Design of Secure Storage for Health-care Cloud using Hybrid

Proceedings of the 2nd International Conference on Inventive Communication and Computational Technologies (ICICCT 2018) IEEE Xplore Compliant - Part Number: CFP18BAC-ART; ISBN:978-1-5386-1974-2

Design of Secure Storage for Health-care Cloud using Hybrid Cryptography 1st P.Chinnasamy

2nd P.Deepalakshmi

Research Scholar Department of Computer Science and Engineering Kalasalingam Academy of Research and Education Srivilliputtur, India [email protected]

Professor Department of Computer Science and Engineering Kalasalingam Academy of Research and Education Srivilliputtur, India [email protected]

Abstract—More recently, any technology can’t be stated perfect until it’s totally free of any vulnerability. There are many technologies has grown in day-to-day life that offer online data storage, being able to access the data from anywhere whenever you want and most importantly they provide on the internet use of any software. Cloud computing is a paradigm providing you with data storage and also it possesses different services on lease contract facility. In recent years all the medical data is stored as well as managed in online worldwide. The data can be utilized by medical professional, patients for their understanding, government authorities and insurance companies etc. The medical related data can be protected in the form of Electronic Health Records (EHR) which is available online at any time. It contains data like ray x images, scan images, therapy procedure, medical prescription, patient information. All of this kind of sensitive records facing the problem is where it can be stored securely and who can access as well as view the data. To resolve this, we design a secure cloud storage for healthcare data by using a Hybrid cryptographic technique. Within this, the data are encrypted through symmetric algorithm and keys are encrypted using an asymmetric algorithm. The performance evaluation, as well as security of proposed method, was measured and compared to an existing technique. The results clearly show that our method provides better security than any other hybrid algorithms. Index Terms—Cloud Security, Cloud Computing, Cryptography, Symmetric cryptography, Asymmetric cryptography, Hybrid Technique, Miller- Rabin, Blowfish algorithm.

I. I NTRODUCTION At present, security is the main challenge throughout cloud service applications. In order to meet this challenge, encryption techniques are considered as one of the most efficient strategies for security of data or file in such a way that it is not feasible to decrypt or gain access to data without a decryption key. In encryption techniques, data must be converted into cipher text using encoding methods before transmission from sender to receiver. After reception of data, the original message can be viewed by receiver by applying decoding method. The process of converting input message (P) into secret message (C) with help of key is known as encryption. The key can be either public or private. The process of converting the secret message (C) into the original input message (P) with help of secret key is known as decryption. In case of symmetric key cryptography, same key is used for encipher as

well as decipher and this method is adopted by AES, DES, 3DES, RC4, BLOWFISH algorithms. Another type is publickey cryptography in which separate keys are used for encipher and decipher as followed in RSA, ELGAMMAL algorithms. Nowadays, patient records tend to be transformed to electronic format, saved in centralized data servers by means of electronic health records (EHR), enabling access through web [1]. To ensure the secure storage and access management of EHR, several security requirements must be taken into account, such as, 1) Secure EHR storage The patient information can be stored electronically, on local machine or on shared server like cloud storage [2]. The main challenge here is to provide a secure storage to this sensitive data. 2) Protected access from unauthorized user In general, the medical data may contain confidential or sensitive information. These information must be protected and to avoid accessing from unauthorized channel [2]. 3) Physical and human security Is there any security loss occur by human or physically means it leads to data leakage [1], [2]. Because admin have rights to access the resources and they know how and where all the resources are stored. So in this paper, we present a new hybrid method to avoid false requests by dual encryption of user data by using Blowfish and enhanced RSA algorithms. Blowfish is a 64-bit symmetric block cipher algorithm which has following features compared to other symmetric ciphers. 1) Fast: Blowfish encrypts data very quickly (i.e., 26 clock cycle per byte [3]). 2) Compact: Blowfish needs smaller amount of memory to process (5KB). 3) Secure: Blowfish key size depends on key length. The range of blowfish key is 32-448 bits. The default key size is 128 bit [3]. Enhanced RSA algorithm is used to improve the RSA algorithm’s speed and create the large prime numbers. The large prime number generation is achieved by using MillerRabin [4] test. In this we used Montgomery algorithm [5] to solve the large modular exponential operations.

