Professional Documents
Culture Documents
Original Article
A R T I C L E I N F O A B S T R A C T
Keywords: The rapid proliferation of cloud computing has necessitated advanced security mechanisms to safeguard sensitive
Cryptography data stored in remote servers. However, this paradigm shift has raised several security concerns, particularly
Cloud Computing safeguarding private information stored on faraway cloud servers. This study proposes a ground-breaking hybrid
Adaptive Key Management
cryptographic framework for the secure data storage requirements of cloud computing. The framework in
corporates time-limited access control, adaptive key management, and two strong encryption methods: RSA and
Advanced Encryption Standard - One Time Password (AES-OTP). AES-OTP and RSA provide symmetric and
asymmetric encryption levels to improve data confidentiality and integrity. With the introduction of an intel
ligent framework for key creation, distribution, and rotation through the adaptive key management component,
the security of cryptographic operations is gradually increased. Additionally, time-limited access control helps to
protect data privacy by imposing rigorous temporal constraints on data access and reducing security flaws. The
effectiveness of the suggested framework is confirmed by thorough performance assessments, which show
astonishing accuracy, precision, recall, and F1-score values of 99.12%, 98.78%, 98.11%, and 98.56%. This
demonstrates its outstanding skills in protecting private information from unauthorized access and guaranteeing
its secrecy in cloud storage settings.
* Corresponding author.
E-mail addresses: devallashivaramakrishna@gmail.com (D. Shivaramakrishna), mratnajntu@jntuh.ac.in (M. Nagaratna).
https://doi.org/10.1016/j.aej.2023.10.054
Received 12 September 2023; Received in revised form 17 October 2023; Accepted 28 October 2023
Available online 11 November 2023
1110-0168/© 2023 THE AUTHORS. Published by Elsevier BV on behalf of Faculty of Engineering, Alexandria University. This is an open access article under the
CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
D. Shivaramakrishna and M. Nagaratna Alexandria Engineering Journal 84 (2023) 275–284
financial repercussions [8]. The security issues raised by this paradigm It is increasingly important to protect the security of data housed in
change are particularly difficult to address when protecting the confi cloud settings as cloud computing continues to change the technological
dentiality and integrity of sensitive data housed on distant cloud servers landscape [22]. This study introduces a ground-breaking hybrid cryp
[9]. Strong encryption and access control systems are now essential to tographic architecture that, in addition to tackling the complex issues of
combat the changing panorama of online dangers. This study suggests a cloud data security, advances the discipline by fusing several encryption
ground-breaking hybrid cryptographic architecture in response to the techniques with adaptive key management and time-limited access
complex security requirements of data storage in cloud computing set control. The suggested framework helps create a reliable and secure
tings [10]. cloud ecosystem by supporting innovation and growth in cloud
The decentralized nature of cloud computing raises questions about computing technologies.
how secure data is while being sent, processed, and stored. When it The key contributions of the paper are:
comes to offering comprehensive defense against a variety of threats,
including data breaches, insider assaults, and advanced cryptographic • A unique hybrid cryptographic system designed for safe data storage
attacks, traditional encryption techniques sometimes fall short [11]. in cloud computing is presented in the paper. This hybrid approach
Furthermore, it might be difficult to balance data protection and easy combines RSA and AES-OTP, two reliable encryption techniques, to
user access since strict security measures may limit the availability of offer a practical way to protect sensitive data.
data and the user experience. Our suggested framework adopts a hybrid • The suggested structure incorporates numerous security measures to
cryptographic strategy to overcome the drawbacks of traditional provide complete data protection. It caters to cloud storage’s many
encryption techniques [12]. The framework achieves a high level of data security requirements by combining symmetric and asymmetric
confidentiality and defense against various cryptographic attacks by encryption layers, addressing various elements of data confidenti
synergistically combining the strengths of two different encryption ality and integrity.
schemes - the robustness of the AES and the information-theoretic se • The framework offers an adaptive key management system that
curity of the OTP. Combining the effectiveness of AES and the absolute intelligently manages key issuance, distribution, and rotation. As
secrecy of OTP creates a strong barrier against brute-force assaults and threats and needs change, this dynamic method continually
data leaking [13]. strengthens the security of cryptographic operations.
It is clear from looking at the data security environment in the • Time-limited access restriction gives an additional degree of pro
context of cloud computing that the suggested framework offers unique tection and privacy. The system reduces possible risks and unau
features and benefits over current solutions. The scalability and thorized data disclosure by implementing strong time limitations on
affordability of cloud computing have made it a popular platform for data access.
data processing and storage. It also brings along certain security issues, • The framework greatly advances cloud security practices by
including data breaches, unauthorized access, and data loss. The sug including various security components. It is elevated as a possible
gested architecture tackles these issues by adopting modern encryption pillar for data protection in cloud storage settings due to its hybrid
technologies, access control, and frequent security audits. It stands out nature and excellent accuracy.
from many other current systems by emphasizing a multi-layered se
curity strategy, ensuring complete protection by protecting data during The remainder of this article is organized as follows: Section 2 pro
transmission and while it is at rest in the cloud. The framework’s flex vides a summary of related research. Section 3 presents the problem
ibility in responding to changing threats and its capacity for effective statement. The methodology and architecture of the suggested approach
key management stand out as important differentiators. Together, these are explained in Section 4 of the article. The findings and subsequent
lines illustrate the proposed framework’s unique qualities compared to discussion are covered in Section 5. The conclusion is covered in Section
other approaches and provide light on its crucial role in increasing data 6.
security within cloud computing.
