Professional Documents
Culture Documents
Computer Communications
journal homepage: www.elsevier.com/locate/comcom
1. Introduction the cloud server. By an efficient Access Control Model (ACM), the CSP
recognizes all the attempts to access any service from the cloud server
Computers are advancing day by day from the era of a vacuum tube and allows only the authorized users to access big data or cloud service.
to artificial intelligence, which involves many advanced technologies Since CSP is the central authority or administrator that manages all the
for data communication over the internet. Cloud computing is one tasks of a cloud server, it should provide a strong security of the user’s
of the benchmarks in the era of large-scale computation, where a confidential or sensitive big data.
huge number of distributed and parallel computers are interconnected. Cryptography is one of the most prominent solutions for big data
Here, many technologies like utility computing, virtualization, network security. The primary goal of cryptography is to transmit the data or
system and distributed processing are combined to allow many services,
message between the sender and receiver over an untrusted medium in
such as a server, space, network hardware, pay-per-use and many
such a manner that an attacker or malicious user is unable to read the
more [1]. There are three main entities in a cloud environment: (i)
original data content. Cryptosystem can be divided into two ways based
Data Owner (DO) (iii) Cloud Service Provider (CSP), and (iii) user.
on the use of encryption and decryption keys: symmetric key encryption
Here, many users store their confidential data on the cloud server, and
the DOs and users use the cloud services provided by the CSP [2–4]. and asymmetric key encryption. In the symmetric key encryption, the
Managing big data is an important expected capability of today’s cloud encryption and decryption processes are executed by using the same
environment. Nowadays, big data is considered as one of the sophisti- key [5,6]. In asymmetric key encryption, different keys or values are
cated areas for research. Big data is a large size of data including both used to encrypt and decrypt a data or message. Here, each party is
unstructured and structured data. It needs to be collected, processed, provided with a pair of keys, namely private key and public key. The
analyzed and visualized. Big data involves advanced techniques and private key is always kept secret, while the public key can be shared
methods for information extraction and data transformation. However, with all. Recently, many researchers have proposed many schemes to
access control and data security are two major concerns of big data improve data or information security and to improve the performance
in a cloud environment due to the presence of many attackers and of the cloud environment [7–23].
malicious users. Access control can be defined by a technique by which Shamir [24] has proposed a novel Identity-Based Encryption (IBE)
a user or customer can access any data or any kind of service from technique, where the sender of any data or message specifies a unique
∗ Corresponding author.
E-mail address: suyelnamasudra@gmail.com (S. Namasudra).
https://doi.org/10.1016/j.comcom.2019.12.041
Received 6 October 2019; Received in revised form 6 December 2019; Accepted 21 December 2019
Available online 2 January 2020
0140-3664/© 2020 Elsevier B.V. All rights reserved.
S. Namasudra, D. Devi, S. Kadry et al. Computer Communications 151 (2020) 539–547
identity that should match at the receiver’s end for decrypting the data. a symmetric cryptosystem, namely DNA Symmetric-key Cryptosystem
In 1992, Role Based Access Control (RBAC) model has been proposed (DNASC) in which decryption and encryption keys are generated by
based on the job role. Here, based on the job rule, user’s accesses using DNA computing. Enayatifar et al. [41] have proposed a Chaos
are controlled [25]. However, RBAC is not secured. The ciphertext is Based Image Encryption (CBIE) scheme based on the genetic algorithm,
assigned with several attributes in Key Policy based Attribute-Based logistic map and DNA masking. The main goal of CBIE is to find the
Encryption (KPABE) [26]. Here, an access structure is associated with best DNA mask for image encryption. This scheme does not provide
the private key of the user. In KPABE, the DOs cannot control access strong security. In 2017, Wang et al. [42] have proposed a Reversible
policies, and they must trust on the key generator. In Cipher Pol- Data Hiding Scheme (RDHS) by using DNA-Exclusive OR (DNA-EXOR)
icy Attribute-Based Encryption (CPABE) [27], an advanced model of operation rule. In RDHS, information is embedded, and after the ex-
KPABE is used in which each ciphertext is associated with an access traction process, information is exactly restored as the original host
policy. In CPABE, user’s attributes are used to create the private key of signal. However, disclosing of the DNA-EXOR operation rule can create
the user, and the system must be rebooted to modify the private key of issue in RDHS. Murugan and Thilagavathy [43] have proposed a novel
the user. In 2013, Mian et al. [28] have proposed a new Provisioning
model, namely Zigzag Morse Code based ACM (ZMCACM) for the
Data Analytic Workloads (PDAW) model for the cloud environment.
