A Framework for Data Storage Security

with Efficient Computing in Cloud

Manoj Tyagi, Manish Manoria and Bharat Mishra

Abstract The modern technology defines cloud computing as a digital facility which
is accessed by users over the web. The proposed framework provides the protection
according to the classification of data. In this framework, cloud service provider
(CSP) selects the eminent server using cuckoo algorithm with Markov chain pro-
cess and Levy’s flight. After server selection, user encrypts their data using elliptic
curve integrated encryption scheme (ECIES) at the user side and sends it to CSP
for storage, where CSP stores the data after applying second encryption on it using
advanced encryption standard (AES) at the cloud side. This double encryption pro-
vides the confidentiality on both the sides. This framework integrates server selection
approach, authentication and encryption schemes in order to achieve the integrity,
confidentiality as well as efficient computing.

Keywords Cloud computing · Cuckoo search algorithm · Cloud service provider

Confidentiality · Integrity · AES · ECIES · Efficient computing

1 Introduction

Like the basic utility services of gas, telephony, water and electricity, cloud computing
is a model which offers variety of services in the same manner. In this model, the
services are delivered to user as per their need without showing the detail like how
they delivered. Cloud computing has become popular in the recent years because
of its easy access, use on demand and scalability [1]. Cloud computing provides

M. Tyagi (B) · B. Mishra

Mahatma Gandhi Chitrakoot Gramodaya Vishwavidyalaya, Chitrakoot, India
e-mail: manojtyagi80.bhopal@gmail.com
B. Mishra
e-mail: bharat.mgcgv@gmail.com
M. Manoria
Sagar Institute of Research Technology and Science, Bhopal, India
e-mail: manishmanoria@gmail.com

© Springer Nature Singapore Pte Ltd. 2019 109

R. Kamal et al. (eds.), International Conference on Advanced Computing Networking
and Informatics, Advances in Intelligent Systems and Computing 870,
https://doi.org/10.1007/978-981-13-2673-8_13
110 M. Tyagi et al.

several services such as SaaS, PaaS and IaaS to users remotely through internet.
Through these services, cloud computing offers variety of resources in the form of
storage, software and computing power to individuals, groups and organizational
users. Cloud computing is widely accepted and successful in the market because of
its well distribution of resources and on-demand availability. As the data are stored in
cloud remotely, users are under the impression that they have no command on their
data and are insecure about the safety of the data as claimed by cloud provider [2].
One of the main issues in cloud is to achieve efficient scheduling in cloud,
considered for the research. The allotment of task among the resources in efficient
way, in order to enhance the performance, is the main aim of scheduling. Scheduling
is a time-taking process to search an eminent solution. Maximum algorithms
take long time to generate best possible solution, but meta-heuristic approaches
like league championship algorithm (LCA), genetic algorithm (GA), ant colony
algorithm (ACA), BAT algorithm, cuckoo search algorithm (CSA) and particle
swarm algorithm (PSA) take reasonable time to find the best solution [3]. Cloud
computing offers storage services to the users through internet where they keep their
data remotely in the cloud. Remote computing brings various security challenges
and security issues for both the user and the CSP. The CSP offers its services
across the internet and applies various network technologies that also bring security
issues [4]. Cloud computing faces several number of security challenges like shared
technologies vulnerabilities, data breach, account hijacking, service hijacking,
denial of service (DoS) and malicious insiders [5].

2 Related Work

Makhloufi et al. [6] investigated flower pollination algorithm (FPA), CSA and firefly
algorithm (FFA) to determine the optimal power flow in the Adrar power system.
He proved that CSA is better than FFA and FPA to find optimum solution. Bhateja
et al. [7] check the practicability of CSA as a cryptanalysis tool for Vigenere cipher.
Through experimental results, they proved that CSA is better in fast convergence
and accuracy over GA and PSA. Zineddine [8] proposed CSA with Levy flights to
discover the best possible set of answer to known set of vulnerabilities.
Mareli and Twala [9] showed that CSA is effective and efficient in solving global
optimization. Through experimental result, he showed that CSA is better than dif-
ferential evolution (DE), simulated annealing (SA) and PSA. Tawalbeh et al. [10]
proposed a model for secure cloud computing based on data classification. He applied
the various levels of security based on types of data.
Yahya et al. [11] discussed various levels of data security based on security level it
wants. Hank et al. [12] tell in his books that ECIES is secure against adaptive chosen-
ciphertext attacks. Martínez and Encinas [14] describe that ECIES is the well-known
cryptographic method included in various standards like SECG SEC 1, ANSI X9.63,
IEEE 1363a and ISO/IEC 18033-2.
A Framework for Data Storage Security … 111