The framework includes the hybrid encryption paradigm and the 2. Related Works Cited
RSA encryption algorithm’s asymmetric security [14]. Through this
interface, users and cloud servers may securely exchange keys and One of the most cutting-edge innovations to have expanded the
perform authentication [15]. The framework uses an adaptive key limitations of traditional computing methods is cloud computing [23]. It
management system that dynamically produces, distributes, and rotates has brought about a shift in perspective and expanded the possibilities
cryptographic keys to defend against new threats [16]. This strategy for using, adopting, and acquiring computer assets, including infra
increases the framework’s resistance to attacks that target key vulner structure components, software, and services. The financial advantages,
abilities by ensuring that compromised keys do not jeopardize the se or better primarily drove the initial adopters, are the basic economic
curity of the entire data set [17]. The suggested architecture includes a shift presented by cloud computing in reducing capital investment and
unique time-limited access control method to improve data privacy and converting it to operating expense. Nevertheless, although cloud
reduce the danger of unauthorized data access. By restricting the computing has several built-in benefits, such as better accessibility and
exposure window, users are only given access to data during certain management, certain concerns still impede its development. The con
temporal bounds, strengthening data confidentiality [18]. In situations trol, flexibility, and convenience of cloud computing can contribute to
where data must be accessible by various individuals or apps, this several security concerns. According to the survey done by the Inter
feature is very helpful since it narrows the risk window without sacri national Data Corp., security is thought to be the biggest obstacle out of
ficing the data’s availability [19]. the nine obstacles of computing in the cloud. Protecting an organiza
The contributions of this study go beyond the framework’s parts. tional entity, its finances, and its assets requires an extremely secure
AES, OTP, RSA, adaptive key management, and time-limited access arrangement. This piece details an innovative design that could offer
control are seamlessly included in the proposed hybrid cryptographic higher security in data exporting in a cloud computing setting while
architecture, which builds a robust and dynamic defense mechanism including a wide range of decentralized cloud service companies. This
against various security risks in cloud data storage [20]. Thanks to structure envisions the secure delivery of facts in a multi-cloud context
incorporating several cryptographic algorithms, the framework is and consists of dual encryption and knowledge partitioning algorithms.
resistant to assaults even when new weaknesses are found. The frame Implementing dual encryption and knowledge partitioning algorithms
work’s efficiency and efficacy are demonstrated through experimental may introduce complexity and potential performance overhead,
evaluations and theoretical analysis, emphasizing its potential to boost impacting the effectiveness of data transfer and processing in cloud
users’ trust in using cloud-based services for sensitive data storage [21]. computing environments. This is a possible drawback of the innovative
276
D. Shivaramakrishna and M. Nagaratna Alexandria Engineering Journal 84 (2023) 275–284
design for secure data exporting in a multi-cloud setting that has been instance, a new key generation procedure that utilizes elliptic curve
proposed. cryptography is suggested to produce extremely safe keys. The current
One of the largest security concerns is how to guarantee the accuracy research also suggests a brand-new Id-EAC for limiting cloud accessi
of IoT data leased in clouds, given the increasing appeal of fog-to-cloud- bility to various types of information. A novel binary valuation-based
oriented IoT [24]. Yet, not much work has been done to solve the issue. two-phased encryption and decryption technique is presented to safe
This study offers a custom public monitoring mechanism for keeping guard cloud users’ data in the cloud setting. The method refers to elliptic
information in fog-to-cloud-oriented IoT scenarios that may close this curve cryptography depending on key values. A novel light electronic
gap and meet all essential operational and safety needs. A tag- signature method constructed using modulo functions is also presented
transforming method centered on the bilinear connecting method for to secure the data security in this suggested security architecture. This
converting tags produced by portable sinks to those produced by nodes architecture offers high security of information, availability, and
in the fog in the evidence subsequent generations phase that not only authenticity for customer information. The experimental findings
efficiently safeguards a sense of self-confidentiality yet also lowers demonstrate that the techniques suggested in this security architecture
interaction and processing expenses in the validation phase; addition are more efficient and secure than other present methods. Using elliptic
ally, a zero-knowledge proof system to verify the correctness of IoT data curve cryptography and binary valuation-based two-phase encryption
coming from different generators. It explicitly establishes the approach’s and decryption techniques may require specialized hardware or
safety and assesses its effectiveness via theoretical study and extensive computational resources, which could be a constraint for some cloud
testing. The outcomes show that the method beats the straightforward environments with resource constraints. This is one potential drawback
approach in terms of interaction and computation expenses and energy of the proposed security architecture.
consumption while enabling safe auditing for keeping the information in Considering so many evil users and attackers on the internet, stan
fog-to-cloud-oriented IoT scenarios. Using a zero-knowledge proof sys dard methods of encrypting data utilizing 0 and 1 in a cloud environ
tem for data verification may introduce additional computational ment exacerbate data security difficulties [26]. Apart from information
overhead, affecting overall efficiency and responsiveness in resource- safety, authorization is a big problem in the cloud since it takes a long
constrained fog-to-cloud oriented IoT environments. This is a possible time to gain access to a file or piece of data, slows down the machine,
limitation of the proposed custom public monitoring mechanism. and requires the owner of this information to seek it. This paper makes
This article provides an improved security architecture for protecting an innovative, safe, and quick ACM using genetic computing to address
cloud user information in a cloud environment [25]. The access man all these significant issues. According to the suggested plan, the CSP
agement mechanism, encryption/decryption methods, and electronic maintains a table or list for quick access to information. Utilizing the
signature techniques make up the latest security architecture. In this user’s confidential details, a random key that uses 1024-bit DNA
computation is created in this case, and the identical key is used for data
encrypting. According to theoretical investigation and numerous
experimental findings, the suggested authorization model outperforms
widely recognized current models. One potential disadvantage of the
proposed genetic computing-based approach is that it may introduce
complexity and computational overhead due to using 1024-bit DNA
computation for key generation, potentially impacting system perfor
mance, especially in high-throughput cloud environments.
