Data Security in Cloud Computing using Elliptical Curve Cryptography

Transcription

1 Data Security in Cloud Computing using Elliptical Curve Cryptography Mr. Pragnesh G. Patel #1, Mr. S.M.Shah *2 # M.E.C.S.E, Government Engineering College Sector-28, Gandhinagar, Gujarat, India 1 [email protected] * Associate Professor Government Engineering College Sector-28, Gandhinagar, Gujarat, India 2 [email protected] Abstract Cloud computing is a technique used to unite the power of various resources over network in a more efficient and scalable way to the end user. Cloud computing is one of the rapidly growing field of IT among the many business activities of large organization. It provides various resources in the form of services: infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), or software-as-a service (SaaS) as per usage base model. With the advantages, to access the services there is need to share resources and data including crucial information over the network, which lead to the hackers for various security issues. There is a need to provide security to data while they are at data centre or in the network. There are various security threats to the cloud computing and several authentication and encryption methods are available to provide security. In this paper, I have proposed elliptical curve cryptography based encryption and decryption algorithm and implemented the same algorithm in cloud environment and compare it with conventional algorithm. Keywords Cloud Computing, Data Security, Elliptical Curve Cryptography. I. INTRODUCTION This Cloud computing is the next generation evolution in the field of distributed computation. Certainly people can have the whole thing they need on the cloud. Cloud computing is the next expected step in the evolution of on-demand information technology services and products. Cloud computing is internet based computing where software, infrastructure, platform, devices and other resources and hosting to computers are provided as services on a pay-per-asyou-use basis to customers. The idea is to move desktop computing to a service-oriented platform using server clusters and huge databases at datacenters. Cloud computing leverages its low cost and simplicity to both providers and users. Machine virtualization has enabled such cost-effectiveness. Users can access these services available on the internet cloud without having any previous knowledge on managing the resources involved. IT companies with creative ideas for new application services are no longer required to make large capital expenses in the hardware and software infrastructures. By using clouds as the application platform, IT companies are freed from the trivial task of setting up basic hardware and software infrastructures. Thus, they can concentrate more on the core business processes rather than spending time on gaining knowledge on resources needed to manage their business processes. In cloud computing, all or partial data of the users are transferred over the network and/or stored in the cloud using various data centre. So there is a greater risk of various security vulnerabilities of user s data which include their personal data such as bank account detail, credit card number. So we need some mechanism to protect these data not only on the data centre but also over the communication network. II. BASICS OF CLOUD COMPUTING A. What is Cloud Computing? Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) which create cloud. Cloud computing is a disruptive technology that has the potential to enhance collaboration, agility, scaling, and availability, and provides the opportunities for cost reduction through optimized and efficient computing [1]. Cloud computing can also be defined as it is a new service, which are the collection of technologies and a means of supporting the use of large scale Internet services for the remote applications with good quality of service (QoS) levels [2]. B. Types of Cloud Computing In cloud computing, everything is provided in the form of services. There are three basic types of services [3]. 1) Software as a Service (SaaS): It provides capabilities to use various software applications running on a cloud infrastructure. The software applications are accessible throw client interface like web browser. The 479

