CLOUD COMPUTING

&
BUSINESS MANAGEMENT
Assignment – II
“Cloud security using hybrid
cryptography algorithms”

Submitted To: Submitted By:

Dr. Pooja Kushwaha Samidha Jain

1|Pag e
ABSTRACT:

Security concerns that are just starting to emerge with cloud computing research. Many
companies are abandoning their more traditional approaches to data storage in favour of cloud
computing because of the numerous benefits offered by this form of data management.
However, the most significant barrier that must first be overcome by companies before
adopting cloud computing is data security.

In this paper, a paradigm for the provision of cryptographic safety at many levels was proposed
for cloud computing. In this model, symmetric and asymmetric key cryptography algorithms
are utilised in order to protect sensitive information.

The adoption of the Data Encryption Standard (DES) and RSA, which enable several layers of
encryption and decryption on both sides of a connection, helps to make cloud storage more
secure. DES and RSA are both public-key cryptographic algorithms. This paradigm clarifies
matters for cloud users and suppliers alike, which helps to reduce the potential for security
breaches.

Java, a popular programming language, and the cloud Sim tool, a cloud simulation application,
are used to bring the proposed model to life. When compared to the method that is already in
place, our model considerably enhances data security while concurrently decreasing the
amount of time needed to transport text files.

2|Pag e
INTRODUCTION

The investigation of the question of how to ensure the safety of cloud computing has barely
begun. The vast majority of companies are making the transition from storing data on their own
premises to storing data on the cloud due to the many benefits that cloud storage provides in
terms of ease and flexibility. However, businesses face a significant challenge when it comes
to adopting cloud computing because of their concerns regarding the security of private data
stored on the cloud. In this work, we present a method of providing cryptographic protection
for cloud computing that has multiple layers. Encryption and decryption with symmetric keys
are utilised in this method for the purpose of protecting data that is stored in the cloud. This
security paradigm gives clarity not just for cloud consumers, but also for cloud service
providers, which helps to reduce the potential for security concerns. The model that was
suggested brings about the best feasible improvement to the data's level of security.

The concept of "cloud computing" is one that has only recently emerged in the field of
computer systems.

The cost of the hardware and software associated with computer power has increased in tandem
with the growth of computing power. Access to a shared pool of computer resources and
services hosted in the cloud can be purchased by customers on an as-needed basis and subject
to payment. As a consequence of this, it has gained in popularity since it helps users save both
time and money by providing them with access to a wide range of information over the internet.

Users have access to a variety of resources, including networks, servers, and data storage.
Email, corporate software, social media, and cloud-based data storage are just some of the
services that are offered through the cloud. As long as the user is connected to the internet, they
have access to all of these different tools and pieces of information. One of the most significant
benefits of cloud computing is that it hides the underlying infrastructure of the cloud from the

3|Pag e
end users, so they don't have to worry about it. The success of cloud computing can be
attributed to a number of different technologies, including virtualization, utility computing,
service-oriented computing, load balancing, and a multi-tenant environment.

The use of cloud computing has a lot of potential advantages, but there are still a lot of
obstacles standing in the way of its general acceptance. Because customers and companies use
the same platform, which is open to the public, they are effectively handing over management
of their data to a third party. As a result, it is possible for a third party who is not licenced to do
so to access it. Because of this, the data was put at risk.

In cloud computing and outsourcing, the data and information are typically dispersed among a
number of different resources, to which the customers do not have access. Computing in the
cloud has recently been plagued by a significant challenge: the question of how to securely
keep sensitive customer data and delegate work to a third-party cloud provider. Because it is
so simple for malicious actors to get their hands on the data that is being communicated
between a customer and a cloud service provider, there is a growing concern over the safety of
the customer's private information. While carrying out a wide variety of operations that could
be detrimental, this environment is required to take appropriate safety steps to prevent
malicious actors from obtaining access to sensitive information pertaining to its customers.

Methods that are known to avoid security breaches include the sharing of keys, the use of
certain cryptographic techniques, the processing of data blindly, and the delegation of authority
to a third party. Security concerns and the deployment of a variety of methods, such as
encryption and decryption mechanisms, are now being researched in relation to information
and how it is stored, transferred, and utilised.

Using a method of symmetric-key cryptography that can be implemented both in the cloud and
on the client's end in order to protect client data while it is in motion and while it is stored is
the major purpose of this research.

Cryptography:

Social life requires safe and private communication. Cryptography protects cloud data.
Cryptography secures cloud data. Users can securely and conveniently access shared cloud
data. The cloud service provider encrypts server data. Cryptography can protect sensitive data
in real-time cloud storage and retrieval. Cloud computing cryptographic security algorithms
are growing as data security becomes more important.

4|Pag e
 Cryptography involves encryption and decryption. Secure systems require encryption and
decoding. Decryption uses the same secret key to turn cypher text back into plaintext. The key
must be kept secret since numerous permutations of the same plaintext with a given key
produce different cypher texts. Cryptography studies the many encryption systems.