3 Problem Formulation

In today’s scenario, many people use cloud for data storage. A cloud is a collection
of many servers situated remotely and shared by many users, so server selection for
storage of data and its security is mandatory in this environment. Here, the focus is on
two issues: firstly to choose the eminent data storing server in the cloud, and secondly
data security in the cloud and prevent its unauthorized access. Many scheduling
algorithms are available to decide which server is suitable for storing the particular
data in the cloud. In the recent years, nature-based algorithms like ACA, FPA, GA,
PSA, FFA, BAT and CSA are very popular in many areas to find the optimum solution.
Many approaches like authentication, confidentiality and integrity are available for
security of various types of data stored in the cloud. The level of security depends on
data classifications, namely very sensitive data, sensitive data and protected data [11].

4 Proposed System

An environment capable of providing reliability, customization and guarantee has

been introduced by cloud computing in computational services for its customer.
Here, centralized data centers for different application and databases are used. This
work mainly focuses on server-side computation and data security; in this way, it
fulfills the requirement of secure data storing and other security features in the cloud.
Each user’s data received at the server goes through security mechanism consisting
of authentication and encryption. After each successful access from the user to the
cloud system, dynamic server stipulation is applied. An optimized result is obtained
in the server selection by utilized cuckoo algorithm with Markov chain random
walk and Lévy flights. Once the efficient server is selected, this framework allows
the system for data storing and access to the user. Based on data classification,
user chooses the security mechanism to manage the various security levels. Single-
factor authentication is applied for protected data, and for sensitive data multifactor
authentication is applied [11]. Owner and user both use the ECIES at own side for
confidentiality and integrity. Encryption and decryption at client side remove the
dependency on cloud for confidentiality (Fig. 1).

4.1 System Model

Owner (O). An individual or an organization which shares the data among its cus-
tomers through cloud. Owner encrypts the data using ECIES at its end and sends this
encrypted data (Ct ) to cloud through secure Internet channel. It also sends the value
of NR and St to its customer.
112 M. Tyagi et al.

Data Decryption (Ct) Cloud Side Encryption/Decryption

(NR, Ct, St)
(Pt) (ECIES)

User Side
Servers
(NR, St) Internet

Data Encryption
(NR, Ct, St)
(Pt) (ECIES) Cuckoo Search for Server Selection

Owner Side Cipher Text (Ct)

Cloud Service Provider

Fig. 1 Proposed framework

User (U). An individual or an organization which wants to use the data from the
cloud. It receives the ciphertext from cloud and generates the tag S t for received
ciphertext using ECIES and then compares it with tag St . If these tags are same, then
the user decrypts the ciphertext using ECIES at its end and receives the data.
Cloud Service Provider (CSP). It is responsible authority for cloud. It receives
the encrypted data from the owner and again encrypts it using symmetric crypto-
graphic method AES-128 and AES-256 for protected data and sensitive data, respec-
tively, and the data are secured at the cloud side. CSP also uses the cuckoo algorithm
for selecting an efficient server and stores this double-encrypted data in cloud. It is
also responsible to decrypt the data using respective AES method, when users request
data access. So CSP converts data from double-encrypted form to single-encrypted
form and sends these data to user in encrypted form, where user decrypts it.