In network 4.0 contexts, the vast redundancy of data storage and
transmission systems faces problems with low integrity, high expense,
and simple manipulation [27]. By enhancing the decency, tamper-proof,
continuous monitoring, and administration of storage facilities, such
layout encourages the constantly changing storage, quick repair, and
refresh of dispersed information within the data preservation framework
of manufacturing nodes, a secure data backup and recovery method in
the powered by block chain structure will be suggested in the current
piece to cope with these issues. The information within failing nodes is
repaired and stored while maintaining customer confidentiality via a
local regenerating coding method. In other words, many local restore
groups created by vector code may effectively and concurrently repair
numerous distributed information storage nodes when damaged con
tents are discovered to have been stored. The storage framework of
blockchain technology dispersed coding, which relies on the distinctive
chain storage framework, such as the information agreement system and
intelligent contracts, besides quick repairs surrounding local regener
ating codes in the blockchain network, however, additionally reduces
the energy expense in the data retrieval procedure across production
nodes. The suggested approach appears to be intriguing, with solid
safety and immediate performance, as evidenced by experimental
findings that demonstrate it increases the retention of data rate by 8.6 %
while also improving the restoration rate for multimode data by 9 %. It
may not be easily scalable or cost-effective for large-scale networks,
potentially leading to scalability challenges and increased imple
mentation costs.
3. Problem statement
Fig. 1. Proposed Methodology. With its unequaled efficiency and quick spread, cloud computing has
277
D. Shivaramakrishna and M. Nagaratna Alexandria Engineering Journal 84 (2023) 275–284
completely changed how data is stored and retrieved. However, this decipher the original message, even if an attacker manages to intercept
paradigm change has raised several security issues, especially when the cipher text. The integrated technique provides a powerful defense
protecting sensitive data on distant cloud servers. The current encryp against brute force attacks and cryptographic flaws by combining AES-
tion and access control techniques frequently fail to offer complete se OTP’s capability in bulk data encryption with the verifiable security of
curity against the constantly changing cyber threat landscape, including one-time pads.
sophisticated assaults aimed at encryption flaws, unauthorized access, Beginning with modifications to the input information (plaintext)
and data breaches [25]. The major difficulty is designing a secure data and data (key), the AES encrypting procedure creates a 4x4 data matrix.
storage system that successfully protects data confidentiality, integrity, SubBytes, ShiftRows, MixColumns, and AddRoundKey are the four
and availability in cloud environments while balancing strong security modifications executed nine times each in the encrypting AES proced
precautions and easy user access [26]. Providing time-limited access ure. In the eleventh cycle of the procedure, three transformations have
control to data stored in the cloud is essential to improve data privacy. been made—SubBytes, ShiftRows, and AddRoundKey.
Even though access control techniques exist, they sometimes lack the The initial state is replaced with a single cell in the equivalent cells in
specificity needed to impose time restrictions on data access, potentially the S-Box in the SubBytes translation. The S-Box’s actual components
exposing data to the public for longer than necessary. The current study were already specified and are indelible. Every part of the state is sub
aims to create a revolutionary hybrid cryptographic framework that jected to the procedure. Some of the computations made by the SubBytes
combines AES, OTP, and RSA, as well as adaptive key management with input A and an important character after the initial byte include
techniques and time-limited access constraints. The framework aims to converting the decimal number via AddRoundKey into a histogram,
reduce the flaws in access control and encryption methods, offering a matching it with s-box, followed by converting the outcome of s-box
complete answer for safe data storage in cloud computing settings [28]. back into a decimal number.
⎡ ⎤
81 0 0 0
4. Proposed hybrid cryptographic framework ⎢ ⎥
⎢ 0 0 0 0 ⎥
⎢ ⎥
The approach entails creating and using a hybrid cryptographic SubBytes = ⎢ ⎥ (1)
⎢ 0 0 0 0 ⎥
⎣ ⎦
system for safe cloud data storage. The system incorporates RSA and
AES-OTP encryption techniques, adaptive key management, and time- 0 0 0 0
limited access control. Both symmetric and asymmetric encryption In the Shift Rows change, the final line’s byte, which is a line that
levels encrypt data, improving data confidentiality and integrity. contains the states one, two, and three, is shifted in a circle using a
Adaptive key management produces, distributes, and rotates keys on the variety of various shifts. The A03, A13, A23, and A33 series all experi
fly to support cryptographic activities. In-depth performance evalua enced the transition. Except for a row with index 0, which has a shift that
tions are carried out to ensure the framework’s efficiency by assessing equals 0, every line is subject to this one-step forward shift. Since the
accuracy. This multi-layered architecture handles changing problems in initial row is not displaced, computations using the input symbols A and
cloud data security, making it a workable answer for situations one key personality, for instance, remain unchanged.
