Cloud Computing Security and Homomorphic ...

Cloud Computing Security and Homomorphic Encryption Garima Rastogi* and Rama Sushil**

Cloud computing is a technology that is growing in popularity as it reduces the investment burden for infrastructure, software, hardware or any kind of resource in an organization. However, one of the biggest issues in implementing cloud remains data security. To ensure security, there are lots of traditional encryption algorithms such as play fair cipher and DES, but these algorithms are only used to encrypt plain text into cipher text in communication. For processing on cloud, it requires to convert cipher text into plain text which can become an easy target for hackers. This issue can be overcome with a popular algorithm, namely, homomorphic encryption. It is a technique which ensures secure transmission and secure processing of data on cloud without compromising privacy. In this paper, we have discussed the concept and significance of homomorphic encryption through examples. By using a case, the RSA algorithm is done and the practical use of partial homomorphic encryption technique is demonstrated. Also, the performance of RSA partial homomorphic encryption algorithm is compared with that of Paillier algorithm in terms of encryption and decryption time. Keywords : Cloud computing, Cipher text, Encrypt, Homomorphic encryption, Hackers, Partial homomorphic encryption

Introduction Cloud computing is basically a mass of resources that can be accessed by paying money. It reduces the investment burden for infrastructure, software, hardware or any kind of resource in an organization which is generally the biggest issue for an organization for adopting or implementing any setup. Cloud provides anything as a service (XaaS), where anything means a kind of resource such as hardware, platform and software. Rastogi and Sushil (2015) mentioned various issues while implementing the cloud and found that 74% of IT companies have taken security and privacy as the biggest issue or challenge that prevents them from adopting cloud computing. Gleeson (2009) mentioned that security is required to provide CIA (Confidentiality, Integrity and Availability) of the resources. The encrypted data on * **

Research Scholar, CSE Department, DIT University, Dehradun, Uttarakhand, India; and is the corresponding author. E-mail: [email protected] Head, IT Department, DIT University, Dehradun, Uttarakhand, India. E-mail: [email protected]

© 48 2015 IUP. All Rights Reserved.

The IUP Journal of Computer Sciences, Vol. IX, No. 3, 2015

the cloud can be stored, but if it is required to perform some operation on data, then it is to be decrypted first. But decrypted data is always prone to attacks. The fact that nothing is in the hands of data owner and everything is done by third party makes security and privacy a top issue in cloud. All the accessing and storing of private or public data is done through remote machines that are not managed by the owner of the data. In short, the data which is managed by cloud server is out of the trusted boundaries of data owner. In a nutshell, maintaining data confidentiality is a big challenge. Technically speaking, data confidentiality is a concern of cryptographers who use methods of cryptography to secure data. Cryptography is a method to convert plain text into cipher text. This technique is generally used to transfer data from one place to another place safely by ensuring that data should only be read by authenticated receiver user or sender. The paper is organized as follows: first, a literature review is made in the field of cloud security; then the paper discusses the homomorphic encryption concept, various examples, types of homomorphic encryption according to literature and usage in real life; next, it discusses RSA and its multiplicative homomorphic encryption property and implementation of algorithm with the help of one case; then, a comparison of encryption and decryption time is made between RSA and Paillier partial homomorphic algorithm and the property list of algorithms of homomorphic encryption is presented; finally, the paper ends with the conclusion.

2. Literature Review Rivest et al. (1978) introduced for the first time the concept of Homomorphic Encryption. Taher (1985) introduced an algorithm based on multiplicative property. Paillier (1999) proposed an algorithm called as Pailler cryptosystem which has additive homomorphic property and there are various applications, there this system can be implemented like e-voting, etc. Chan (2009) works on privacy homomorphism in which we can perform operation on encrypted data. They have given two additive homomorphic schemes: Iterated Hill Ciper and Modified RSA. The various homomorphic encryption schemes proposed by different researchers are presented in Table 1. Shahzadi et al. (2012) has done the detailed study of three homomorphic encryption algorithms, i.e., RSA, El Gamal and Paillier. They have evaluated all three algorithms and shown the comparative study between them. The result shows that RSA performs better than El Gamal and Paillier and El Gamal Performs better than Paillier. Naser and Bin (2013) surveyed on specific security issues and use of cryptography in cloud computing. Carlos et al. (2013) discussed about the recent advances in homomorphic encryption techniques. They have done survey on recent advances in SomeWhat Homomorphic Encryption (SWHE) and Fully Homomorphic Encryption (FHE) algorithms.

