See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/274780011

Ensure data security in cloud computing by using cryptography

Article · March 2013

CITATIONS READS
0 750

1 author:

Mufind Mukaz Ebedon

University of Lubumbashi
5 PUBLICATIONS   0 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

performance enhacement of internet gateway in ad hoc networks by using clustering schemes View project

All content following this page was uploaded by Mufind Mukaz Ebedon on 11 April 2015.

The user has requested enhancement of the downloaded file.

Ensure data security in cloud computing by using cryptography
Mufind Mukaz ebedon
School of computing sciences, IUKL University, Malaysia
ebedonmufind@gmail.com

Abstract I. INTRODUCTION

Security is an important factor in cloud computing to
ensure that the client data is placed in a secure place.
Cloud computing help business to improves their
organization by using the services the cloud provider
offer such as shared network, valuable resources
bandwidth, software and hardware in a cost effective
manner. In this research paper, we are focusing on
what encryption a client need before choosing a
cloud provider, because good encryption will help
you protect your data when you share it or use it, but
if it is not consider before, the client will hand up
losing data, paying more money to cloud provider,
because the encryption offering by the cloud doesn’t
much with his need. We are going to compare two
encryption; asymmetric (DES and AES) and
symmetric (RSA) algorithms. We have found that the
encryption needed will depend on the confidentiality
of your data, if the data confidentiality is high you
will need a strong encryption such as RSA, if not you
will need DES as encryption, so analyzing your data
confidentiality is very important before deciding on
which encryption to take.
General Terms
Security
Keywords
Cloud computing, Encryption, Data security,
confidentiality
Several trends now days are opening up to the
era of cloud computing, which is, the use of internet
and computer resources, cloud can provide a cheaper
resources such as CPU, HDD, cheaper data center
rather than buying your own resources and building
your own data center, cloud is offering services
combine with the platform and the infrastructure that
allow you to use a software without carrying more on
what infrastructure to use or what platform to install.
There are a lot of advantages of cloud but one
of the biggest concerns with data storage in cloud are
data confidentiality, user and company are worry
about what to do to secure their data and what
encryption to use just to make their data confidential
because their data are not control by them, they live it
to a provider to secure it for them, so the importance
of knowing the best encryption it is very crucial to
make sure every data are protected.
Our research will focus on encryption such as
symmetric and asymmetric, It will be better for a new
customer or company who wants to explore the
benefit of cloud, to know what encryption to use for
his data, so before deciding on which cloud provider
to choose it will be better to know the encryption
needed for your data then compare to what cloud
provider offer, we know that all the data are not
confidential so the client or company have to know
which encryption to use for each types of data
I.1. Related work
Data security in cloud has been a main point of
researcher, but talking about the all issue of data
security will not solve the problem, that way most of
the researcher focus on a particular point or
weaknesses of data security in cloud.
Some are focusing on creating a better encryption to
ensure that the share network are secure when we
send a file, but their finding are not the same some
use asymmetric algorithm [1] some combine both
asymmetric and symmetric [2] [3] algorithm to come
with a better encryption.
other researcher focus on creating a third party audit
[4] [5] to analyze if the cloud provider has a good
security, to ensure their client that their data are well
secure, other focus on creating a scheme [6] [7] and
the rest are focusing in particular topic such as remote
data integrity [8] [9].
We can see that most of the researcher focus on
creating a new encryption or using a third party to
investigate on behave of the client and other focus on
creating scheme to make sure that the cloud has a
good design and security at the high level, but no one
has focus on how a new company or client will
choose a particular encryption for it file before
moving to cloud because all the data doesn't have
the some value so a different encryption will be
needed for each data, after choosing you can
determine which cloud provider has that encryption
and by doing that you will save the cost because you
can use a combination of private cloud and public
cloud depending of your data value. Our research is
focusing on analyzing some encryption and give
advice on what encryption to choose before moving
to cloud
Our work will be only focus on asymmetric and
symmetric cryptography, analyze them and decide
which one will be better for the client base on his
need and also enhanced them if needed.
The rest of the paper is organized as follows. In
section II we discusses very briefly about some terms,
technology, in cloud and encryption to be proposed in
section III. Section III we discuss and provide a
solution for what encryption to use and the last
section will be our conclusion
II. BASICS
1. Cloud computing
Cloud computing can be define as a
distributed architecture system featuring virtualized
and dynamically scalable resources, e.g, storage,
platforms, computer power and services which are
delivered on demand to customer via internet. The
cloud provides services what we called “everything as
a service” model. Like we said in the last paragraph
we have a lot of services cloud offer but the most
used or popular are software as a service(Saas)
provide software that runs over a platform and
infrastructure that is manage by the company offering
the services, e.g. sales forces, infrastructure as a
service(Iaas)provides an infrastructure to client such
as storage, hardware and others computer services
and finally platform as a services (Paas) provides a
platform ready for use and allow user to develop their
own application via this platform [10].
We have three major cloud deployment
model such as Public clouds which allow customer to
pay to access their services, via internet, web
application or application programming interface
(API) on the other hand we have Private clouds, it
offer services to a limited number of clients by
restricting the rest to access that means it is working
as a company services. The last one is a hybrid cloud
which combine those two for example we have a
public storage combine with a companywide storage.
There are a lot of clouds computing provider
base on those services we talk earlier, but the most
known are: Amazon, Microsoft and Google