SERVICES OF CLOUD COMPUTING:

 Software as a Service (SaaS): In a concept known as Software as a Service (SaaS), the

software and any data linked with it are kept in the cloud by a Cloud Service Provider.
(CSP). After that, users are responsible for their own ongoing access fees. Users, on the
other hand, do not have any influence over the operation of the software or the underlying
infrastructure. The cost of maintaining and supporting traditional software packages is much
lower when compared to the cost of renting a cloud service. There are many well-known
examples, such as Google Apps and Salesforce CRM, among others.
 Platform as a Service (PaaS): Users of Platform as a Service are given a stage on which to
create, deploy, and test their own applications. This stage is supplied to users by the service
itself. In this scenario, the clients are responsible for managing the applications and the
information, while the suppliers are in charge of the networking, virtualization, runtime,
storage, middleware, servers, operating systems, and networking. Some examples of PaaS
include Google App Engine and Microsoft Windows Azure.
 Infrastructure as a Service (IaaS): IaaS deployments frequently make use of virtualization
in some capacity. The users of this system are charged on a "pay as you go" basis for the
utilisation of resources like as servers, networking, and storage space. It is vital to utilise
virtualization in order to meet the ever-changing demands, both major and minor, placed on
available resources. Two examples of infrastructure as a service are Amazon Web Services
(AWS) and Google Compute Engine.

SECURITY ISSUES:
Cloud computing offers a wide variety of benefits, including increased adaptability, less
operating and capital expenses, and simplified accessibility.
Despite all of these, it is still not well recognised in the general public. The sole explanation
for this is to ensure everyone's safety. When clients store their data in the cloud, it means
that they are handing up control of their data to a third party. This provides the potential for
the attackers to tamper with their data. It's possible that the Cloud Service Provider or
another employee is a threat from within the company. Cloud computing is susceptible to

5|Pag e
 the security issues that are present in the underlying technologies it utilises because of the
diverse variety of technologies it employs. These types of technologies include, but are not
limited to, databases, virtualization, resource scheduling, operating systems (OS),
concurrency control, network management, transaction management, and memory
management. As a consequence of this, guaranteeing the security of sensitive information
is of the utmost importance, which calls for stringent rules in this field. The use of computing
in the cloud is not without its security risks. You may find a list of them down below:
 Breach of Data: Information that is critical or sensitive could be among the data that
is kept on the cloud. It is feasible for the data to be pilfered and exploited maliciously
against the consumers for whom it was intended. The data you have stored in the
cloud presents a significant security risk because it is possible that someone could
access it. The riskiness of the data situation increases in proportion to the extent of
its exposure.
 It is possible that the servers may be taken offline in the event of a natural disaster
or a financial crisis, which will result in the loss of or corruption of data that was
saved in the cloud. If there is no backup, there is a possibility that the data would be
lost forever.
 Misuse of Online Platforms and Services: In this hypothetical situation, hackers
could take advantage of social media platforms to wreak havoc on the infrastructure
of the cloud by interpreting and extracting codes. This can create issues for
companies who run their operations through the cloud.
 When information is considered confidential, no one other than the person for whom
it was meant may view it. This ensures the information's privacy. Encryption is the
method that can be utilised to guarantee that this will occur.
 Cloud providers often have many datacentres located in different parts of the world.
Users will not be able to determine the location of the data storage because of this.
This creates a risk for individuals' privacy because it enables their personal data to
be stored in any nation. The illegal export of data from some countries could result
in complications due to the fact that the data may contain confidential information.

SUGGESTED CRYPTOGRAPHY MODEL:

The majority of companies today rely on cloud services provided by third parties, which
means that cloud security has become an extremely important concern. Criminals that operate
online are always on the lookout for opportunities to steal sensitive data that is stored in the

6|Pag e
cloud and are eager to do so. A multilevel symmetric key and asymmetric key technique that
was devised and implemented in this work is used to encrypt the data before it is uploaded to
a web-based cloud storage service. The encryption of the data is performed on the client side.
When moving information between their own datacenters, many service providers do not
encrypt the data, making it susceptible to theft, loss, eavesdropping, and access by
governments. This also leaves the data open to the risk of intellectual property being stolen.
Before data is even uploaded to a cloud storage service, it is possible to protect it from this
kind of threat with client-side encryption, which is a potential countermeasure. Even though
SSL (Secure Sockets Layer) is used for keeping data secret since it creates an encrypted link
between a web server and browser while data is in transit, data encryption before transmission
adds an additional degree of protection. This can be accomplished by encrypting the data
before it is sent. This method is successful in achieving its primary aim, which is to protect
information while it is being transmitted.
The DES and RSA encryption algorithms are utilised in the proposed method for the delivery
of encrypted and decrypted text data across the network. There are two steps involved in the
process of sending a text file. First, the sender must upload the information to cloud storage,
where it will be encrypted using DES and RSA. The second step is for the recipient to decrypt
the file after they have downloaded it from the cloud. The purpose of this section is to provide
an explanation of how the proposed system would operate.
Sender cypher:
1) The sender should first delete the text file from their cloud storage.
2) The second level of encryption is performed using RSA after the initial level of encryption
has been performed using DES.
3) The Cipher Text is stored in the database after being generated from the plain text.

The Deciphering Recipient:

1) The Cipher Text was first read by the receiver from the database.
2) The second step in decryption involves using the DES algorithm after the first step has
been performed using the RSA technique.
3) The unadorned text is made available to the reader.

CONCLUSION:

Even if cloud computing has become the de facto standard for the storing of company data,
security concerns continue to exist. The complexity of cloud computing security challenges

7|Pag e
is brought into focus by this study. A multilevel encryption and decryption cryptographic
technique is introduced in this investigation to provide an additional layer of safety for the
data transfers that take place between a client and a cloud server, as well as those that take
place between a client and a receiver. We make use of the DES and RSA cryptographic
methods so that cloud computing might have a higher level of security. In compared to past
systems that were based on cryptography, this one provides an improvement to the cloud's
data security. Text files will be the primary emphasis of this session, despite the fact that
testing with various file formats is possible. This architecture provides increased data security
in addition to faster text file transfers when compared to the system that is currently in place.

This method, along with the resources provided by artificial intelligence, may one day be
leveraged to make cloud services significantly more secure.

8|Pag e