zn and choose a random integer r ∈ Zn* .This random number

should fulfill the property of the probabilistic algorithm. As per probabilistic algorithm feature, one plain

text can have many ciphertext.

Algorithm steps- Key generation, encryption, and decryption are described follow-

a. Key Generation-

KeyGen (a, b)

KeyGen is generation function that gives out keys

a, b ∈ P

Compute k= ab

Choose g ∈ Z*n2

So that

Greatest common divisor (L (gλ mod n

2),n)=1 with L(u)=u-1/n

Public key is denoted as pk where pk = (n, g)

Secret key is denotes as sk where sk = (a, b)

b. Encryption-

Consider Enc (m, pk) is encryption function

m ∈ Zn

Choose r ∈ Zn*

Compute c=gm

. rn modn

2

Where c ∈ Zn2

c. Decryption-

Consider Dec (c, sk) is decryption function.

Where c is ciphered text and sk is secret key

48

Dec is decryption function

Compute m where m= (L (cλ mod n

2)/ L (g

λmod n

2)) mod n

And m ∈ Zn

Goldwasser-Micali Goldwasser-Micali (Goldwasser-Micali Public Key Encryption) is a public key encryption technique. It

is similar to Rabin and of ElGamal encryption. It uses randomness in the data encryption in order to

ensure that same ciphertext should not be produced in the second transmission of same plaintext.

The algorithm is as –

Consider two number p and q. Both numbers should be prime.

Calculate n= pq and p, q should be such numbers that will not be able to drive from the factorization of

n.

Choose a random integer y such that y ∈ Zn and y/n=1

y is non –square modulo of p and q

Public key is (n, y) where y is not a quadratic residue of n

Private Key (p, q)

p, q must be secret numbers

To encrypt the message m with this public key, m is written in binary manner such

that m= m1m2…….mn. Consider “t” be the block size.

For j (1 ≤ j ≤ t), find a random xj ∈ Zn. Perform the following steps-

Cj = yx2

j (mod n) if mj = 1

Cj = x2

j (mod n) if mj = 0

The ciphertext is C1C2C3……..Cn.

To decrypt the cipher text reverse process if done.

For each j calculate ej = Cj / p where p is a prime number

If ej = 1 Cj is a quadratic residue

If ej = -1 Cj is non-quadratic residue

The reverse of encryption is done based on the value of ej.

49

Conclusion

The cloud-computing is a growing field in information-systems. Cloud-computing is very cost-effective

measure as compared to traditional data storage systems. Still the companies are not moving confidently

towards cloud. The main cause behind it is that cloud services are hosted by third party and hence it is

not easy for users to trust them easily. Security-concerns are the biggest hurdles for the adoption of

cloud. Cloud security is a very wide field that cannot be addressed at one time. Cloud-confidentiality is

one of main security concern. This paper presented encryption techniques that are used to ensure cloud

data confidentiality. Encryption techniques are considered to be promising mechanism for mitigating

cloud confidentiality concerns. High security concerns have been a motivation for organizations to find

the preventive measures for the mitigation of these risks. Started with the general cloud-computing area,

encryption mechanism, and finally various well-known encryption techniques are discussed in this

paper. All the encryption schemes are discussed in context to their importance in cloud-computing. Each

encryption technique has its own advantages and shortcomings. The usage of a specific technique

depends on the type of data stored on the cloud and the need of the client. The encryption also adds

complexity for cloud provider and cloud user. Still the research is going on a large scale in the field of

cloud-data encryption. The future of cloud-security will be very promising as the quantum physics will

be a base for encryption in the future. The use of optics in place of mathematical operation will make the

encryption techniques more fast and reliable for the user.

50

Bibliography A Guide to Cloud Encryption and SaaS Security. (n.d.). Retrieved 4 21, 2016, from www.bluecoat.com:

https://www.bluecoat.com/resources/cloud-data-protection/encryption

A.Balu, & K.Kuppusamy. (n.d.). Ciphertext policy Attribute based Encryption with anonymous access

policy. Tamil Nadu, India: Department of Computer Science & Engg.,Alagappa University,

Karaikudi.