demanding trustworthy security. The proposed methodology is depicted ⎡ ⎤
in Fig. 1. 81 0 0 0
⎢ ⎥
⎢ 0 0 0 0 ⎥
⎢ ⎥
4.1. Data collection ShiftRows = ⎢ ⎥ (2)
⎢ 0 0 0 0 ⎥
⎣ ⎦
The extensive healthcare dataset created for this study includes a 0 0 0 0
wide range of vital characteristics on patient wellbeing, including
The state is transformed using MixColumns column by column.
complex information about medical histories, diagnoses, treatment
Based on the column, one may identify the change in MixColumns. It
plans, and other important aspects of the healthcare industry. With the
combines one of the rows by matrix d (y) in the resulting matrix. A01,
main objective of strengthening the protection of patient data privacy
A11, A21, and A31 are the columns resulting from the MixColumns
and security, this priceless dataset acts as the cornerstone for a thorough
operation. When calculating MixColumns, the decimal value is trans
investigation into the possible uses of cryptographic techniques inside
formed to binary, which is checked to see if the binary integer has 8 bits.
healthcare systems. By carefully examining this information, researchers
Then, it performs three left shifts (Shift Left), combining the outcomes of
can evaluate the effectiveness of cryptographic techniques, such as but
every change at the XOR. The most recent XOR result is decimated.
not limited to AES, RSA, and ECC, in preventing unauthorized access and
⎡ ⎤
potential breaches. Additionally, this dataset provides a real-world 205 0 0 0
setting for the thorough assessment of how various cryptographic al ⎢
⎢ 0
⎥
0 0 0 ⎥
gorithms affect the safe transmission of healthcare data, making a sub MixColumns = ⎢
⎢ ⎥
⎥ (3)
stantial contribution to creating compliant and secure healthcare ⎢ 0
⎣ 0 0 0 ⎥
⎦
information systems [29]. 0 0 0 0
4.2. Integration of AES-OTP and RSA for secure key exchange and data Round keys are included in the state via the XOR function in the
encryption AddRoundKey transition. If the location of the operation AddRoundKey
with the key k2, 2 is supplied, then the result is b2, 2.
Information systems may provide safe key exchange and data ⎡ ⎤
112 0 0 0
encryption through AES-OTP and RSA cryptographic algorithms. This ⎢ ⎥
⎢ 0 0 0 0 ⎥
integration uses the advantages of both AES-OTP and RSA to solve the ⎢ ⎥
AddRoundKey = ⎢ ⎥ (4)
issues of secrecy, integrity, and authenticity in secure communication. ⎢ 0 0 0 0 ⎥
⎣ ⎦
Symmetric encryption algorithms like AES-OTP are well known for their
0 0 0 0
effectiveness in encrypting massive volumes of data. It uses a single
secret key for both encryption and decryption. On the other hand, AES- The OTP method belongs to the class of algorithms with symmetric
OTP is linked with the idea of a one-time pad to increase security, keys, which implies that an identical key is employed to encrypt and
providing a genuinely random and one-of-a-kind key for each encryp decrypt data. These methods employ the exclusive- or among each bit of
tion occurrence. With the right one-time pad, it is virtually difficult to
278
D. Shivaramakrishna and M. Nagaratna Alexandria Engineering Journal 84 (2023) 275–284
plaintext and key bits in the data stream cipher as part of the encrypting big prime numbers to get a product, it is extremely difficult and time-
procedure. A step up from the cryptographic Caesar is the TP approach. consuming to identify the prime components of the product, especially
OTP with a key that is the same length as the plaintext. Knowing the as the numbers get larger.
keywords utilized constitutes a single approach to deciphering the The first step is to select p and q, two enormous prime numbers. The
encrypted communication. Although OTP encryption and Caesar are modulus for both the public and private keys is their product, n (n = p *
used for encryption, OTP encryption uses a key length identical to the q). Calculating the public and private exponents helps in estimating the
plaintext. Therefore, every word in the plaintext will have a distinct totient of n. The public exponent plus the modulus n make up the public
shift. key. It is used to encrypt data and is freely supplied. The private expo
Although OTP encrypting employs exclusive logic, which is nent plus the modulus n make up the private key. It is used to create
straightforward and easy to comprehend, it operates extremely simply. digital signatures and to decode material that has been encrypted using
Even if some cryptographic techniques are more sophisticated than the public key, but it must be kept secret.
others, OTP may compete in terms of security. Given that the encrypting The recipient uses the sender’s public key to encrypt a message
algorithm is C = P XOR K. P = C XOR K is the formulation, though. C (plaintext) and convert it into ciphertext. Due to the difficulty of
stands for chipper text, P for plaintext, and K for the encryption key factoring the product of two big prime integers, the ciphertext is
employed. A solid understanding of the logic of mathematics is also computationally secure. The receiver uses their private key to decrypt
necessary for this procedure, namely the Meng-XOR input with an the ciphertext and recover the original message. Digital signatures,
additional opcode. The definition of exclusive disjunction states that which provide the validity and integrity of digital messages, are also
whenever both inputs are identical, the resultant value is F (false), yet T made using RSA. Using their private key, the sender encrypts a hash of
(true) is produced if each input is distinct. the message. The receiver may then confirm the message’s validity using
The XOR operation is frequently one of the building blocks needed to the sender’s public key to decrypt the hash.
