Abstract— Cloud computing 1 is an emerging IT platform that helps the users to get rid of the hardware resources and complexity in storage and computational power.
All the people started using cloud which led to many security concerns relating to the data confidentiality and integrity. This became a challenge to the widespread of the new cloud computing paradigm. Many measures are taken to improve the cloud security and then there came the concept of cryptography to upgrade the cloud security. Nowadays the main problem is to maintain data confidentiality 2 with respect to untrusted cloud service providers as well as providing correct query results to the authenticated users.
Existing approach provide confidentiality using only one symmetric encryption algorithm which generates only one secret key to both encrypt and decrypt. But this is not so secured as the attacker can easily guess the algorithm and thereby find the key. In this paper, we are going to employ a randomized encryption technique in which the files are randomly encrypted by three strong algorithms AES, Triple DES and Blowfish 3 which improves the security and we are also implementing new techniques to improve security like key generation via OTP method, etc. In addition to this, we are also going to solve the problem of redundant or duplicate files consuming the cloud storage by using de-duplication technique using a buffered reader which can eliminate the duplicate files in the cloud, thereby saving storage and reduce the need to buy extra storage. Keywords-Cloud security, Data Confidentiality, AES, Triple DES, Blowfish, De-duplication, Randomized Encryption. INTRODUCTION In the current scenario, cloud computing 1 is becoming the most powerful network and storage platform used by various users around the world. Cloud computing provides free or low cost storage, eliminating the need for expensive storage and computational resources.
A large amount of data is stored and many calculations are done in the cloud. When performing different types of operations in the cloud, we need to consider the security of the cloud environment. Cloud security is an important issue these days, with many sensitive data being uploaded to the cloud. Although the cloud stores data at a low cost, its resources can be shared between users and individuals, making servers and thus all files susceptible to attackers and posing a major threat. Other security issues include privacy and data integrity. Data confidentiality means that data must not be leaked to unreliable users, and that data integrity means that data can not be changed before it is processed by the server. In recent years, the concept of cryptography has solved most security problems that guarantee the confidentiality and integrity of data. There are also many security issues, even in the encryption concept, which is based on encryption algorithms.
There are two types of encryption algorithms. They include symmetric encryption algorithms and asymmetric encryption algorithms 3. Symmetric encryption algorithms retain only one key and are used for encryption and decryption. While asymmetric encryption algorithms have two public and private keys. Symmetric encryption protects the message and is faster than asymmetric encryption.
But the only downside is that it only uses one key. We consider the length of the key to be one of the most important factors in choosing the symmetric encryption algorithm. In fact, if the length of the key is large, it is difficult for the attacker to guess the key and thus improve security. 7 is the weakest encryption with a key length of only 56 bits. Therefore, it has been improved and proposed as a new 168-bit key-length triple DES encryption algorithm.
AES and Blowfish are the other stronger encryption used in the document to improve security by randomly assigning the three algorithms to the files the attacker is difficult to guess the algorithm.Redundant storage 6 of files in the cloud is also one of the most common problems that consume a lot of disk space. This can be eliminated by the concept of deduplication, which does not allow duplicate files in the cloud LITERATURE SURVEY Cloud Computing 1 is a technology which is used for storage of data and various computations. Using cloud computing the user data need not be stored in his own personal computer or any external storage device rather can be stored in the cloud raising many security concerns or issues. Though there are many techniques 2 of data security and privacy in cloud computing, data confidentiality and integrity are of major concern till date. Data security and privacy issues are seen in both the software and hardware of the cloud architecture model. Data security is of major concern and the total data is in the hands of cloud service providers using cloud computing service model. In the cloud environment, the total organizational data is processed in plain text and is stored under the surveillance of cloud providers arising cloud security issues.
All these security issues gave rise to a new concept in cloud computing called Cryptography to enhance the Cloud Security using several encryption algorithms both Symmetric and Asymmetric algorithms 3. Symmetric encryption algorithm uses only one key namely private key for encryption whereas Asymmetric algorithms use two keys namely public and private. Symmetric encryption is faster than Asymmetric encryption.