2 best example of this is Google Docs, which you can use for creating and storing text documents, presentations, spreadsheets etc. It provides high level of security compare to PaaS and IaaS. 2) Platform as a Service (PaaS): It provides capabilities to deploy consumer-created or acquired applications created using programming languages and tools supported by the provider onto the cloud infrastructure. For example, we can create web based application like e-bay on the cloud platform. It provides middle level of security compare to PaaS and IaaS. 3) Infrastructure as a Service (IaaS): It provides capability to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. For example, it provides the infrastructure for hosting the website & pay as per use. It provides various online data storage for storing large data. It provides less level of security compare to SaaS and PaaS. C. Security Issues of Cloud Computing Security is the critical issues of cloud computing paradigm because all the storage of data or processing of data is done outside the user s computer. There is a greater risk of capturing large amount of data of the organization or hacking the confidential data of the enterprise or end user. Top security threats given by Cloud Security Alliance to Cloud Computing are as follow : 1) Abuse and Nefarious Use of Cloud Computing: Abuse and nefarious use of cloud computing is the top threat identified by the CSA. Attackers can penetrate a public cloud and find a way to upload malware to thousands of computers and use the power of the cloud infrastructure to attack other machines. Sharing infrastructure is a way of life for IaaS providers. Unfortunately, the components on which this infrastructure is based were not designed for that. To ensure that customers don't thread on each other's "territory, monitoring and strong compartmentalization is required. 5) Data Loss/Leakage: Be it by deletion without a backup, by loss of the encoding key or by unauthorized access, data is always in danger of being lost or stolen. This is one of the top concerns for businesses, because they not only stand to lose their reputation, but are also obligated by law to keep it safe. 6) Account, Service & Traffic Hijacking: Account service and traffic hijacking is another issue that cloud users need to be aware of. These threats range from man-in-the-middle attacks, to phishing and spam campaigns, to denial-of service attacks. 7) Unknown Risk Profile: Security should always in the upper portion of the priority list. Code updates, security practices, vulnerability profiles, intrusion attempts all things that should always be kept in mind. A. Existing System III. EXISTING AND PROPOSED SYSTEM We consider the use scenario of cloud computing as shown in Figure 1. This model includes the following players: the Data Owner (DO), the Cloud (CLD), a set of Data Consumers. In this model, data owner outsources their data to the cloud and authorizes a group of data consumers to access the data [4]. 2) Insecure Application Programming Interfaces: As software interfaces or APIs are what customers use to interact with cloud services, those must have extremely secure authentication, access control, encryption and activity monitoring mechanisms - especially when third parties start to build on them. 3) Malicious Insiders: The malicious insider threat is one that gains in importance as many providers still don't reveal how they hire people, how they grant them access to assets or how they monitor them. Transparency is, in this case, vital to a secure cloud offering, along with compliance reporting and breach notification. 4) Shared Technology Vulnerabilities: Fig. 1 Problem model [4] As the system assumes a public key setting, where every user (the data owner and the data consumers) has a public/private key pair, there is also an implicit Certificate Authority (CA), who certifies users public keys. More specifically, the data 480

3 owner outsources their data to the cloud for storage and management (by instructing the cloud for updating the database, e.g., add/delete records); the data owner also takes charge of managing authorization of the data consumers to access her data. While data owner store their data at the data centre, there will be a risk of data hacking during communication from data owner s location to the cloud or from the data centre site or physical control over the data centre. Another problem is that data owner has to authorize all the data consumers who access their data which increase the processing overhead to the data owner. So we propose ecc based encryption technique before storing them to the cloud. of ordered pairs (x, y) with coordinates in the field and such that x and y satisfy the relation given by the equation defining the curve, plus an extra point that is said to be at infinity. The set of points on an elliptic curve with coordinates in a finite field also form a group [b1]. B. System Model To provide the security against the above mentioned threats, we proposed elliptical curve cryptography (ECC) based algorithms. It uses the system modes as shown in figure 2. Fig. 3 Elliptical Curve Elliptic curves are mainly defined over two finite fields: 1) Prime field GF(P) 2) Binary field GF(2m) Fig. 2 System model As shown in the figure 2, different virtual machines are available in the cloud. We consider it as a private cloud and all the instances are performing communication with one another and also communicated to central authority virtual machine monitor (VMM). The proposed ECC based algorithm works on the data whenever data will transfer from the data owner to data centre or from data centre to end user or from one data centre to another data centre. C. Elliptical Curve Cryptography An elliptic curve is the set of solutions in an equation form which can be shown as follows: Y2 + axy + by = X3+ cx2 + dx + e... (1) where a, b, c, d, and e are the real numbers. Sometimes the general equation (1) can be referred to as Weierstrass equation. For our purpose, it is sufficient to limit ourselves to equations of the prime field of the form: Y2 mod p = (X3+ ax + b) mod p The Co-efficients a and b and the variables x and y are all elements of Zp. The set of points on the curve is the collection Prime field has the advantage of reusing the hardware resources. Elliptic curve cryptography (ECC) is a public-key cryptosystem. Every user has a public and a private key. Public key is used for encryption/signature verification. Private Key is used for decryption/signature generation. ECC use modular arithmetic or polynomial arithmetic for its operations depending on the field chosen. Elliptic curves are used as an extension to other current cryptosystems [5]. D. Proposed ECC- Based Algorithm The proposed algorithm is based on the elliptical curve cryptography (ECC). The proposed algorithm contains following main steps: alphabetic table, key generation, encryption, and decryption. Each step is described as follows: Alphabetic table generation: 1. Use an appropriate data structure to store the text to be encrypted. 2. Read the table in row major form and find the character stored in that position. 3. Note the row and column values. 4. Assign these values to the same character in all position it appears. Key generation: Each user of the scheme does the following: 481