A.Balu, & K.Kuppusamy. (n.d.). Ciphertext policy Attribute based Encryption with anonymous access

policy. Karaikudi: Department of Computer Science & Engg.,Alagappa University.

Agrawal, V., Agrawal, S., & Deshmukh, R. (2014). Analysis and Review of Encryption and Decryption

for Secure Communication. International Journal of Scientific Engineering and Research .

Benzekki, K., Fergougui, A. E., & Alaoui, A. E. (2016). A Secure Cloud Computing Architecture Using

Homomorphic Encryption. International Journal of Advanced Computer Science and

Applications.

Bethencourt, J., Sahai, A., & Waters, B. (n.d.). Ciphertext-Policy,Attribute-Based Encryption. Retrieved

April 2016, from College of Natural Sciences:

https://www.cs.utexas.edu/~bwaters/presentations/files/cpabe.ppt

Blowfish Encryption Algorithm. (n.d.). Retrieved April 2016, from PocketBrief:

http://pocketbrief.net/related/BlowfishEncryption.pdf

Branco, E. C., Machado, J. d., & Filho, J. M. (October 6-9, 2014). A strategy to preserve data

confidentiality in cloud storage services. 29th SBBD.

Dubey, A., & Wagle, D. (June 2007). Delivering software as a service. The McKinsey Quarterly: The

Online Journal of McKinsey & Co. .

Folch, A. (2011). Interface development for Eucalyptus based cloud (Masters Thesis). Retrieved April

20, 2016, from UP Commons: upcommons.upc.edu/bitstream/handle/2099.1/14597/70010.pdf

Gandhi, V., Bansal, S., Kapoor, R., & Dhawan, A. (September 2013). CLOUD COMPUTING

SECURITY ARCHITECTURE-IMPLEMENTING DES ALGORITHM IN CLOUD FOR

DATA SECURITY. International Journal of Innovative Research in Engineering & Science.

51

Gantz, J., & Reinsel, D. (December 2012). THE DIGITAL UNIVERSE IN 2020: Big Data,Bigger Digital

Shadow s, and Biggest Grow th inthe Far East. IDC.

George, J. A., & Dr.M.Hemalatha. (2015). Cryptographic Techniques, Threats and Privacy Challenges

in Cloud Computing. International Journal of Computer Science and Information Technologies.

Giweli, N. (2013). Enhancing Cloud Computing Security and Privacy (Master of Science Thesis).

Sydney: University of Western Sydney.

Goldwasser-Micali Public Key Encryption. (n.d.). Retrieved April 2016, from Texas A& M University

Mathematics: http://calclab.math.tamu.edu/~rundell/m471/goldwasser-micali.pdf

Horv´ath, M. (n.d.). Attribute-Based Encryption Optimized for Cloud Computing*. Retrieved april 18,

2016, from Cryptology ePrint Archive: https://eprint.iacr.org/2014/612.pdf

IBE Secure E-mail. (n.d.). Retrieved April 20, 2016, from Applied Cryptography Group:

https://crypto.stanford.edu/ibe/

KAANICHE, N. (2014, December 15). Cloud data storage security based on cryptographic

mechanisms(PHD THESIS). Retrieved april 2016, from HALl archives ouvertes‒france:

https://tel.archives-ouvertes.fr/tel-01146029/document

Kaur, R., & Verma, A. (July 2014). A Review on Encryption Techniques to Secure a Cloud.

International Journal of Science and Research (IJSR).

Khan, A. N., Kiah, M. M., Khan, S. U., & Madani, S. A. (2013, July). Towards secure mobile cloud

computing: A survey. Retrieved April 2016, from ScienceDirect:

http://www.sciencedirect.com/science/article/pii/S0167739X12001598

Maddineni, V. S., & Ragi, S. (2011, November ). Security Techniques for Protecting Data in Cloud

Computing(Master's Thesis). Karlskrona,Sweden: School of Computing,Blekinge Institute of

Technology.