Figure : Cloud services
2. Data security
Data security in cloud as created a lot of question, in
which people are wondering if security is well
implemented because of the services offered by
cloud, client and company are moving a lot of data or
access their services via a third party who control and
handle their data. The issue with that is most of
researches in security affirm that if two programming
are running in the same place a hacker can access the
data by using a eavesdropping program and also
another problem is two virtual machine running in the
some physical computer that pause the some problem.
There are a lot of concern about the security
in cloud such as the services is use via internet and
we know what is the insecurity of internet that will
also affect the cloud, insecurity via API and so on.
Major cloud computing security solutions are based
on encryption. The most secure ways nowadays is
getting the encrypted data from the cloud to a secure
location, decrypting it, then use it and work with, and
at last, return the data encrypted again back to the
cloud.
3. Cryptography
In this field of cryptography we have several
techniques for encryption/decryption; this technique
can be classified in two groups Symmetric key
encryption and Asymmetric or public key
cryptography. Conventional encryption is the use of a
single key for both encryption and decryption but in
public key they use separate keys.
A. Symmetric key encryption
For our research we will focus on two encryption
Data encryption standard (DES) and advanced
encryption Standard (AES) [11]
Figure : Symmetric key schema
A.1. Data encryption standard (DES)
DES is based on a cipher known as the
Feistel block cipher. This was a block cipher
developed by the IBM cryptography researcher Horst
Feistel in the early 70’s. It consists of a number of
rounds where each round contains bit shuffling, non-
linear substitutions (S-boxes) and exclusive OR
operations. Most symmetric encryption schemes
today are based on this structure (known as a feistel
network).
As with most encryption schemes, DES
expects two inputs the plaintext to be encrypted and
the secret key. The manner in which the plaintext is
accepted, and the key arrangement used for
encryption and decryption, both determine the type of
cipher it is. DES is therefore a symmetric, 64 bit
block cipher as it uses the same key for both
encryption and decryption and only operates on 64 bit
blocks of data at a time5 (be they plaintext or
ciphertext). The key size used is 56 bits, however a 64
bit (or eight-byte) key is actually input. The least
significant bit of each byte is either used for parity
(odd for DES) or set arbitrarily and does not increase B. Asymmetric or Public Key encryption
the security in any way. All blocks are numbered from methods
left to right which makes the eight bit of each byte the
parity bit. Once a plain-text message is received to be In the modern cryptographic algorithms, the
encrypted, it is arranged into 64 bit blocks required encryption and decryption keys are not only different,
for input. If the number of bits in the message is not but also one of them is placed in the public domain,
evenly divisible by 64,then the last block will be such algorithms are referred as asymmetric key
padded. Multiple permutations and substitutions are cryptography, public key cryptography. And for our
incorporated throughout in order to increase the research we will be focusing on RSA
difficulty of performing a cryptanalysis on the cipher.
A.2. Advanced encryption Standard (AES)