978-1-5386-1974-2/18/$31.00 ©2018 IEEE

1717


The rest of the paper is organized as follows. We discuss about works related to hybrid cryptographic mechanisms in section II. In section III, we present our proposed algorithm. In section IV, we discuss simulation parameters used to implement our method and in section V, we analyze the results and finally conclude in section VI. II. R ELATED W ORKS To get familiar with hybrid cryptography algorithms, some of the existing hybrid cryptographic algorithm for secure cloud storage are discussed below along with their merits and demerits. Kartit et al. [6] offered a new framework for secure cloud storage with hybrid cryptographic scheme. For data encryption AES was used with key size of 128, 196 or 256 bit keys. For AES key encryption, the authors used RSA 1024 bit key to provide double level security for data as well as keys. The main feature here is through an intruder continuously gets data from a user, he can’t decrypt the original data. For decryption, they need two different keys to be received from different places. Additionally they used a double authentication mechanism to decipher the data followed at cloud storage and also at enterprise server. Bansal et al. [7] proposed a hybrid data encryption mechanism using RSA and Blowfish. In this, they used Field Programmable Gate Array (FPGA) for implementing a cryptographic technique. This method is very effective because of low cost and high security. Still, the main problem is the large size of the key (448 bits). Akomolafe et al. [8] designed a novel framework for data storage using Hybrid cryptographic mechanism. In this, they achieved secure data storage with the help of AES, Blake2b and Schnorr Signature algorithms. For providing better level of security, the personal encryption method is unknown to service provider since encryption of data is done in client side before uploading to cloud. But this method does not support multimedia files such as audio, image, videos. Navdeep singh et al. [9] proposed a framework for encrypting user data before delivering to cloud through a pair of methods. For encryption of user data, AES is used and secret key is encoded using RSA algorithm. The same process is followed for decryption also. The hybrid technique was used to prevent the DoS attacks on the cloud. The only drawback of this framework is the more time taken to complete the entire process compared to other technique. Mirnal Sarkar et al. [10] proposed a framework to ensure the data security on cloud using hybrid encryption scheme. This method also improves the data security in cloud at a cost of high communication overhead. Bouchti et al. [11] proposed a new hybrid architecture based on Cryptographic as a Service (CaaS) to authorize cloud clients for their cryptographic operations and keys. The authors used homomorphic algorithm and RSA for providing security to health care data. The proposed architecture was based on open source open stack platform.

Maitri et al. [12] proposed secure file storage for cloud using hybrid cryptographic technique. For key information integrity, they used LSB steganography to hide encryption key into image header. Peng Yong et al. [13] analyzed several type of cryptographic techniques used in current cloud storage and about performance of cryptographic techniques. They gave a detailed overview of different security issues and how we can build a secure cloud storage with the help of cryptographic methods to construct a secure cloud storage systems. Hossein Rahmani et al. [14] offered a new service model based on XaaS concept for cloud. The authors proposed Encryption as a Service (EaaS) for cloud to decrease the security risk of service provider encryption and to improve the security level in client-side. Liang et al. [15] proposed a hybrid encryption technique for lightweight data in cloud. Here they used AES- RSA for encryption and decryption. To ensure data privacy, they used AES with improved RSA algorithm. It provides security to only lightweight data and can’t be applicable to multimedia data. III. M ETHODOLOGY In this section, we discuss about basic operation of Blowfish and enhanced RSA algorithm and also our proposed hybrid method. A. Blowfish Algorithm Blowfish algorithm [3] is a 16-round, 64-bit block size Feistel network block cipher. This algorithm has two parts with first part to handle key expansion and second part to handle data encryption. The key expansion part is combination of P-array and Sboxes. In this module, they generate a large number of sub keys (4168 bytes). For data encryption part, the 64 bit block data is divided into two halves. It consists of 16 rounds. Each round has key dependent permutation and data dependent substitution. Each operation has XORs and additions on 32 bit word. B. An Enhanced RSA Algorithm In RSA algorithm, modular operation is the core procedure. The reason for lower efficiency and low speed of RSA is that it requires lot of modular exponentiation. So if efficiency of modular operations is improved, performance of RSA also can be improved. The difficulty of modulus operation depends on number of division operations involved which can be reduced by using Montgomery modular multiplication algorithm, one of the fastest algorithms to find the modular multiplication for large numbers. Following pseudo code shows how to calculate X=AB mod N using the Montgomery algorithm where B is represented by binary from, B = [bk−1 ,. . . , b0 ] with the constraint bk−1 =1. For i = k-1 to 0 do Pi = Xi * Xi mod N; If bi = 1 then

978-1-5386-1974-2/18/$31.00 ©2018 IEEE

1718


Xi+1 = Pi * A mod N

2) Client side Download Process:

Else

•

Xi+1 = Pi B=B0 To ensure the security and confidentiality regarding encrypted data, we have to raise the key length of RSA. For this, the only option is to generate the large prime numbers for any growing technologies. Here, the primality testing is based on Miller-Rabin algorithm. The proposed algorithmic steps for generating large prime number are as follows. 1) Initially, we maintain two arrays of prime numbers namely PrimeTblX [A] and PrimeTblY [B]. The element of first table follows the incremental search algorithm. The element of second table contains smaller primes (It starts from 3 but does not include 5, totally 52 prime numbers.) 2) Based on specified bits, randomly a large integer is generated and saved in anyone of the arrays mentioned in step 1. 3) If resulting integer is odd, the random integer is bitwise ORed with integer 1. 4) To check, whether the odd number is actually multiple of 5. 5) If true, then add a prime value form PrimeTblX [A] and then go to step 3. 6) If false, now check whether the large integer is actually divisible by all small primes which is defined in PrimeTblY [B]. 7) If anyone of the prime values divides the considered large integer, then it is not a prime number. Again add prime numbers and go to step 3. 8) If it is not divisible by all primes in PrimeTblY [B], then it could be a prime. 9) For finding large integer, we used Miller-Rabin algorithm. 10) If all iterations run successfully, then the large integer is a prime number. Save this number and stop the process. 11) If any one of the iterations fails, add an element from PrimeTblY [B], reappear to step 3 till the big prime number is produced. C. The Proposed Hybrid Algorithm 1) Client side Upload Process: • • • •

•

The client should specify the path if it’s a file or directly enter the plaintext which is to be encrypted. Based on the key size, the function automatically generates a symmetric key named as Onekey. The Blowfish is used to encipher the plaintext P to get the ciphertext C. The enhanced RSA process is used to encrypt the blowfish secret key and then the encrypted key is saved in a secure place. With the help of internet, the ciphertext C is uploaded and stored in cloud.

• •

The client downloads ciphertext C from Cloud For decryption of ciphertext key, enhanced RSA algorithm is used. Blowfish algorithm decrypts the downloaded cipher text data C to obtain the plaintext P. IV. S IMULATION E XPERIMENTS

A. Simulation and Settings We used predefined java wrapper classes to stimulate the AES, BLOWFISH and Hybrid Algorithm. The wrapper classes are inherited from packages called java.crypto and java.security. These package were used to implement unmanaged operations available in Java Cryptography Architecture and Java Cryptography Extensions.

K EY Algorithms AES BLOWFISH HYBRID

AND

TABLE I B LOCK S IZE S ETTINGS

Key Size (bits) 128 128 128,1024

Block Size (bits) 128 64 No Limit

B. System Parameters The experiments are conducted in IntelR CoreTM i5-4440 CPU @ 3.10GHz processor, 8GB RAM, Windows 10, 64-bit Operating systems. The simulation environment was developed by default settings of Java 1.8. The size of input plaintext data varies from 1MB, 2MB,. . . ,10MB. The experiments will be repeated several times to ensure that results are reliable and effective to check with existing algorithms. V. R ESULTS AND A NALYSIS The performance of AES and Blowfish is compared with proposed hybrid algorithm by varying input data file size in terms of running time for both encryption and decryption process. Here the proposed algorithm consists of two cryptographic techniques. The hybrid technique provides more security than single encryption technique, because hybrid uses two different methods. Here we use Blowfish, an unpatented symmetric key algorithm. Compared to AES, Blowfish provide more security because of large number of keys up to 448 bits. An enhanced RSA algorithm is used to encrypt the blowfish keys. The speed of proposed RSA method is high compared to traditional RSA method. Because here we used two different algorithms to generate large prime number and to solve large modular exponentiation values easily. The encryption and decryption time for different input size data is measured and given in Table II and Table III respectively. It is observed that proposed method has less encryption and decryption time compared to other symmetric technique like AES and Blowfish.

978-1-5386-1974-2/18/$31.00 ©2018 IEEE

1719

Proceedings of the 2nd International Conference on Inventive Communication and Computational Technologies (ICICCT 2018) IEEE Xplore Compliant - Part Number: CFP18BAC-ART; ISBN:978-1-5386-1974-2 TABLE II E NCRYPTION T IME C OMPARISON File Size (MB)

1 3 5 7 9 10

AES

BLOWFISH

HYBRID

Encipher Time(Sec) 0.294 0.311 0.320 0.326 0.340 0.353



TABLE III D ECRYPTION T IME C OMPARISON File Size (MB)

1 3 5 7 9 10

AES

BLOWFISH

HYBRID

Decipher Time (Sec) 0.032 0.047 0.052 0.063 0.078 0.083

Decipher Time(Sec) 0.041 0.055 0.094 0.119 0.140 0.174

Decipher Time(Sec) 0.032 0.047 0.048 0.050 0.064 0.072

VI. C ONCLUSION In general, the RSA algorithm is slow in it’s performance because it’s based on Modular exponentiation operation. So, we extended the performance of RSA using Montgomery modular multiplication algorithm. For storing health-related data in cloud storage, data is encrypted by Blowfish and keys are managed using the enhanced RSA algorithm. This hybrid method offered the benefits like fast encryption, large prime numbers for key generation and efficient key management. The simulation results clearly show that encryption and decryption time of proposed hybrid technique is better than other methods considered for comparison.