Maha TEBAA, S. E. (2012). Homomorphic Encryption Applied to the Cloud Computing Security.

World Congress on Engineering 2012 Vol I. London: ISSN.

Mell, P., & Grance, T. (September 2011). The NIST Definition of Cloud. Gaithersburg: National Institute

of Standards and Technology.

Microsoft. (2010, January 20). Microsoft Urges Government and Industry to Work Together to Build

Confidence in the Cloud. Retrieved April 2016, from Microsoft:

https://news.microsoft.com/2010/01/20/microsoft-urges-government-and-industry-to-work-

together-to-build-confidence-in-the-cloud/#sm.00004vk7w9xyre2uutl19shi0v4el

52

Mousa, A., & Hamad, A. (2006). Evaluation of the RC4 Algorithm for Data Encryption. International

Journal of Cputer Science and Apllications.

Neven, G., & Kiltz, E. (n.d.). Identity-Based Encryption. Retrieved April 20, 2016, from 3rd ECRYPT

PhD SUMMER SCHOOL: http://summerschool08.iaik.tugraz.at/slides/gregory_eike_ibe.pdf

Pansotra, E. A., & Singh, E. S. (2015). Cloud Security Algorithms. International Journal of Security and

Its Applications.

Rise, R. (., Cho, S.-H., & Kaylor, D. (2008). RC4 Encryption. Retrieved 2016, from Department of

Mathematics The University of Washington:

https://www.math.washington.edu/~nichifor/310_2008_Spring/Pres_RC4%20Encryption.pdf

Sachdev, A., & Bhansali, M. (2013). Enhancing Cloud Computing Security using AES Algorithm.

International Journal of Computer Applications.

Sadia Marium, Q. N., Ahmed, A., Ahthasham, S., & Mehmood, M. A. (2012). Implementation of Eap

with RSA for Enhancing The Security of Cloud Computing. International Journal of Basic and

Applied Sciences.

Shamir, A. (1985). IDENTITY-BASED CRYPTOSYSTEMS AND SIGNATURE SCHEMES. Retrieved

April 2016, from discovery.csc.ncsu.edu: https://discovery.csc.ncsu.edu/Courses/csc774-

S08/reading-assignments/shamir84.pdf

Singla, S., & Singh, J. (2013). Survey on Enhancing Cloud Data Security using EAP with Rijndael

Encryption Algorithm. Global Journal of Computer Science and Technology.

Soofi, A. A., Khan, M., & Fazal-e-Amin. (2014). Encryption Techniques for Cloud Data

Confidentiality. International Journal of Grid Distribution Computing.

Subashin, S. ( January 2011). A survey on security issues in service delivery models of cloud

computing. Journal of Network an d Computer Application, 1-11.

T.N.Srimanyu, & Singla, R. (n.d.). Data Encryption Standard-DES. Retrieved April 2016, from

Slideshare: http://www.slideshare.net/nagamanyu190288/des-14719610

Triple DES cryptography software. (n.d.). Retrieved April 2016, from CryptoSys:

http://www.cryptosys.net/3des.html

Verma, H. K., & Singh, R. K. ( March 2012). Performance Analysis of RC5, Blowfish and DES Block

Cipher Algorithms. International Journal of Computer Applications .

What is Attribute Based Encryption? (2014, January 25). Retrieved April 24, 2016, from Cryptography:

http://crypto.stackexchange.com/questions/17893/what-is-attribute-based-encryption

53

Whyman, B. (2008, 12 5). Cloud Computing: Information Security and Privacy Advisory Board.

Retrieved April 18, 2016, from National Institute of Standards and Technology:

http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2008-12/cloud-computing-industry-

trends-FISMA_ISPAB-Dec2008_B-Whyman.pdf