4.2 Efficient Server Selection

Cuckoo is a brood parasite which cleverly chooses the nest of the other birds for
laying their eggs where its eggs are taken care by the host bird. This behavior of
cuckoo is adopted by CSA to find an optimal solution. Markov chain random walk
and Lévy flights are helpful in cuckoo search to improve its performance. CSA is a
naturally inspired meta-heuristic approach which is used for best possible searching
[7]. The server has a set of virtual machines, and to select an efficient server to store
the user’s data in the cloud, here CSA is applied. CSA generates cuckoo habitat
matrix assuming the population of eggs. Here, an egg is denoted as jobs, cuckoo
works as scheduler, and nest represents virtual machine (VM). Now, calculate the
fitness function of virtual machine for all servers and select the efficient server based
on fitness function. Here, J i represents the jobs, n represents the number of VM’s,
processor and memory are denoted by C i and M i , respectively, and mu represents the
quantity of memory units. VM fit represents the fitness function of virtual machine.
A Framework for Data Storage Security … 113
n
i1 ji
V Mfit   n   . (1)
Ci ni1 Mi
i1
mu
×t

4.3 Data Storage Security

When the size of security level is small, RSA-AES performs better than ECIES in
execution time, whereas ECIES performs fast execution than RSA-AES on higher
security level. It clearly shows that ECIES is better than RSA-AES and a legitimate
option to RSA-AES that combines asymmetric and symmetric cryptography in an
efficient manner. The execution result of encryption/decryption process on 1 KB text
file is given in Table 1.
At client end and server end, ECIES [13] and AES are used, respectively. KDF,
ENC, KA and MAC are key derivation function, encryption function for a symmetric
key, key agreement and message authentication code, respectively. KDF is a method
of generating the keys using some parameters. Through ENC, data are translated
into encrypted form using common key which is confidential for the communicators.
Under the key agreement, sender and receiver follow a mutually defined agreement.
MAC verifies the data at the receiver end. Diffie–Hellman derives the symmetric
keys G1 and G2 , where G1 and G2 are used for encryption and certification of cipher
text, respectively. ECIES protects data from adaptive chosen-ciphertext attacks [12].
Various standards use XOR function for translating the message into cipher. But
in some time, if we vary the length of data, the XOR fails to provide the security
to the cipher text. So AES can be preferred for encryption purpose to strengthen
ECIES. A set of techniques given in Table 2 are proposed in the paper for attaining
the secure ECIES version [14].
Here, we take an elliptic curve R for finite field Ff [13]. Let H be the point of
prime order p in E(Ff ) and domain parameters are (p, FR , R, c, d, H, m, h), where
field is represented by FR , the elliptic curve created randomly is represented by R, the
coefficient c and d are used to define the equation of elliptic curve, h is the cofactor,
and m is the order of p.

Table 1 Execution time for RSA-AES and ECIES [14]

Security RSA-AES ECIES
level
RSA key Encryption Decryption Key length Encryption Decryption
length time (ms) time (ms) time (ms) time (ms)
80 1024 1.81 1.81 160 7.41 7.36
112 2048 6.42 6.53 224 13.73 13.31
128 3072 18.88 19.01 256 16.96 17.27
192 7680 240.55 239.76 384 40.77 39.75
256 15,360 1827.05 1834.13 512 81.52 82.84
114 M. Tyagi et al.

Table 2 Set of techniques used in ECIES

KA HASH KDF ENC MAC
DH SHA-512 KDF2 AES-128 in CBC HMAC-SHA-
mode with 512
PKCS#5 padding

An elliptic curve R over Ff is described by the given equation:

y2  d + cx + x3 . (2)

Here, c, d e Ff satisfy 4c3 + 27d2  0 (mod p).

4.3.1 Key Pairs

To obtain secret key and public key, the process which is applied is key generation.

ECIES key generation [13]

1. Select private key Sk ∈R [1, m − 1].
2. Generate public key Pk  Sk H.
3. Return (Pk, Sk ).

4.3.2 Encryption

At owner end, data are converted into ciphertext by performing encryption and also
generate a tag St for cipher text.

ECIES encryption [13]

1. Choose G ∈R [1, m − 1].
2. Compute NR  GH and V  hGPk . If V  ∞ then go to step 1.
3. (G1 , G2 ) ← KDF (xV, NR ), where xV is the x-coordinate of V.
4. Compute cipher text Ct  ENCG1 (Pt ) and tag St  MACG2 (Ct ).
5. Return (NR, Ct, St ).