create more complicated ciphers. Nevertheless, frequency analysis may The combination of RSA and AES-OTP uses a multi-layered encryp
be used to quickly decipher ciphers created by a repeatedly used key. tion strategy. In the beginning, RSA is used to provide a secure channel
The strength of this technique is that it is simple to use and does not need for key exchange between interacting parties. This makes it possible to
the technologically costly XOR operator. The XOR cipher is frequently securely transmit a shared secret key, which is then used with a one-time
utilized and equipped with an extra security method to conceal data pad produced randomly to encrypt data using AES. Using the combined
from the instance. Although theoretically possible, the Vernam cipher key, the AES-OTP method encrypts the real data to secure the further
can’t be cracked if the key is created along with the data, non-recurring, transmission of the information. This two-layered strategy reduces the
and bit-by-bit randomized. dangers brought on by potential flaws in a single encryption method
A computerized data safety mechanism has been designed to align while simultaneously securing communication against eavesdropping
with recognized protocols. The algorithm operates whenever the pro and key interception [30].
gram is launched, the consumer enters input together with the key, and a
variable determined by bits of plain and encrypted text is created. The
key is then saved in a collection with a 16-byte size. After the procedure 4.3. Adaptive key management mechanism for Generating, Distributing,
is finished, the plaintext and key strings are translated into bytes, and and rotating cryptographic keys
the computer initializes the plaintext, resulting in a matrix with the
values Mb, Mk, and Mr, wherein b is the total amount of bits, Mk is the Fulfilling any cryptographic framework significantly depends on the
numbers of keys, and Mr is the round number. The algorithm then cal safety of the cryptographic keys used for encryption and decryption
culates the number of Mb, Mk, and Mr cycles after the resultant matrix. operations. A strong adaptive key management system is essential in our
The algorithm then initializes the cipher and expands the key into var proposed hybrid cryptographic architecture for safe data storage in
iable substitutes. Then, the first-speed AddRoundKey started, followed cloud computing to guarantee the ongoing defense of sensitive data
by rounds. against changing threats. The method for adaptive key management,
The algorithm then expands the key and initializes the cipher using which includes key production, distribution, and rotation schemes, is
replacement variables. Then AddRoundKey starts as a rapid turnover. elaborated on in this section [31].
The encrypting key’s contents are then transformed into an encrypted
string. The system then executes the shifted matrix InvShiftRows con 4.4. Key generation
dition in operation at large. Continue with InvSubBytes to replace a
single cell in the S-Box (matrix condition)-corresponding to the cell A secure key generation procedure is the first step in the adaptive key
state, then go on to InvRounds. The four changes in InvRounds are management method. Randomness is crucial to the strength of a key;
AddRoundKey, InvMixColumns, InvShiftRows, and InvSubBytes. hence, strong and unpredictable cryptographic keys are generated using
InvRounds itself repeats nine times throughout. AddRoundKey comes cryptographically safe Random Number Generators. The keys created to
last since it is the final encryption attempt, and the file has been fully fend off brute-force attacks are suitably large and complicated. The
decrypted. method is intended to produce keys with high entropy, lowering the
Secure key exchange and digital signatures are areas where the possibility of predictability [32].
asymmetric encryption technique RSA shines. Its basis is the computa
tional impossibility for unauthorized parties to derive the private key
from the public key due to the mathematical difficulty of factoring huge 4.5. Key distribution
prime integers. RSA is the best option when two parties want to establish
a secure communication channel and exchange encrypted session keys Data security is maintained at a delicate stage during the distribution
using their own public and private key pairs. The combined approach of cryptographic keys. The key distribution procedure in the suggested
assures that even if an attacker intercepts the transferred keys, they system involves the user and the cloud provider. The RSA encryption
remain cryptographically safe by including RSA’s secure key exchange technique makes the safe key exchange between these parties possible.
capabilities in the procedure. The AES key is encrypted using the cloud provider’s public RSA key,
The public key and the private key are used in RSA. The private key is making sure that only the cloud provider with the private RSA key has
kept secret and is used for decryption and digital signatures; the public access to the real AES key. This method prevents eavesdropping and
key is used for encryption and can be shared publicly. The security of the unauthorized access to sensitive keys throughout the key exchange
technique depends on the fact that while it is simple to multiply two very procedure by adding an additional layer of protection [33].
279
D. Shivaramakrishna and M. Nagaratna Alexandria Engineering Journal 84 (2023) 275–284
280
D. Shivaramakrishna and M. Nagaratna Alexandria Engineering Journal 84 (2023) 275–284
Encrypted data is converted back into its original, readable form during
decryption, which is the opposite of encryption. The time required for all
decryption operations is added together, and the average time is
calculated by dividing by the total number of operations. The effec
tiveness and performance of decryption algorithms and protocols must
be assessed using this criterion. Similar to encryption, real-time appli
cations where data has to be quickly accessible after safe transmission
favors speedier decryption times.