Cloud Computing Security and Homomorphic Encryption

49

Table 1: Various Homomorphic Encryption Schemes and Their Properties R es ea rc he r

Name of Algorithm

Pro perty

F lav o r

Rivest et al. (1978) RSA

Multiplicative

Partial Homomorphic

Taher (1985)

El Gamal Cryptosystem

Multiplicative

Partial Homomorphic

Paillier (1999)

Paillier Cryptosystem

Additive

Partial Homomorphic

Chan (2009)

Iterative Hill Cipher

Additive

Partial Homomorphic

Gentry (2009)

Gentry’s Fully Homomorphic Encryption

Both Additive and Fully Homomorphic Multiplicative

Ramgovind et al. (2010) highlighted key security considerations currently faced by industry. Aderemi and Oluwaseyi (2011) discussed about the security issues in cloud computing and the potentials of homomorphic encryption, and proposed an encryption layer on top of the encrypted data on the cloud. Liu (2012) has introduced some cloud computing system and also analyzes cloud computing security problem. He suggested that single security technique cannot be used to solve the cloud security problem therefore, many traditional and some new strategies are required to use together to provide the total security in cloud. Ustimenko and Wroblewska (2013) proposed an idea for homomorphic encryption and multivariate key for cloud security. They have given detailed discussion on Key Dependent Message (KDM) encryption scheme can be used for cloud security.

3. Homomorphic Encryption Generally, all the data stored in the cloud is in encrypted form. Whenever the user requires any processed data, the cloud provider decrypts that data, performs computation on it and then provides the result to the user. Here comes the requirement of security as the hacker can hack the data while processing on cloud. What if the cloud service provider does not decrypt the data while processing? (Fontain and Galand, 2007; and Micciancio and Regev, 2008). This concept is called Homomorphic Encryption. Figure 1 shows the homomorphic encryption on cloud. In other words, homomorphic encryption is a technique that allows the computation on encrypted data without prior decryption, and after operation, if the user decrypts the result, which is in the encrypted form, it gives the original result without knowing the original plaintext (Yang et al., 2014). Let m be a plain text. Operation ( m)  decrypt ( operation (encrypt ( m)))

...(1)

Let R+ and R* be a set of positive real numbers and set of logarithms of this set of real numbers, respectively; on these sets, the addition of real numbers and multiplication of logarithms are homomorphic operations (Hayes et al., 2012). 50


Figure 1: Homomorphic Encryption on Cloud

Source: Tebaa et al. (2012)

Let x, y and z  R  If x.y  z

...(2)

Then log ( x )  log ( y )  log ( z )

...(3)

Or log ( x )  log ( y )  log ( x * y )

...(4)

If we take antilog of the log (z), then we get original z, i.e., result. The above example gives us two ways to find z, i.e., either directly or through logarithms. In both cases, we get the same result. Therefore, instead of performing operation on plain text, it is more secure to perform it on encrypted data. Figure 2 shows that the homomorphic encryption works on integers by taking random algorithm. For encryption, algorithm is using a technique, i.e., number is multiplied by 2. Like 7*2 = 14 and 3*2 = 6 after encryption. Decryption algorithm works in reverse order, i.e., after multiplication of encrypted data, divide it by 2, i.e., (14*6)/2 = 42. Because the algorithm has homomorphic encryption property, after decryption of the result, we get original result of multiplication, i.e., 7*3 = 21. Figure 3 shows the homomorphic encryption works on strings by taking random technique. Cloud Computing Security and Homomorphic Encryption