Most common Symmetric encryption algorithms are DES and AES. DES is not so secure because of its key size of 56 bits, hence there came to a better enhancement to DES in the form of Triple DES with a key length of 168 bits making it 3 times stronger than DES. Triple DES is stronger but time -consuming. So, there is a need for a better encryption algorithm to make thre encryption fast and efficient, then there comes AES 4 with a better key length of 128, 192 and 256 bits. AES operation is base on rounds and no of rounds are based on key length. Nowadays Blowfish 5 encryption algorithm is used for more security with the key length varying from 32 to 448 bits.
There are no cryptanalytic attacks raised against AES and Blowfish till date. The most common encryption algorithms used today are AES, Triple DES, and Blowfish. One of the issues in cloud computing is the redundant storage of data in the cloud. There are many techniques developed to detect the duplicate files in the cloud. This is done using the concept of deduplication 6.
There are many de-duplication techniques in which the common ones are File-level and block level. In File-level de-duplication, hash values are compared to eliminate the duplicate files using SHA(secure hashing algorithm). CLOUD SECURITY THREATS Improper credential management When the information of all the users of the cloud is not properly stored13, the attackers can acts as the legitimate users, enter into the system and access, modify or delete files which may cause potential harm to the organization. Account Hijacking It is the process by which the malicious attackers enter into the system finding the system vulnerabilities14 and keep an eye on the activities of the organization, manipulate the data and other illegal activities. He also can steal the credentials which affect the data confidentiality and integrity. Insider attacks These type of attacks come into picture when the data is solely in the hands of the cloud service providers. Any bad system admin can cause harm to our sensitive information stored in the cloud.
This is one of the greatest security risks which cannot be predicted and data breach may also happen due to this. PROPOSED SYSTEM We propose an encryption scheme where the files are randomly encrypted using three different encryption algorithms. This randomized encryption 17 scheme improves the security with an add-on of OTP based private key generation technique and we also include a de-duplication technique which does not allow the redundancy in files stored in the cloud.
Algorithms Used Triple DES(Triple Data Encryption Standard): DES encryption algorithm 7is a weak algorithm with the key length of only 56 bits, but is popular. So it is modified as Triple DES3 which is three times stronger and faster than DES with the key length of 3*56=168 bits making it strong and intense compared to DES. It uses three keys K1,k2,k3, first to encrypt and then the encrypted data is decrypted using the second key k2 and then the decrypted data is again encrypted using the third key k3.Hence it is also called as an encrypt-decrypt-encrypt process. A user first decrypts using k3, then encrypt with k2, and finally decrypt with k1.
Figure 13: Triple DES Encryption Encryption in TDES: Ciphertext= encryption(k3)(decryption(k2)(encryption(k1)(plaintext))) Decryption in TDES: Plaintext=Decryption(k1)(encyption(k2)(decryption(k3)(ciphertext())) Advantages: 1.It is easy to implement.2.It is stronger than DES with a key length of 168 bits. Disadvantages: 1.Performance is poor.2.
It is slow when compared to other block cipher methods of encryption. AES(Advanced Encryption Standard): AES is a symmetric encryption algorithm 4 recommended by NIST (National Institute for Standardization and Technology). It is stronger and faster than DES and Triple DES. It is so strong that no cryptanalytic attack against it was recorded. It is the most widely used algorithm used by almost all cloud users around the world.
It is safer compared to DES and Triple DES. In AES, a 128-bit or 16-byte plaintext block size is used for encryption. The length of the key can be 128/192/256 bits. The entry for the encryption and decryption algorithms is a single 128-bit block.
This is interpreted as a matrix of 4 × 4-byte squares. This block is copied to the status table, which is changed at each step of encryption or decryption. After the last step, the status is copied to an output matrix. The encryption consists of N turns, where the number of turns depends on the length of the key: 10 rounds for a 16-byte key, 12 rounds for a 24-byte key, and 14 rounds for a 32-byte key. Operation of AES The schematic of AES structure is given in the following illustration ? Figure 217: AES Encryption There are four possible transformation functions: SubBytes, ShiftRows, MixColumns, and AddRoundKey. Substitute bytes: This uses an S-box to perform a byte-by-byte substitution of the block.