[7] V. P. Bansal and S. Singh, ”A hybrid data encryption technique using RSA and Blowfish for cloud computing on FPGAs,” 2015 2nd International Conference on Recent Advances in Engineering Computational Sciences (RAECS), Chandigarh, 2015, pp. 1-5.doi: 10.1109/RAECS.2015.7453367 [8] Oladeji P. Akomolafe and Matthew O. Abodunrin, A Hybrid Cryptographic Model for Data Storage in Mobile Cloud Computing, International Journal of Computer Network and Information Security, 2017, Vol., 6 , pp. 53-60. [9] Navdeep Singh and Pankaj Deep Kaur, A Hybrid Approach for Encrypting Data on Cloud to prevent DoS Attacks, International Journal of Database Theory and Application Vol.8, No.3 (2015), pp.145-154, http://dx.doi.org/10.14257/ijdta.2015.8.3.12 [10] M. K. Sarkar and S. Kumar, ”Ensuring data storage security in cloud computing based on hybrid encryption schemes,” 2016 Fourth International Conference on Parallel, Distributed and Grid Computing (PDGC), Waknaghat, 2016, pp. 320-325. doi: 10.1109/PDGC.2016.7913169 [11] A. E. Bouchti, S. Bahsani and T. Nahhal, ”Encryption as a service for data healthcare cloud security,” 2016 Fifth International Conference on Future Generation Communication Technologies (FGCT), Luton, 2016, pp.48-54. doi: 10.1109/FGCT.2016.7605072 [12] P. V. Maitri and A. Verma, ”Secure file storage in cloud computing using hybrid cryptography algorithm,” 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET), Chennai, 2016, pp.1635-1638. doi: 10.1109/WiSPNET.2016.7566416 [13] Peng Yong, Zhao Wei, Xie Feng, Dai Zhong-hua, Gao Yang, Chen Dongqing, aˆ Secure Cloud Storage based on Cryptographic techniquesˆa, The Journal of China Universities of Posts and Telecommunications,No.19, pp.182-189,2012. [14] Hossein Rahmani, Elankovan Sundararajan, Zulkarnain Md. Ali, Abdullah Mohd Zin, Encryption as a Service (EaaS) as a Solution for Cryptography in Cloud, In Procedia Technology, Volume 11, 2013, Pages 1202-1210, ISSN 2212-0173, https://doi.org/10.1016/j.protcy.2013.12.314 [15] Chengliang Liang, Ning Ye, R. Malekian and Ruchuan Wang, ”The hybrid encryption algorithm of lightweight data in cloud storage,” 2016 2nd International Symposium on Agent, Multi-Agent Systems and Robotics (ISAMSR), Bangi, Malaysia, 2016, pp. 160-166. doi:10.1109/ISAMSR.2016.7810021.

R EFERENCES [1] Chiuchisan, D. G. Balan, O. Geman, I. Chiuchisan and I. Gordin, ”A security approach for health care information systems,” 2017 E-Health and Bioengineering Conference (EHB), Sinaia, 2017, pp. 721-724. doi: 10.1109/EHB.2017.7995525 [2] M. Meingast, T. Roosta and S. Sastry, ”Security and Privacy Issues with Health Care Information Technology,” 2006 International Conference of the IEEE Engineering in Medicine and Biology Society, New York, NY, 2006, pp. 5453-5458.doi: 10.1109/IEMBS.2006.260060 [3] Schenier on Security, https://www.schneier.com/academic/blowfish/ last accessed 31 Oct 2017. [4] Bruce Schneier and Niels Ferguson, ”Practical Cryptography”, Wiley Publication Inc, 2003, https://pdfs.semanticscholar.org/0627/1df8e235c6c5a722fb9 ccd338addfe599983.pdf [5] D.J.Guan,”Montgomery Algorithm for Modular Multiplication”, Aug 2003, guan.cse.nsysu.edu.tw/note/montg.pdf [6] Kartit Z. et al. (2016) Applying Encryption Algorithm for Data Security in Cloud Storage. In: Sabir E., Medromi H., Sadik M. (eds) Advances in Ubiquitous Networking. Lecture Notes in Electrical Engineering, vol 366. Springer, Singapore

978-1-5386-1974-2/18/$31.00 ©2018 IEEE

1720