51

Figure 2: Homomorphic Encryption on Integers

Let Z is set of integers 7

3



=

21 (z)

Encrypt (7) and Encrypt (3) as (7*2 and 3*2)

(14



6)/2

=

42

decrypt (42)

Figure 3: Homomorphic Encryption on Strings

Let  = set of Strings on set Z (A to Z) Plain Text1

=HI

Plain Text2–

FRIENDS Encrypt (FRIENDS) – AUPGIOL

Operation =

Concatenation

Encrypt (HI)

(XY) Concatenate (AUPGIOL) Decrypt (XYAUGIOL)

= XZ

=

(HIFRIENDS)

=

XYAUGIOL

=

(HIFRIENDS)

3.1 Flavor of Homomorphic Encryption There are three types of homomorphic encryption:

•

Partially Homomorphic Encryption (PHE) An encryption technique is called a Partially Homomorphic Encryption (PHE) if it performs single operation on encrypted data, i.e., either addition or multiplication but not both (Ogburn et al., 2013).

•

Somewhat Homomorphic Encryption (SWHE) An encryption technique is called Somewhat Homomorphic (SWHE) if it performs operation on encrypted data but supports limited number of addition and multiplication operations.

52


•

Fully Homomorphic Encryption (FHE) An encryption technique is called Fully Homomorphic (FHE) if it performs both addition and multiplication and can compute any operation (Gentry, 2009).

Schemes which are currently used on cloud systems are generally SWHE or PHE.

3 .2 Some Usage of Homomorphic Encryption in Real Life • Analysis of disease to find out its treatment without disclosing the details of patient.

•

In the corporate sectors, clients and organizations do not want to disclose their confidential information. By using this technique, functions can be computed on data and data itself remain private.

•

It can also be used for the protection of mobile agents by either using computation with encrypted function or computation with encrypted data.

4. RSA and Homomorphic Encryption RSA is an asymmetric encryption algorithm which uses two keys, public and private for encryption and decryption, respectively. RSA was created by Rivest et al. (1978). Till now, it is only used for public and private key generation and encryption before sending data on the network. They have also introduced the concept of homomorphic encryption. Homomorphic encryption has mainly two properties: Additive homomorphic encryption if –

Encrypt ( P1 P 2)  Encrypt ( P1)  Encrypt ( P 2)

...(5)

Multiplicative homomorphic encryption if (Tebaa et al., 2012) –

Encrypt ( P1  P 2)  Encrypt ( P1)  Encrypt ( P 2)

...(6)

4 .1 RSA Algorithm as Multiplication Homomorphic Encryption Begin 1. Select p and q large prime numbers. 2. n = p * q 3. phi (n) = (p – 1) * (q – 1) 4. select e where 1 C=P mod(n) Cloud Computing Security and Homomorphic Encryption

53

8. decryption of Cipher text C => P=C mod(n) 9. RSA follows Homomorphic property as – 10. encrypt (P1) * encrypt (P2) =encrypt(P1 x P2) End

4.2 Case Study to Implement RSA as PHE The results of RSA are showed as partial homomorphic algorithm by taking a case, in which the following information is used: a list of persons, land shape (square or rectangle), and length and breadth of 100 lands. The user has stored encrypted data in the cloud and wishes to calculate the area of land whenever is required. Figure 4 shows the data flow diagram of area calculation on cloud. Figure 4: Area Calculation on Cloud

Person Name-John Land Shape–R Length–2 Breadth–3

Encrypt with public key by user

ac fr x 29 9

John, R, 6

Given to cloud for finding area

Calculation =29*9=261

Area result using encrypted data

Decrypt with private key by user

Acfr, x, 261

Algorithm encodes the data by public key (7, 33) which is stored in cloud. Cloud has calculated area of the land using encrypted data (encrypt (length) * encrypt (breadth)) and the result is returned to the user. The user now receives encrypted (area) and decrypts that by using private key (3,33) eventually receive the original area of land. Figure 5 is the output screen of the algorithm implemented in C language.