AES is based on a design principle known as

a substitution-permutation network, and is fast in both
software and hardware unlike its predecessor DES,
AES does not use a Feistel network. AES is a variant
of Rijndael which has a fixed block size of 128 bits,
and a key size of 128, 192, or 256 bits. By contrast,
the Rijndael specification per se is specified with
block and key sizes that may be any multiple of 32
bits, both with a minimum of 128 and a maximum of
256 bits.
Figure : Asymmetric Schema
AES operates on a 4×4 column-major order
matrix of bytes, termed the state, although some
versions of Rijndael have a larger block size and have
additional columns in the state. Most AES RSA involves a public key and a private key. The
calculations are done in a special finite field [12]. public key can be known to everyone and is used
The key size used for an AES cipher specifies for encrypting messages. Messages encrypted
the number of repetitions of transformation rounds with the public key can only be decrypted in a
that convert the input, called the plaintext, into the reasonable amount of time using the private key.
final output, called the ciphertext.
The keys for the RSA algorithm are generated the
following way:
The number of cycles of repetition are as follows:
1. Choose two distinct prime numbers p and
• 10 cycles of repetition for 128-bit keys.
q.
• 12 cycles of repetition for 192-bit keys.
o For security purposes, the integers
• 14 cycles of repetition for 256-bit keys.
p and q should be chosen at
Each round consists of several processing steps,
random, and should be of similar
including one that depends on the encryption key bit-length. Prime integers can be
itself. A set of reverse rounds are applied to transform efficiently found using a primality
ciphertext back into the original plaintext using the test.
same encryption key. 2. Compute n = pq.
o n is used as the modulus for both
the public and private keys. Its
length, usually expressed in bits,
is the key length.
 3. Compute φ(n) = (p – 1)(q – 1), where φ is
Euler's totient function.
4. Choose an integer e such that 1 < e < φ(n)
and greatest common divisor gcd(e, φ(n))
= 1; i.e., e and φ(n) are coprime.
o e is released as the public key
exponent.
o e having a short bit-length and
small Hamming weight results in
more efficient encryption – most
commonly 216 + 1 = 65,537.
However, much smaller values of
e (such as 3) have been shown to
be less secure in some settings.
5. Determine d as d ≡ e−1 (mod φ(n)), i.e., d
is the multiplicative inverse of e (modulo
φ(n)).
• This is more clearly stated
as solve for d given de ≡ 1 (mod
φ(n))
• This is often computed
using the extended Euclidean
algorithm.
• d is kept as the private key
exponent.
By construction, d⋅e ≡ 1 (mod φ(n)). The public
key consists of the modulus n and the public (or
encryption) exponent e. The private key consists
of the modulus n and the private (or decryption)
exponent d, which must be kept secret. p, q, and
φ(n) must also be kept secret because they can be
used to calculate d [13].
• An alternative, used by PKCS#1, is to
choose d matching de ≡ 1 (mod λ) with λ
= lcm(p − 1, q − 1), where lcm is the least
common multiple. Using λ instead of φ(n)
allows more choices for d. λ can also be
defined using the Carmichael function,
λ(n).
• The ANSI X9.31 standard prescribes,
IEEE 1363 describes, and PKCS#1
allows, that p and q match additional
requirements: being strong primes, and
being different enough that Fermat
factorization fails.
III. DISCUSSION
Symmetric key encryption is also known as
shared-key, single-key, secret-key, and private-key or
one-key encryption. In this type of message
encryption, both sender and receiver share the same
key which is used to both encrypt and decrypt
messages. Sender and receiver only have to specify
the shared key in the beginning and then they can
begin to encrypt and decrypt messages between them
using that key. Examples include AES (Advanced
Encryption Standard) and DES (Data Encryption
Standard) [14].
The advantages offer by this encryption are
simple to use because of the share key, simple
encryption and decryption of files, there are very fast
compare to other, they use less computer resources,
some disadvantages of it is that the need for secure
channel for secret key exchange, you have to generate
too many keys went you start a transferring a new
file, problem of origin authentication of message
since both sender and receiver use the same key,
message cannot be verify very easy for a hacker to
penetrate
Asymmetric algorithm or public key
encryption, this method of encrypting messages
makes use of two keys: a public key and a private
key. The public key is made publicly available and is
used to encrypt messages by anyone who wishes to
send a message to the person that the key belongs to.
The private key is kept secret and is used to decrypt