The RSA decryption of an AES key and the AES decryption are shown
in Fig. 3, along with a comparison study. The x-axis represents the
decryption procedures under evaluation, and the average time required
for each operation is shown on the y-axis in seconds. The graph shows
that the RSA decryption of an AES key operation takes much longer on
average than AES decryption. This gap can be linked to the intrinsic
complexity of RSA decryption, which calls for sophisticated mathe
matical procedures and bigger key sizes, resulting in more time-
consuming calculations. AES decryption, in contrast, utilizes a sym
Fig. 3. Average Time for Decryption Operations. metric key and is considerably quicker. Users may make well-informed
selections based on the desired balance between security and opera
determined by adding up the times required for various cryptographic tional efficiency thanks to this visual representation’s effective high
processes and then dividing by the overall number of operations. lighting of the performance trade-off between these decryption
Fig. 2 shows how rapidly three cryptographic operations can be techniques.
completed—AES encryption, OTP production and derivative, and RSA
encryption. The y-axis shows the time in seconds required for each
5.3. Comparison of data sizes
cryptographic operation, while the x-axis depicts the various crypto
graphic processes. AES encryption processes’ nearly constant time
Examining and evaluating the relative sizes or magnitudes of various
consumption points to their constant computational complexity. OTP
data sets are called comparisons of data sizes. Analyzing the volume,
generation exhibits a somewhat varying trend, suggesting that the time
size, or capacity of data items or datasets is necessary for this compar
needed for these procedures may change depending on certain circum
ison to comprehend the distinctions, parallels, and consequences. Un
stances or input data. It’s interesting to note that RSA encryption takes
derstanding the size of data is crucial for decision-making, resource
much longer as operations continue, reflecting that it requires more
allocation, optimization, and general data handling methods. It is a key
natural processing, especially for bigger key sizes. The graph demon
practice in many domains, including computer science, data analysis,
strates the trade-off between security and performance, with RSA op
and information management. Making educated decisions about data
erations taking longer than AES and OTP processes while being more
management, processing power, and system architecture is easier by
resilient. Finally, based on the unique needs of speed and security, this
comparing data sizes, often using quantifiable metrics like file sizes,
visual depiction helps select appropriate approaches by providing
memory consumption, or data storage needs.
valuable insight into the performance characteristics of certain crypto
A thorough overview of the Comparison of Data Sizes across
graphic processes.
Different Cryptographic Elements is provided in Fig. 4. Original data,
encrypted data, encrypted keys, digital signatures, and overhead are all
5.2. Average time for decryption operations shown on the y-axis, while the size in bytes is shown on the x-axis. The
effect of cryptographic operations on data size is seen in the graph.
The average time needed to carry out decryption operations inside a Because the encryption process adds extra bits to ensure security, the
cryptographic system is the average time for decryption operations. encrypted data and key are bigger than the original data. Increased data
281
D. Shivaramakrishna and M. Nagaratna Alexandria Engineering Journal 84 (2023) 275–284
Table 1 Table 2
Comparison OF Performance METRICS. Comparison of Error Metrics with Existing Approaches.
Methods Accuracy Precision Recall F1-Score Methods MSE MAE
Performance Metrics
100
98
Percentage (%)
96
94
92
90
Accuracy Precision Recall F1-Score
282
D. Shivaramakrishna and M. Nagaratna Alexandria Engineering Journal 84 (2023) 275–284
2.5
2
Rate
1.5
0.5
0
Blowfish ECC SHA AES-OTP-RSA
MSE MAE
efficiency in data security. The greatest MSE and MAE values are dis combination of access controls and cryptographic algorithms that
played by blowfish, showing that it performs comparatively worse at strengthen data protection, this research substantially contributes to
maintaining data integrity and secrecy. ECC and SHA are in the middle, cloud security. Thorough performance evaluations that demonstrate
with ECC doing slightly better than SHA. This information indicates that exceptional accuracy, precision, recall, and F1-score values of 99.12 %,
the hybrid AES-OTP-RSA technique is a viable cryptographic strategy for 98.78 %, 98.11 %, and 98.56 % attest to the success of the proposed
obtaining high levels of security and data protection, necessitating framework. Integrating several encryption techniques may result in
additional research and future implementation in pertinent applications. performance overhead, and effective key management strategies are
However, while choosing the most appropriate cryptographic technique required to ensure security, two constraints of this unique hybrid
for a particular use case, it’s vital to consider aspects beyond MSE and cryptographic architecture for safe data storage in cloud computing.
MAE, such as processing complexity and practical implementation is Future work should optimize the framework’s computing efficiency,
sues. It is shown in Fig. 6. investigate its scalability for large-scale cloud settings, and strengthen
the adaptive key management procedures to provide smooth, safe, and
6. Discussion long-lasting data storage solutions. Additionally, to strengthen data se
curity in dynamic cloud computing environments further, research may
The findings show the effectiveness of several cryptographic tech focus on expanding time-limited access control capabilities.
niques in terms of precision, recall, accuracy, and F1-score. While ECC
has great accuracy and recall, Blowfish shows strong accuracy and F1-
Declaration of Competing Interest
score. With SHA, precision and accuracy are balanced. Notably, the
AES-OTP-RSA combination approach performs exceptionally well across
The authors declare that they have no known competing financial
all measures, demonstrating its greater effectiveness in safe key ex
interests or personal relationships that could have appeared to influence
change and data encryption. These findings highlight the significance of
the work reported in this paper.
considering various metrics when choosing a cryptographic strategy,
with AES-OTP-RSA appearing as a strong choice for establishing a
thorough balance between accuracy, precision, recall, and F1-score in References
secure communication and information protection.