cloud computing environment. Here, DNA computing and Morse code
However, PDAW does not consider the security issue of confidential
is used to store the encrypted data in a zigzag pattern that improve
data. In Activity Based Access Control (AtBAC) model [29], user’s
data security. In 2019, a novel Client Side Data Encryption Scheme
Access Right (AR) for any data is provided based on the designation
(CSDES) [44] has been proposed based on DNA computing. CSDES can
of the user in an organization. Since there are several components
be considered as a multifold symmetric-key cryptography scheme in
in AtBAC, the system overhead can be increased. Mutual Trust Based
ACM (MTBACM) [30] was proposed to achieve mutual trust among which data are encrypted before uploading on the cloud server. All
different entities of cloud environment. In 2016, Auxilia and Raja [31] these existing schemes face security issues. In addition, these schemes
have suggested a novel Ontology Centric Based ACM (OCBACM) model also take much time for secret key generation, key retrieval, data
in which ontology is maintained for assigning role. This scheme does encryption and data decryption.
not address the data security issue. Index Generation Based Access To solve all the aforementioned problems, a data encryption tech-
Control model (IGBAC) [32] has been introduced by using substring nique has been introduced in this paper for the cloud computing
index generation process. IGBAC faces high key generation time. Alam environment based on DNA computing, namely DNA Based Data Se-
et al. [33] have proposed a Cross Tenant Access Control (CTAC) model curity (DNABDS). In the proposed scheme, the DOs encrypt big data
in which the CSP plays the role of a trusted third party. This scheme by utilizing DNA sequence unlike the traditional approaches (0 and 1).
supports resource sharing technique between two different tenants. The DOs use a long 1024-bit DNA based Secret Key (DNASK) for data
In 2018, Almutairi et al. [34] have proposed a novel mechanism for encryption. This key is randomly generated based on the attributes of
multitenant cloud environment by introducing notion of sensitivity in the authorized users. After encrypting by the DNA based secret key, the
the cloud data center. This model is based on the concept of RBAC. DO encrypts big data by using the DO’s Private Key (DOPrK). Then, the
Xie et al. [35] have proposed a Modified Hierarchical Attribute-Based DO again encrypts the encrypted big data by the Public Key of the CSP
Encryption (MHABE) scheme to focus data processing, data storing and (CSPPuK). The DO stores the encrypted big data on the cloud database,
data accessing in the multi-user data-shared environment. However, in and only the authorized users are able to access the encrypted big data
all these existing schemes, the data accessing time is high and data from the server. This proposed scheme can take less time for secret
security is a major issue. key generation, key retrieval, data encryption and data decryption. The
DNA computing is one of the advanced fields in which DNA, hard- main contributions of this paper can be summarized as below:
ware, molecular biology and biochemistry are used to encode the
genetic details in computers. DNA was first used in the field of com- (1) A novel 1024-bit DNA based secret key generation technique is
putation by Adleman [36]. In the beginning, this advanced approach introduced in this paper by using DNA computing.
has been utilized to solve NP-hard problems. However, very soon it (2) To improve big data security, a novel DNA based encryption
has been realized that DNA computing may not be the best solution method is proposed in the proposed scheme by using the 1024-
to solve this type of problems. After that many techniques have been bit DNA based secret key, data owner’s private key and user’s
developed by using DNA computing to solve many problems, such as public key. The proposed encryption technique can resist many
SAT problem, 0–1 planning problem, integer planning problem, graph security attacks.
theory, optimal problem, and many Turing machines are proved. (3) Experimental results and security analysis of DNABDS have been
Nowadays, DNA computing is widely using in the field of cryp- presented in this paper to prove its efficiency over the existing
tography. In DNA cryptography, DNA is used as a computational and techniques.