ShiftRows: A simple permutation MixColumns: A substitution that makes use of arithmetic function and transforms four bytes of each column AddRoundKey: A simple bitwise XOR of the current block of the expanded key. Each round comprises of four sub-processes. The first round process is depicted below ? Figure 322 Advantages: 1.
It is stronger and faster than DES and Triple DES.2.Flexibility in key length.3.Resistant to all types of cryptanalytic attacks.
For example, if the key length is 128 bits we require 2^128 attempts to break the encryption. Disadvantages: 1.The software implementation of this is somewhat difficult.2.It is complex algorithm because of its key length sometimes. Blowfish: Blowfish is a symmetric encryption algorithm 20which is upcoming and being accepted nowadays. It is more secured algorithm compared to DES, 3 DES, AES etc,It is fast and strong encryption algorithm because it has not been cracked to date.
Blowfish is 64-bit block cipher with its key length varying from 32 to 448 bits. There are total 16 rounds of encryption performed in Blowfish. Encryption: Blowfish encryption algorithm is divided into 2 parts.1. Key expansion2. Data encryption Key Expansion: In the key expansion process, the key length of 48 bits is converted into 4168 bytes. Data encryption: The data encryption process involves the iteration of simple mathematical function 16 times.
Each round contains a key-dependent permutation and key and data dependent substitution. The encryption process of Blowfish encryption algorithm is explained using the figure below: Figure 47: Blowfish Encryption Advantages: 1.It is unpatented and licenses free.2.It is secure and easy to implement.
Disadvantages: 1.It requires more space for ciphertext because of difference in key size and block size.h2.It can’t provide authentication and non-repudiation as two people have the same key. Private key generation via OTP method: This is the newly introduced technique to enhance the security of the cloud using time schedulers inserted into the web application using simple SQL queries. These queries are used for timely generation of private key(owner key).
To clearly elucidate this technique, when user request the private key from the owner the owner must respond with the private key to the authorized users. Even if the attacker tries to get the possession of the private key to break the encryption, as in the proposed technique key will be available only for a particular amount of time generally a minute or two. So this timely generation of the private key using OTP improves the security by restricting the key to a particular amount of time as like the bank transactions are being secured by using OTP. De-duplication technique: Using this technique, duplicate or redundant files are not allowed to be stored in the cloud.
In this technique we use a simple hashing algorithm which allocates the hash values to the files and on comparison the duplicate files are detected i.e files with same hash value are not allowed into the cloud. When the owner uploads a file the de-duplication generates a hash value as an index, if the index is not found in already created index table, the file is unique else duplication is detected and the file is not uploaded. Figure 56 : File level de-duplication Algorithm used: SHA-512(Secure Hash Algorithm) Description: This is one of the most widely 9 used hash function nowadays. The hash value of this algorithm is of 512 bits and the block size is of 1024 bits. The no of computational steps is 80. This algorithm takes the input with maximum length less than 2^128 bits and produces a message digest of 512 bits as the output. The processing of this algorithm takes place in following steps: Ø Append the padding bitsØ Append lengthØ Intialize Hash bufferØ Process message in 1024-bit blocksØ After all the bits are processed, generate 512 bit message digest OVERALL IMPLEMENTATION The proposed system is an extension of the existing cloud security architecture which uses cryptography.
In this system, when a data owner uploads files into the cloud, the files get randomly encrypted using three strong encryption algorithms AES, Triple DES, and Blowfish which are resistant to cryptanalytic attacks. This randomized encryption does not allow the attacker to reuse the key to break other encrypted files. The key generation one of the most important parts of encryption, to improve the efficiency of key generation we implement timely access of private key via OTP method. While the owner uploads the file, a duplication detect is implemented to detect the duplicate files in the cloud using the technique of hashing(by comparing the hash values). This saves the storage by eliminating the redundant files. Now, the encrypted data is stored in the cloud.
When the user want to download a file, he must request the cloud key from the cloud admin which is generally the location key and private key from the owner which is the encrpted key. If the user is authorized, he gets both the private key and the cloud key and thereby he is able to download the needed file from the cloud. Thus, our project mainly concentrates on enhancing the cloud security and storage efficiency. All the above implementation of the project is done mainly in five modules.They are Ø User Interface DesignØ Private key generationØ Duplication detectØ Encrypt and storeØ Download User Interface Design: All the login and registration pages for the users, Owners, and Admin are created. Private key generation: In this private key is generated based on the time schedules using simple SQL queries via OTP method.