[1] Department of Information Technology, KLN College of Engineering, Madurai,
India, G. Ramesh, J. Logeshwaran, Department of ECE, Sri Eshwar College of
7. Conclusion Engineering, Coimbatore, India, V. Aravindarajan, and Department of Information
Technology, KLN College of Engineering, Madurai, India, “A Secured Database
Monitoring Method to Improve Data Backup and Recovery Operations in Cloud
The paper offers a ground-breaking hybrid cryptographic architec Computing,” BIJCS, vol. 2, no. 1, pp. 1–7, 2023, doi: 10.54646/bijcs.019.
ture that solves the major difficulties of cloud computing’s safe data [2] “Secure Machine Learning Scenario from Big Data in Cloud Computing via Internet
storage. The framework provides a complete solution to improve data of Things Network | SpringerLink.” Accessed: Aug. 27, 2023. [Online]. Available:
https://link.springer.com/chapter/10.1007/978-3-030-22277-2_21.
security, confidentiality, and access control methods by combining AES- [3] S. Shakya, An efficient security framework for data migration in a cloud computing
OTP and RSA with adaptive key management and time-limited access environment, JAICN 01 (01) (2019) 45–53, https://doi.org/10.36548/
control. AES-OTP and RSA offer a strong two-layer defense against jaicn.2019.1.006.
[4] Z. Wang, N. Wang, X. Su, S. Ge, An empirical study on business analytics
possible assaults by utilizing each other’s advantages in symmetric and
affordances enhancing the management of cloud computing data security, Int. J.
asymmetric encryption. With the addition of adaptive key management, Inf. Manag. 50 (2020) 387–394, https://doi.org/10.1016/j.ijinfomgt.2019.09.002.
key creation, distribution, and rotation are approached intelligently, [5] H. Qiu, M. Qiu, M. Liu, G. Memmi, Secure Health Data Sharing for Medical Cyber-
Physical Systems for the Healthcare 4.0, IEEE J. Biomed. Health Inform. 24 (9)
improving the security of cryptographic operations over time. Time-
(2020) 2499–2505, https://doi.org/10.1109/JBHI.2020.2973467.
limited access control can also improve data privacy by imposing [6] P. Wei, D. Wang, Y. Zhao, S.K.S. Tyagi, N. Kumar, Blockchain data-based cloud
rigorous time restrictions on data access and reducing the window of data integrity protection mechanism, Futur. Gener. Comput. Syst. 102 (2020)
vulnerability. The framework’s success in terms of security criteria 902–911, https://doi.org/10.1016/j.future.2019.09.028.
[7] G.S. Aujla, A. Singh, M. Singh, S. Sharma, N. Kumar, K.-K.-R. Choo, BloCkEd:
including encryption strength, authentication, and authorization cor blockchain-based secure data processing framework in edge envisioned V2X
rectness, is highlighted by its performance rating. With its novel environment, IEEE Trans. Veh. Technol. 69 (6) (2020) 5850–5863, https://doi.
org/10.1109/TVT.2020.2972278.
283
D. Shivaramakrishna and M. Nagaratna Alexandria Engineering Journal 84 (2023) 275–284
[8] C. Feng, et al., Efficient and secure data sharing for 5G flying drones: A blockchain- [23] B. Seth, S. Dalal, V. Jaglan, D.-N. Le, S. Mohan, G. Srivastava, Integrating
enabled approach, IEEE Netw. 35 (1) (2021) 130–137, https://doi.org/10.1109/ encryption techniques for secure data storage in the cloud, Trans. Emerg.
MNET.011.2000223. Telecommun. Technol. 33 (4) (2022) e4108.
[9] “Sustainability | Free Full-Text | A Secure Data Sharing Platform Using Blockchain [24] H. Tian, F. Nan, C.-C. Chang, Y. Huang, J. Lu, Y. Du, Privacy-preserving public
and Interplanetary File System.” Accessed: Aug. 27, 2023. [Online]. Available: htt auditing for secure data storage in fog-to-cloud computing, J. Netw. Comput. Appl.
ps://www.mdpi.com/2071-1050/11/24/7054. 127 (Feb. 2019) 59–69, https://doi.org/10.1016/j.jnca.2018.12.004.
[10] “Enhancing the security of cloud data using hybrid encryption algorithm | [25] B. Prabhu Kavin, S. Ganapathy, U. Kanimozhi, A. Kannan, An Enhanced Security
SpringerLink.” Accessed: Aug. 27, 2023. [Online]. Available: https://link.springer. Framework for Secured Data Storage and Communications in Cloud Using ECC,
com/article/10.1007/s12652-019-01403-1. Access Control and LDSA, Wirel. Pers. Commun. 115 (2) (Nov. 2020) 1107–1135,
[11] J. Li, N. Chen, Y. Zhang, Extended file hierarchy access control scheme with https://doi.org/10.1007/s11277-020-07613-7.
attribute-based encryption in cloud computing, IEEE Trans. Emerg. Top. Comput. 9 [26] S. Namasudra, Fast and Secure Data Accessing by Using DNA Computing for the
(2) (2021) 983–993, https://doi.org/10.1109/TETC.2019.2904637. Cloud Environment, IEEE Trans. Serv. Comput. 15 (4) (Jul. 2022) 2289–2300,
[12] Y. Ren, et al., Secure data storage based on blockchain and coding in edge https://doi.org/10.1109/TSC.2020.3046471.