5. Performance Analysis of RSA with Paillier Paillier homomorphic encryption scheme is also a partially homomorphic encryption scheme; it follows additive homomorphic property. Basically in this scheme, the product of two cipher texts will decrypt the sum of their plain texts, in comparison to RSA which is a product of two cipher texts decrypt to product of two plain texts (Shahzadi et al., 2012). 54


Figure 5: Output of Algorithm Enter two relatively prime numbers

: 3 11

F(n) phi value = 20 Enter e which is prime number and less than phi Public Key

: {7,33}

Private Key

: {3,33}

:7

Enter the length: 2 Encrypted keyword : 29 Enter the breadth

:3

Encrypted keyword : 9 Enter the cipher text (encrypted area) : 261 Decrypted keyword : 6 Do you wish to continue :_

According to Paillier system, the given cipher texts Ci are valid encryptions of plain texts Pi .

C i  Encrpt ( Pi )  g Pi x in Mod n 2

...(7)

The following properties hold:

C1  g P1 x1n Mod n2

...(8)

C 2  g P 2 x 2n Mod n2

...(9)

C1.C 2  g

p1 p2

( x1 x 2 )n Mod n2

...(10)

The meaning of Equations (7-10) is that the encryption of the addition of two plain texts is exactly the multiplication of the associated cipher texts, where P1 and P2 are plain texts, and C1 and C2 are cipher texts.

5.1 Comparison Parameters Two parameters are considered to compare the performance of the two algorithms: 1. Encryption time: Time taken by the algorithm to produce cipher text from plain text. 2. Decryption Time: Time taken by the algorithm to produce plain text from cipher text. Figure 6(a) shows the encryption time of RSA and Paillier algorithm, where the x-axis represents the size of data and y-axis represents the time taken to encrypt the data by the algorithm. RSA shows better performance in comparison to Paillier algorithm. Cloud Computing Security and Homomorphic Encryption

55

Figure 6: Performance of RSA (a) Encryption Time

(b) Decryption Time

2.5 2.0 1.5

T (RSA)

1.0

T (Paillier)

0.5 0 65 104 123 232 434 Size of Data

Time in Seconds

Time in Seconds

3.0

3.5 3.0 2.5 2.0 1.5 1.0 0.5 0

T (RSA) T (Paillier)

65 104123 232 434 Size of Data

Similarly, Figure 6(b) shows the plot of decryption time and data between these two and again RSA performed better than Paillier algorithm.

Conclusion Cloud computing helps IT organizations to optimize the utilization of resources in a costeffective manner, but it is faced with a large number of challenges. The top challenges due to distributed and broad access nature are data security and privacy or confidentiality. Homomorphic encryption is one of the most important and relevant types of techniques to secure privacy of data in cloud. All types of homomorphic encryption schemes, whether partial, somewhat or fully, allow processing encrypted data, which preserves the confidentiality of data. Although there is no security technique that does not have a drawback, one of the major drawbacks is: if the plain text is already infected or malicious, then the whole process will be done on that, and may be at the end, the original result will not be matched with the decrypted data. In this paper, we have discussed the homomorphic encryption technique, and different schemes, and implemented RSA algorithm as a partial homomorphic encryption algorithm by using a case. We have also reviewed the literature on homomorphic encryption and RSA as partial homomorphic encryption technique and given a comparison of RSA and Paillier algorithm on the basis of encryption and decryption time. In future, we will propose a new scheme for fully homomorphic encryption on cloud. 

References 1. Aderemi A Atayero and Oluwaseyi Feyisetan (2011), “Security Issues in Cloud Computing: The Potentials of Homomorphic Encryption”, Journal of Emerging Trends in Computing and Information Sciences, Vol. 2, No. 10, pp. 546-552.