informational carrier along with the molecular technologies. The con-
cept of DNA has got much attention in the field of information security The rest of the paper is structured into several parts. Background of
due to its complex structure. In DNA encryption, unlike the traditional the proposed scheme has been presented in Section 2. The proposed
approaches i.e. 0 and 1, data are encrypted and stored by using the scheme has been discussed in Section 3. Section 4 deals with the
DNA bases, namely A (Adenine), C (Cytosine), G (Guanine) and T security analysis of the proposed scheme. Results and discussions have
(Thymine). So, the sender or who encrypts the data can chose any been presented in Section 5. At last, conclusions and future works are
combination of the DNA bases during the encryption process, which given in Section 6.
improves data security. Many researchers have proposed many schemes
to improve data security by using DNA computing. In 1999, Clelland 2. Background of the proposed scheme
et al. [37] have proposed the first method for data hiding by using
DNA computing, namely Hiding Messages in Microdots (HMM). Here, This section deals with two aspects of the proposed scheme: (i)
microdot can be defined by the process for concealing the messages system model, and (ii) design goals.
known as steganography. However, this scheme is very slow. Leier
et al. [38] have proposed a scheme, namely Cryptography with DNA 2.1. System model
Binary Strands (CDNABS) to improve data security. Tanaka et al. [39]
have proposed a Public Key System by using DNA (PKSDNA) computing There are three entities in the proposed DNABDS:
and one-way function. This scheme is mainly developed for solving
the key distribution issue between the sender and receiver. PKSDNA (1) Cloud service provider: This entity is the overall administrator
increases the data accessing time and it is not secured against the or central authority of any cloud environment that supports
malware injection attack. In 2007, MingXin et al. [40] have proposed infrastructure and provides cloud services by utilizing numer-
540
S. Namasudra, D. Devi, S. Kadry et al. Computer Communications 151 (2020) 539–547
Table 1
Decimal encoding rule.
Digits/symbols/ Decimal Digits/symbols/ Decimal Digits/symbols/ Decimal
alphabets value alphabets value alphabets value
1 01 A 11 ‘ 37
2 02 B 12 ∼ 38
3 03 C 13 ! 39
4 04 D 14 @ 40
. . . . . .
. . . . . .
. . . . . .
8 08 X 34 ( 48
9 09 Y 35 ) 49
0 10 Z 36 Blank space 50
541
S. Namasudra, D. Devi, S. Kadry et al. Computer Communications 151 (2020) 539–547
The resultant DNA sequence is provided to the user as the DNA 00000110 00000101
⏟⏞⏞⏟⏞⏞⏟ ⏟⏞⏞⏟⏞⏞⏟
based secret key. There are the following steps in the key generation
53 165
process:
(𝐴𝑆𝐶𝐼𝐼𝑣𝑎𝑙𝑢𝑒) (𝐴𝑆𝐶𝐼𝐼𝑣𝑎𝑙𝑢𝑒)
Step 1: In the first step, the user communicates with the DO, and a
session is generated Step 7: ASCII values are again transformed into their actual 8-bit binary
Step 2: The DO verifies the user’s authorization. The DO continues the values.
further processes, if the user is a valid one. 0011010110100101
Step 3: The DO fetches all the information of the user, such as date of
birth, user id, address of the user and MAC address of the user. For an Step 8: In the eight step, the DO then divides the resultant of step 7 into
two parts and adds the first part to the left side of the MAC address,
example:
while the second part is added to the right side of the MAC address.