4 1.Select an elliptic curve E over GF(p) or GF(2m). The number of points on E should be divisible by a large prime n. 2. Select a point on the curve ei = (xi, yi). 3. Select random number g. 4. Calculate ej= (xj,yj) = g * ei. 5. Announce ei,ej as public key and keep g as a private key. Encryption: 1. Select h a number in plaintext P and calculate pair of points on the text as ciphertext. 2. Ci= h * ei Cj = (xpi,ypj) + h * ej (Where plain text Pi = (xpi,ypj) ) 3. Send (Ci,Cj) Decryption: 1. After receiving ciphertext Ci and Cj calculate P(plain text) with the private key g. (xpi,ypj) = Cj - ( g * Ci) [ (-)sign means adding with inverse.] 2. Read the characters from the co-ordinates (xpi,ypj). Fig. 5 Instances of Cloud As we need to generate the Keypairs, Figure 6 displays generated Keypairs of the instances. E. Implementation Detail and Result We have performed the experiment on the intel corei5 processor with 8 GB RAM and created the cloud environment with the operating system Ubuntu and openstack. We create the various instances by logging into the Ubuntu s open stack dashboard and generate instances and its key pair and run our ECC based encryption algorithm. Fig. 6 Keypairs of Instances We have implemented the ECC based algorithm on one of the terminal of the cloud. Figure 7 shows the images of the implementation results of the ECC based algorithm. Fig. 4 Login for Ubuntu OpenStack Cloud is basically collection of various instances. We create instance in the cloud, Figure 5 displays the list of available instance in the cloud. Fig. 7 Implementation results of ECC based algorithm 482

5 F. Comparison of ECC and RSA- Based Algorithm ECC gives same level of security as RSA and ElGamal cryptosystem gives but with smaller key size. In ECC discrete points on the elliptic curve over a finite field are used as a cyclic group. All type of public key cryptography based schemes can get implemented using elliptic curve cryptography. Elliptic curve cryptography gives same level of security as other cryptographic schemes provide but it has not gained same popularity. It is based on group theory and field theory. Its security is based on elliptic curve discrete logarithm problem. Table-1 shows the comparison of ECC key size and equivalent RSA key size. From the table, we can see that the ECC gives same level of security as RSA with smaller key size. With the smaller key size, processing power also less compare to RSA hence ECC is more beneficial for the small device compare to RSA. ECC key Size RSA Key Size Ratio : : : : : :20 Table 1: Equivalent key size recommended by NIST For the comparison of the ECC based algorithm with the other algorithm, we need to perform the simulation by creating the cloud environment and hence we perform the simulation using the cloudsim toolkit and compare the results of the throughput of ECC based algorithm with other algorithms like DES,3DES and RSA and the results shows that throughput of ECC based algorithm is high compare to other algorithm because keysize is less compare to the other algorithm hence processing time is less. IV. CONSLUSION In this paper, we explain the basics of cloud computing with its characteristics and various deployment model of cloud computing and its advantages and disadvantages. We review the various authentication and encryption mechanism that applied for data security in cloud computing. We propose and implemented the ECC based algorithm for the data security in the cloud computing. We can apply any encryption or authentication method for data security, but as from the result comparison, for better performance with smaller size of data, elliptical curve cryptography method is better approach compare to RSA and other approach. In future, we can provide client side tool using elliptical curve cryptography based algorithm form small device because it will be more beneficial for smaller device compare to large device as it consume less power compare to other conventional algorithm. V. REFERENCES [1] Security Guidance for Critical Areas of focus in cloud computing v3.0 Prepared by Cloud Security Alliance, [2] Sales force Customer Relationships Management (CRM) system, [3] Security Guidance for Critical Areas of Focus in Cloud Computing V2.1 Prepared by Cloud Security Alliance December [4] Yanjiang Yang, Youcheng Zhang A Generic Scheme for Secure Data Sharing in Cloud International Conference on Parallel Processing Workshops, IEEE [5] William Stallings, Cryptography and Network Security, Fourth Edition, Pearson Education India, [6] The National Institute of Standards and Technology (NIST), Information Technology Laboratory definition of Cloud Computing by Peter Mell and Tim Grance, version 15, October 7, [7] Megha Gupta, Syed Imtiyaz Hassan Improving scope of Cloud technology under Open Source Tool UNIASCIT, Vol 2 (1), pp , [8] Ubuntu Cloud Server, [9] D. Sravana Kumar, Ch. Suneetha, A. Chandrasekhar Cryptographic Protocols Using Elliptic Curve Over Finite Fields International Journal of Engineering Science and Technology (IJEST), Vol. 4 No.01 January [10] Sunil Sanka, Chittaranjan Hota, Muttukrishnan Rajarajan Secure Data Access in Cloud Computing IEEE /10, [11] Sherif El-etriby, Eman M. Mohamed, Hatem S. Abdul-kader Modern Encryption Techniques for Cloud Computing:Randomness and Performance Testing ICCIT Fig. 8 Throughput comparison of ECC, RSA, DES & 3DES 483