56


2. Carlos Aguilar Melchor, Simon Fau, Caroline Fontaine et al. (2013), “Recent Advances in Homomorphic Encryption”, IEEE Singal Processing Magazine, March, pp. 108-117. 3. Chan Aldar C F (2009), “Symmetric-Key Homomorphic Encryption for Encrypted Data Processing”, IEEE ICC 2009 Proceedings. 4. Fontain C and Galand F (2007), “A Survey of Homomorphic Encryption for NonSpecialists”, EURASIP Journal on Information Security, pp. 1-15. 5. Gentry C (2009), “Fully Homomorphic Encryption Using Ideal Lattices”, ACM Symposium on Theory of Computing, pp. 169-178. 6. Gleeson E (2009), “Computing Industry Set for a Shocking Change”, MoneyWeek, available at http://www.moneyweek.com/investmentadvice/computing-industrysetfor-a-Shocking-Change, April. 7. Hayes B, Alice and Bob (2012), Cipherspace, American Scientist, Vol. 100, p. 362. 8. Kouichi Sakurai and Takagi Tsuyoshi (2002), “On the Security of a Modified Paillier Public-Key Primitive”, in Information Security and Privacy, Springer Berlin Heidelberg. 9. Liu Wentao (2012), “Research on Cloud Computing Security Problem and Strategy”, Proceedings of IEEE Conference. 10. Micciancio D and Regev O (2008), “Post-Quantum Cryptography”, in Chapter Lattice-based Cryptography, Springer. 11. Naser A W S and Bin Md Fadli (2013), “Use of Cryptography in Cloud Computing”, pp. 179-184, Proceedings of IEEE International Conference on Control System, Malaysia. 12. Ogburn Monique, Turner Claude and Dahal Pushkar (2013), “Homomorphic Encryption”, Proceeding Computer Science, Vol. 20, pp. 502-509. 13. Paillier Pascal (1999), “Public-Key Cryptosystems Based on Composite Degree Residuosity Classes”, in Advances in Cryptology—EUROCRYPT‘99, pp. 223-238, Springer Berlin, Heidelberg. 14. Ramgovind S, Eloff M M and Smith E (2010), “The Management of Security in Cloud Computing”, Proceedings of IEEE Conference. 15. Rastogi Garima and Sushil Rama (2015), “Cloud Computing Implementation: Key Issues and Solution”, Proceedings of IEEE Conference INDIACOM, pp. 173-179. 16. Rivest Ronald L, Adleman Leonard M and Dertouzos Michael (1978), “On Data Banks and Privacy Homomorphism”, Foundations of Secure Computation, Vol. 4, No. 11, pp. 169-180. 17. Shahzadi Farah et al. (2012), “An Experimental Study on Performance Evaluation of Asymmetric Encryption Algorithms”, Recent Advances in Information Science, Proceeding of the 3rd European Conf. of Computer Science, (EECS-12). Cloud Computing Security and Homomorphic Encryption

57

18. Taher El Gamal (1985), “A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms”, in Advances in Cryptology, pp. 10-18, Springer Berlin Heidelberg. 19. Tebaa Maha, El Hajji Saïd and El Ghazi Abdellatif (2012), “Homomorphic Encryption Applied to Cloud Computing Security”, Vol. 1, Proceedings of the World Congress of Engineering, London. 20. Ustimenko V and Wroblewska A (2013), “On Some Algebraic Aspects of Data Security in Cloud Computing”, Proceedings of Applications of Computer Algebra ACA 2013, Malaga, p. 155. 21. Yang Jing, Mingyu Wang and Zhiyin Kong (2014), “Simulation Study Based on Somewhat Homomorphic Encryption”, Journal of Computer and Communications, Vol. 2, No. 2, p. 109.

Reference # 56J-2015-07-04-01

58


Copyright of IUP Journal of Computer Sciences is the property of IUP Publications and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.