20-02-1990 001 ABCD 00-14-22-01-23-45 So, it becomes:
Step 4: In the fourth step, the DO converts these values in the 8-bit 00110101 00 − 14 − 22 − 01 − 23 − 45 10100101
⏟⏞⏞⏟⏞⏞⏟ ⏟⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏟⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏞⏟ ⏟⏞⏞⏟⏞⏞⏟
binary form by using decimal encoding rule as mentioned in Table 1. 𝑀𝐴𝐶𝐴𝑑𝑑𝑟𝑒𝑠𝑠
into their corresponding ASCII values by using Table 2. For an example, Step 12: In the twelfth step, complementary rule is applied on the
in the above step, there are two 8-bit binary values: 00000110 and resultant of step 11 to make it the final DNA based secret key. So, the
00000101. ASCII values of both these binary numbers can be 53 and final DNA key sequence is:
165 or it can be anything. The DO randomly generates Table 2 as per
his/her wish. CTAG
542
S. Namasudra, D. Devi, S. Kadry et al. Computer Communications 151 (2020) 539–547
543
S. Namasudra, D. Devi, S. Kadry et al. Computer Communications 151 (2020) 539–547
Table 3
DNA bases of 2-bit binary number.
2-bit binary number
00 01 10 11
A C G T
A T G C
C G A T
C T A G
T C A G
T G A C
. . . .
. . . .
. . . .
G T A C
G C A T
544
S. Namasudra, D. Devi, S. Kadry et al. Computer Communications 151 (2020) 539–547
Fig. 4. Number of users vs. key generation time. Fig. 5. Number of users vs. key retrieval time.
5.1. Simulation environment Fig. 4 depicts the results of the first experiment to calculate the key
generation time. In DNABDS, all the users have to send the requests
For evaluating the performance of DNABDS, a cloud simulation to the respective DOs for receiving the secret key and user’s access
environment has been built by using CloudSim 3.0.3 [51]. CloudSim right, when they wish to get any big data. The DO collects a set
has been installed on a DELL OPTIPLEX 9020 SFF desktop, which of secret user’s attributes and MAC address of the user, and uses
consists of the following configuration: Tables 1, 2 and complementary rule for generating the DNASK. So, the
proposed scheme takes a little bit of time to generate the DNASK. In
(1) RAM: 8 GB DNABDS, once the secret key is provided to the users, they can use it in
(2) Storage capacity: 1 TB future. Thus, for the existing or old users, who already have the DNA
(3) Processor: 3.40 GHz Intel corei5 based secret key, the key generation time is reduced. Thus, DNABDS
(4) Operating system: Windows 7 produces a zigzag curve. In ZMCACM, secret key is generated through
Apache Common-math [52] is mounted with the CloudSim. Ten several processes, which consumes much time. There are many EXOR
datacenters have been considered during simulation to create a hetero- operations in both RDHS and CSDES to generate the DNA sequence
geneous cloud environment. In the heterogeneous cloud environment, based secret key. Moreover, all these existing schemes are very complex
compared to the proposed scheme, and all the users or customers must
2000 physical nodes are considered, and 1 GB/s of network bandwidth
get the secret key in each accessing time of big data for further data
and storage capacity is 4 GB. Four types of VM with 1 GB/s bandwidth
accessing processes. Therefore, linear increasing curves are experienced
have been considered as mentioned below:
in the case of all these existing schemes.
(1) 1000 MIPS, 1 GB The second experiment validates the key retrieval time. It can be
(2) 1500 MIPS, 1.5 GB easily recognized from Fig. 5 that DNABDS gives much better results
(3) 2000 MIPS, 2 GB for retrieving the secret key by the user. In the proposed scheme, the
(4) 2500 MIPS, 2.5 GB old or existing users have the secret key of the corresponding data
and they do not need to get the DNASK from the DO. So, they do
In CloudSim, few classes, namely VMScheduler, powerhost, VM and
not retrieve the DNASK for the subsequent time of big data accessing.