received messages. An example of asymmetric key
encryption system is RSA.
The advantages of this algorithm is that is
very convenient because the private key are secret, it
provides an authentication of message by using a
digital signatures which enables the recipient of a
message to verify the sender, provide a detection of
tampering to check if the message was not altered as a
disadvantages it is slow, use more computer
resources, and very easy to crack if the hacker knows
the private keys
Our proposal
We have seen both advantage and
disadvantages of symmetric and asymmetric
algorithm, for a new customer or company to move to
cloud they have to access which file are they going to
transfer or use often and share with customer or
employee, those will be the criteria to take in
consideration, for example if the file are not
confidential so they can opt for a symmetric
algorithm DES even this encryption offer 56 bit but it
will be relevant, if the information is more
confidential then they should opt for a better
encryption and better checking of the provenance of
the message they can use RSA.
So classifying the data base on high
confidentiality to low confidentiality it is a need
before looking for what encryption the provider offer,
that will also save you the cost of investing in cloud
because you can use different cloud provider base on
security they offer and the cost will be different.
IV. CONCLUSION
In this paper, we investigated what encryption
needed by the user by comparing two cryptographic
asymmetric and symmetric algorithms to help them to
decide on what encryption is better for their need
before they choose a cloud service provider. We have
found that the need of cryptography will depend of
the confidentiality of the data, the more high
confidentiality the more encryption such as RSA to
detect who send the message and to use two key
rather than one in symmetric and the low
confidentiality will need low encryption, so before
deciding it will be better to know the confidentiality
of your data. That will help you to save money
because you do not have to use high cryptography
offer by the cloud computer if you do not need it.
References
[1] YARLAGADDA, VAMSEE KRISHNA, and
SRIRAM RAMANUJAM, "Data Security in
Cloud Computing," Journal of Computer and
Mathematical Sciences Vol, pp. 1-169, 2011.
[2] M. Sudha, "Enhanced Security Framework to
Ensure Data Security in Cloud Computing Using
Cryptography," Advances in Computer Science
and its Applications, pp. 32-37, 2012.
[3] Ronny, Stephan Grob, and Alexander Schill.
Seigner, "SecCSIE: A Secure Cloud Storage
Integrator for Enterprises," Commerce and
Enterprise Computing (CEC), 2011 IEEE 13th
Conference on, pp. 252-255, 2011.
[4] S Nepal, S. Chen, and J. Yao, "DIaaS: Data
integrity as a service in the cloud," Cloud
Computing (CLOUD), 2011 IEEE International
Conference on, pp. 308-315, 2011.
[5] C. Wang, K. Ren, W. Lou, and J. Li, "Toward
publicly auditable secure cloud data storage
services," Network, IEEE, pp. 19-24, 2010.
[6] Q. LIeu, G. Wang, and J. Wu, "Efficient sharing
of secure cloud storage services," Computer and
Information Technology (CIT), 2010 IEEE 10th
International Conference on, vol. 29, 2010.
[7] M. Raykova, H. Zhao, and S. Bellovin, "Privacy
enhanced access control for outsourced data
sharing," Financial Cryptography and Data
Security, pp. 223-238, 2012.
[8] Y. Zhu, H. HU, and G.J. Ahn, "Comparison-
based encryption for fine-grained access control
in clouds," Proceedings of the second ACM
conference on Data and Application Security and
Privacy, pp. 105-116, 2012.
[9] Z. Hao, S. Zhong, and N. Yu, "A privacy-
preserving remote data integrity checking
protocol with data dynamics and public
verifiability," Knowledge and Data Engineering,
IEEE Transactions on, vol. 23, no. 9, pp. 1432-
1437, 2011.
[10] D. Lin and A. Squicciarini, "Data protection
models for service provisioning in the cloud,"
Proceedings of the 15th ACM symposium on
Access control models and technologies, pp. 183-
192, 2010.
[11] M. Almorsy and J. Grundy, "An analysis of the
cloud computing security problem," the proc. of
the 2010 Asia Pacific Cloud Workshop,
Colocated with APSEC2010, Australia, 2010.
[12] T Mather, S Kumaraswamy, and S Latif, Cloud
security and privacy: an enterprise perspective
on risks and compliance.: O'Reilly Media,
Incorporated, 2009.
[13] G. Wang, Q. Liu, and J. Wu, "Achieving fine-
grained access control for secure data sharing on
cloud servers," Concurrency and Computation:
 Practice and Experience, pp. 1443-1464, 2011.
[14] M.A. AlZain, E. Pardede, B. Soh, and J.A. Thom,
"Cloud computing security: from single to multi-
clouds," System Science (HICSS), 2012 45th
Hawaii International Conference on, pp. 5490-
5499, 2012.
[15] V.J.R. Winkler, securing the cloud: cloud
computer security techniques and tactics.:
Syngress, 2011.
View publication stats