computing, Math. Biosci. Eng. 16 (4) (2019) 1874–1892, https://doi.org/10.3934/ [27] W. Liang, Y. Fan, K.-C. Li, D. Zhang, J.-L. Gaudiot, Secure Data Storage and
mbe.2019091. Recovery in Industrial Blockchain Network Environments, IEEE Trans. Ind. Inf. 16
[13] “Integration of Healthcare 4.0 and blockchain into secure cloud-based electronic (10) (Oct. 2020) 6543–6552, https://doi.org/10.1109/TII.2020.2966069.
health records systems | SpringerLink.” Accessed: Aug. 27, 2023. [Online]. [28] H. Hui, C. Zhou, S. Xu, F. Lin, A novel secure data transmission scheme in industrial
Available: https://link.springer.com/article/10.1007/s13204-021-02164-0. internet of things, China Commun. 17 (1) (Jan. 2020) 73–88, https://doi.org/
[14] Y. Fan, X. Lin, G. Tan, Y. Zhang, W. Dong, J. Lei, One secure data integrity 10.23919/JCC.2020.01.006.
verification scheme for cloud storage, Futur. Gener. Comput. Syst. 96 (Jul. 2019) [29] S. Armoogum and P. Khonje, “Healthcare Data Storage Options Using Cloud,” in
376–385, https://doi.org/10.1016/j.future.2019.01.054. The Fusion of Internet of Things, Artificial Intelligence, and Cloud Computing in
[15] J.-S. Fu, Y. Liu, H.-C. Chao, B.K. Bhargava, Z.-J. Zhang, Secure Data Storage and Health Care, P. Siarry, M. A. Jabbar, R. Aluvalu, A. Abraham, and A. Madureira,
Searching for Industrial IoT by Integrating Fog Computing and Cloud Computing, Eds., in Internet of Things. , Cham: Springer International Publishing, 2021, pp.
IEEE Trans. Ind. Inf. 14 (10) (Oct. 2018) 4519–4528, https://doi.org/10.1109/ 25–46. doi: 10.1007/978-3-030-75220-0_2.
TII.2018.2793350. [30] K.C. Ravikumar, N. Pandi Chiranjeevi, M. Devarajan, C. Kaur, A.I. Taloba,
[16] V. S. Babu, “An Efficient and Secure Data Storage Operations in Mobile Cloud Challenges in internet of things towards the security using deep learning
Computing”. techniques, Measurement: Sensors 24 (2022), 100473.
[17] Visvesvaraya Technological University, C. Arulanandu, S. Murthy, Dayananda [31] Adel A. Sewisy, M.H. Marghny, Rasha M. Abd ElAziz, Ahmed I. Taloba, Fast
Sagar College of Engineering, G. Nagraj, and New Horizon College of Engineering, efficient clustering algorithm for balanced data, International Journal of Advanced
“Cloud Based RDF Security: A Secured Data Model for Cloud Computing,” IJIES, Computer Science and Applications(IJACSA) 5 (6) (2014), https://doi.org/
vol. 11, no. 1, pp. 83–93, Feb. 2018, doi: 10.22266/ijies2018.0228.09. 10.14569/IJACSA.2014.050619.
[18] Sreeja Cherillath Sukumaran, Misbahuddin Mohammed, “DNA Cryptography for [32] A. El-Aziz, M. Rasha, A.I. Taloba, F.H.A. Alghamdi, Quantum computing
Secure Data Storage in Cloud”, International Journal of Netw. Secur. 20 (3) (May optimization technique for IoT platform using modified deep residual approach,
2018) https://doi.org/10.6633/IJNS.201805.20(3).06. Alex. Eng. J. 61 (12) (2022) 12497–12509.
[19] P. Brandão, “The Importance of Authentication and Encryption in Cloud [33] A. Abozeid, R. Alanazi, A. Elhadad, A.I. Taloba, A. El-Aziz, M. Rasha, A large-scale
Computing Framework Security,” Apr. 2018, doi: 10.11648/j.ijdst.20180401.11. dataset and deep learning model for detecting and counting olive trees in satellite
[20] “RETRACTED ARTICLE: IoT based home monitoring system with secure data imagery, Comput. Intell. Neurosci. 2022 (2022).
storage by Keccak–Chaotic sequence in cloud server | SpringerLink.” Accessed: [34] M. Alruily, O.R. Shahin, H. Al-Mahdi, A.I. Taloba, Asymmetric DNA encryption and
Aug. 27, 2023. [Online]. Available: https://link.springer.com/article/10.1007/s12 decryption technique for Arabic plaintext, J. Ambient Intell. Hum. Comput. (2021)
652-020-02424-x. 1–17.
[21] “Secure Data Encryption Based on Quantum Walks for 5G Internet of Things [35] M. Abd El-Aziz, R.A. Rasha, O.R. Shahin, A. Elhadad, A. Abozeid, A.I. Taloba,
Scenario | IEEE Journals & Magazine | IEEE Xplore.” Accessed: Aug. 27, 2023. R. Alshalabi, An effective data science technique for IoT-Assisted healthcare
[Online]. Available: https://ieeexplore.ieee.org/abstract/document/8972594. monitoring system with a rapid adoption of cloud computing, Comput. Intell.
[22] “Secure Data Query Framework for Cloud and Fog Computing | IEEE Journals & Neurosci. 2022 (2022).
Magazine | IEEE Xplore.” Accessed: Aug. 27, 2023. [Online]. Available: http
s://ieeexplore.ieee.org/abstract/document/8840968.
284