CloudletScheduler are modified for the simulation purpose to achieve However, in DNABDS, all the new users or customers, who want to
dynamic resource distribution and a class, dynamicmemory is newly access the big data for the first time must get the DNASK from the
added to guess the required resource. This class also updates the DO. So, they have to retrieve the key during the first accessing, and
resources of VMs after the execution of a cloudlet. thus, the key retrieving time is increased in DNABDS. In the existing
schemes, namely ZMCACM, RDHS and CSDES, users must execute
5.2. Results and discussions many operations to retrieve the secret key. Here, whenever the users
want to get a big data from the cloud server, every time they have to get
Many experiments are executed for evaluating the performance of the secret key from the DO and they have to retrieve it. Thus, the key
the proposed scheme with respect to the existing schemes, namely retrieving time is high in ZMCACM, RDHS and CSDES, and it produces
reversible data hiding scheme [42], zigzag Morse code based ACM [43] linearly increasing curves.
and client side data encryption scheme [44]. These schemes are pro- In Fig. 6, it can be easily seen that the proposed scheme takes
posed recently and almost analogous to the proposed scheme, so these less time to encrypt big data than the existing schemes in the cloud
are treated as the baseline schemes for comparisons. To calculate key computing environment. In DNABDS, after generating the DNASK, the
generation time, key retrieval time, encryption time of big data and DO uses Table 3 and complementary rule to encrypt big data, which is
decryption time of big data, 50 experiments are executed in different time consuming. In ZMCACM, Morse code is used to encrypt big data
situations to get each result. Finally, average values are considered from and encrypted data is stored in zigzag lines after many operations by
those 50 results. For the simulation, datasets are collected from publicly using ‘dot’ and ‘dash’. Thus, this scheme takes much time to encrypt
available CityPulse Dataset Collection [53], which provides different big data. The classical algorithm of reversible data protecting or data
types of datasets, namely pollution, weather, road traffic, etc. Here, hiding approach is used in RDHS, where using of histogram modifi-
vehicle traffic dataset (3 GB size) has been used for the experiments. In cation technique increases the time of big data encryption compare
this sub-section, results and discussions of the proposed DNABDS have to the proposed scheme. In addition, watermarking process of RDHS
been presented. consumes time to encrypt a big data. Client side data encryption scheme
545
S. Namasudra, D. Devi, S. Kadry et al. Computer Communications 151 (2020) 539–547
that the proposed technique is more efficient and effective than the
other well-known existing schemes. Mathematical proof for the security
analysis of the proposed scheme will be considered as a future work.
Moreover, there is a considerable scope to improve the authentication
process of the cloud computing environment.
References
546
S. Namasudra, D. Devi, S. Kadry et al. Computer Communications 151 (2020) 539–547
[24] A. Shamir, Identity-based cryptosystems and signature schemes, in: G.R. Blakley, [39] K. Tanaka, A. Okamoto, I. Saito, Public-key system using DNA as a one-way
D. Chaum (Eds.), Advances in Cryptology, Springer, 1985, pp. 47–53. function for key distribution, Biosystems 81 (1) (2005) 25–29.
[25] D.F. Ferraiolo, D.R. Kuhn, Role-based access controls, in: Proceedings of the 15th [40] L. MingXin, L. XueJia, X. GuoZhen, Q. Lei, Symmetric-key cryptosystem with
National Computer Security Conference, Baltimore, USA, 1992, pp. 554–563. DNA technology, Sci. China F 50 (3) (2007) 324–333.
[26] V. Goyal, O. Pandey, A. Sahai, B. Waters, Attribute-based encryption for fine- [41] R. Enayatifar, A.H. Abdullah, I.F. Isnin, Chaos-based image encryption using a
grained access control of encrypted data, in: Proceedings of the 13th ACM hybrid genetic algorithm and a DNA sequence, Opt. Lasers Eng. 56 (2014) 83–93.
Conference on Computer and Communications Security, New York, USA, 2006, [42] B. Wang, Y. Xie, S. Zhou, C. Zhou, X. Zheng, Reversible data hiding based
pp. 89–98. on DNA computing, Comput. Intell. Neurosci. (2017) http://dx.doi.org/10.1155/
[27] J. Bethencourt, A. Sahai, B. Waters, Ciphertext-policy attribute based encryption, 2017/7276084.
in: Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA, [43] A. Murugan, R. Thilagavathy, Cloud storage security scheme using DNA
2007, pp. 321–334. computing with morse code and zigzag pattern, in: Proceedings of the IEEE Inter-
[28] R. Mian, P. Martin, J.L.V. Poletti, Provisioning data analytic workloads in a national Conference on Power, Control, Signals and Instrumentation Engineering
cloud, Future Gener. Comput. Syst. 29 (6) (2013) 1452–1458. (ICPCSI-2017), IEEE, 2018, pp. 2263–2268.