Duplication detect: In this duplicate or redundant files are detected during the owner file upload time. Encrypt and Store: The data is encrypted with the private key generated by OTP method and is stored in the cloud. Download: The user can download the file by requesting the private key from the owner and cloud key from the cloud admin. CONCLUSION Cloud Computing has many advantages but, cloud security is always a major concern of Cloud Computing.
In our system, we try to enhance the cloud security by using three strong encryption algorithms Triple Des, AES and Blowfish. In these no cryptanalytic attacks have been registered on AES and blowfish to date. FUTURE ENHANCEMENT We can include MD5 algorithm and digital signatures to improve the security by providing data authentication using the concept of hashing. REFERENCES 1 Ronald L. Kurtz and Russell Dean Vines “Cloud Security(A Comprehensive Guide to Secure Cloud Computing)” WILEY-INDIA2 K.
Hashizume, D.G.Rosado, E.B.Fernandez, “An analysis of Security issues for cloud computing”, Journal of Internet Services and Applications, Vol.4,2013,pp.1-13.3 MD Asif Mushtaque, Harsh Dhiman, and Shahnawaz Hussain “Evaluation of DES, TDES, AES, Blowfish and Two fish Algorithm: Based on Space Complexity” International Journal of Engineering Research (IJERT).
4 Daemen, J., and Rijmen, V. “Rijndael: The Advanced Encryption Standard.” Dr.Dobb’s Journal, March 2001.5 Gurujeevan Singh, Ashwani Kumar and K.
S. Sandha, “A Study of New Trends in Blowfish Algorithm”, International Journal of Engineering Research and Applications, Vol.1, Issue 2,pp.321-326.6 Kim, D.
; Song, S.; Choi, B,-Y.”Data Deduplication for Data Optimization for Storage and Network Systems” http://www.
springer.com/978-3-319-42278-77 Mitali and Vijay Kumar “A Survey on Various Cryptography Techniques” International Journal of Emerging Trends & Technology in Computer Science(IJETTCS)8 Ayesha M.Talha and Ibrahim Kamel “Facilitating Secure and Efficient Spatial Query Processing on the cloud” IEEE9 William Stallings “Cryptography and Network Security(Principles and Practice)” Pearson Education sixth Edition.10 E.
Surya and C.Divya,”A Survey on Symmetric Key Encryption Algorithms”, International Journal of Computer Science &Communication Networks, Vol.2(4),475-477.11 Singh, S Preet, and Maini, Raman “Comparision of Data Encryption Algorithms”, International Journal of Computer science and Communication, vol.
2, No.1, January-June 2011, pp.125-127.A. 12 Monika Agarwal, Pradeep Mishra, ” A Comparative Survey on Symmetric Key Encryption Techniques”, International Journal of Computer Science and Engineering(IJCSE), Vol.
4 No.05 May 2012, PP877-882.13 Cloud Security Alliance. Top Threats to Cloud Computing, Cloud Security Alliance, 2010.14https://googleweblight.com/i?u=https://www.
incapsula.com/blog/top-10-cloud-security-concerns.html&hl=en-IN15 Atul karate “Cryptography and Network Security”, Tata McGraw-Hill Companies,2008.16 https://blog.
demofox.org/2012/09/15/cryptography-101-encryption-symmetric-keys/17 Miss Shakeeba S.Khan and Prof. Ms.R.R.Tuteja “Cloud Security Using Multilevel Encryption Algorithms” International Journal of Advanced Research in Computer and Communication Engineering vol.
5, Issue 1, January 2016.18https://www.tutorialspoint.com/cryptography/triple_des.
html19 Tingyuan Nie, and Teng Zhang ,”A Study of DES and Blowfish Encryption Algorithm”, IEEE, 2009. 20 Bruce Schneier. “The Blowfish Encryption Algorithm Retrieved”, October 25, 2008.21 Hui Cui and Robert H. Deng “Attribute-Based Storage Supporting Secure Deduplication of Encrypted Data in Cloud” IEEE22https://www.tutorialspoint.com/cryptography/advanced_encryption_standard.htm