4.3.3 Decryption

Decryption is performed at the user side where the user decrypts the cipher text into
data after signature or tag certification.
A Framework for Data Storage Security … 115

ECIES decryption [13]

1. Perform an embedded public key validation of NR . If the validation fails
return (“cipher text rejected”).
2. Compute V  hSk NR. If V  ∞, return (“cipher text rejected”).
3. (G1 , G2 ) ← KDF (xV, NR) , where xV is the x-coordinate of V.
4. Compute S’t  MACG2 (Ct ). If S’t  St, return (“cipher text rejected”).
5. Compute Pt  DECG1 (Ct ).
6. Return (Pt ).

Proof for decryption process. The proof consists that the valid user generates an
encrypted data (NR , Ct , St ) from Pt .

hSk NR  hSk (GH)  hG(Sk H)  hGPk .

After that, similar keys (G1 , G2) are used at the receiver side to find the actual
data.
Security Proofs for ECIES. The security of ECIES is considered very high as
it depends on the phenomena that symmetric key encryption and MAC algorithm
applied here are secure in nature. The computation and transferring of key in DH are
quite complex which make it more secure as it uses KDF, in turn provides a proven
security to ECIES.

5 Conclusion

This work has recognized the data security issues and has provided a framework that
utilizes the recourses as well as data security. This framework has been designed
in such a way that it uses security mechanism based on data classification as well
as it selects eminent data storage server. CSA has been used for selecting the most
suitable server to accomplish cloud computing efficiently. ECIES has been used for
encryption and to assure data integrity and secrecy at user end, which is further
encrypted at cloud server side before storing; in this way, it enhances user’s data
security in the cloud. Finally, this framework shows the confirmation of integrity,
authentication and confidentiality of data as well as computing efficiency.

References

1. S.M. Habib, S. Hauke, S. Ries, M. Muhlhauser, Trust as a facilitator in cloud computing: a

survey. J. Cloud Comput. Adv. Syst. Appl. 1, 19 (2012)
2. R. Buyyaa, C.S. Yeoa, S. Venugopala, J. Broberg, I. Brandic, Cloud computing and emerging
IT platforms: vision, hype, and reality for delivering computing as the 5th utility. J. Future
Gener. Comput. Syst. 25, 599–616 (2009)
3. M. Kalra, S. Singh, A review of metaheuristic scheduling techniques in cloud computing.
Egypt. Inf. J 16, 275–295 (2015)
116 M. Tyagi et al.

4. A. Singh, K. Chatterjee, Cloud security issues and challenges: a survey. J. Netw. Comput. Appl.
79, 88–115 (2017)
5. L. Coppolino, S. D’Antonio, G. Mazzeo, L. Romano, Cloud security: emerging threats and
current solutions. Comput. Electr. Eng., 1–15 (2016)
6. S. Makhloufi, A. Mekhaldi, M. Teguar, Three powerful nature-inspired algorithms to optimize
power flow in Algeria’s Adrar power system. J. Energy 116, 1117–1130 (2016)
7. A.K. Bhateja, A. Bhateja, S. Chaudhury, P.K. Saxenaa, Cryptanalysis of Vigenere cipher using
Cuckoo Search. Appl. Soft Comput. 26, 315–324 (2015)
8. M. Zineddine, Vulnerabilities and mitigation techniques toning in the cloud, a cost and vulner-
abilities coverage optimization approach using Cuckoo search algorithm with Levy flights. J.
Comput. Secur. 48, 1–18 (2015)
9. M. Mareli, B. Twala, An adaptive Cuckoo search algorithm for optimisation. Appl. Comput.
Inf. (2017)
10. L. Tawalbeh, N.S. Darwazeh, R.S. AlQassas, F. AlDosari, A secure cloud computing model
based on data classification. Procedia Comput. Sci. 52, 1153–1158 (2015)
11. F. Yahya, R.J. Walters, G.B. Wills, Protecting data in personal cloud storage with security
classifications, in Science and Information Conference, IEEE (2015)
12. V. Tilborg, C.A. Henk, S. Jajodia, Encyclopedia of Cryptography and Security. Springer (2011)
13. D. Hankerson A. Menezes, S. Vanstone, Guide to Elliptic Curve Cryptography. Springer (2004)
14. V.G. Martínez, L.H. Encinas, A.Q. Dios, Security and practical considerations when imple-
menting the elliptic curve integrated encryption scheme. J. Cryptologia 39(3), 244–269 (2015)