[29] S. Ajgaonkar, H. Indalkar, J. Jeswani, Activity based access control model for [44] M. Sohal, S. Sharma, BDNA-A DNA inspired symmetric key cryptographic
cloud computing, Int. J. Curr. Eng. Technol. 5 (2) (2015) 708–713. technique to secure cloud computing, J. King Saud Univ.-Comput. Inf. Sci. (2019)
[30] L. Guoyuan, W. Danru, B. Yuyu, L. Min, MTBAC: a mutual trust based access http://dx.doi.org/10.1016/j.jksuci.2018.09.024.
control model in cloud computing, China Commun. 11 (4) (2014) 154–162. [45] S. Namasudra, Cloud computing: a new era, J. Fundam. Appl. Sci. 10 (2) (2018)
[31] M. Auxilia, K. Raja, Ontology centric access control mechanism for enabling data 113–135.
protection in cloud, Indian J. Sci. Technol. 9 (23) (2016) 1–7. [46] A.O. Eze, C.C. E, Malware analysis and mitigation in information preservation,
[32] S. Raghavendra, et al., Index generation and secure multi-user access control IOSR J. Comput. Eng. 20 (4) (2018) 53–62.
over an encrypted cloud data, Procedia Comput. Sci. 89 (2016) 293–300. [47] K. Tiri, Side-channel attack pitfalls, in: Proceedings of the 44th ACM/IEEE Design
[33] Q. Alam, et al., A cross tenant access control (CTAC) model for cloud computing: Automation Conference, IEEE, San Diego, USA, 2007.
formal specification and verification, IEEE Trans. Inf. Forensics Secur. 12 (6) [48] T.N. Jagatic, N.A. Johnson, M. Jakobsson, F. Menczer, Social phishing, Commun.
(2017) 1259–1268. ACM 50 (10) (2007) 94–100.
[34] A. Almutairi, M.I. Sarfraz, A. Ghafoo, Risk-aware management of virtual re- [49] M.B. Salem, S. Hershkop, S.J. Stolfo, A survey of insider attack detection
sources in access controlled service-oriented cloud datacenters, IEEE Trans. Cloud research, in: S.J. Stolfo, S.M. Bellovin, A.D. Keromytis, S. Hershkop, S.W. Smith,
Comput. 6 (1) (2018) 168–181. S. Sinclair (Eds.), Insider Attack and Cyber Security, in: Advances in Information
[35] Y. Xie, H. Wen, B. Wu, Y. Jiang, J. Meng, A modified hierarchical attribute-based Security, vol. 39, Springer, Boston, MA, 2008.
encryption access control method for mobile cloud computing, IEEE Trans. Cloud [50] A. Prakash, M. Satish, T.S.S. Bhargav, N. Bhalaji, Detection and mitigation of
Comput. 7 (2) (2019) 383–391. denial of service attacks using stratified architecture, Procedia Comput. Sci. 87
[36] L.M. Adleman, Molecular computation of solutions to combinatorial problems, (2016) 275–280.
Science 266 (5187) (1994) 1021–1024. [51] R.N. Calheiros, R. Ranjan, A. Beloglazov, CloudSim: a toolkit for modeling
[37] C.T. Clelland, V. Risca, C. Bancroft, Hiding messages in DNA microdots, Nature and simulation of cloud computing environments and evaluation of resource
399 (6736) (1999) 533–534. provisioning algorithms, Softw.-Pract. Exp. (SPE) 41 (1) (2011) 23–50.
[38] A. Leier, C. Richter, W. Banzhaf, H. Rauhe, Cryptography with DNA binary [52] Apache commons math, 2018, Available: http://commons.apache.org/proper/
strands, Biosystems 57 (1) (2000) 13–22. commons-math/download_math.cgi [Accessed on 14 2018].
[53] CityPulse dataset collection, 2018, Available: http://iot.ee.surrey.ac.uk:8080/
datasets.html [Accessed on 15 2018].
547