Efficient Hybrid MAES Encryption Algorithm for ...

3 downloads 14 Views 406KB Size Report
Efficient Hybrid MAES Encryption Algorithm for Mobile Device. Data Security at ... cloud storage services on resource constraint mobile device, the mobile user needs to ensure ... 2016. Ericsson also forecasts that mobile subscriptions will reach 9 billion by 2017. [1, 2]. ..... AES suits best for cloud applications that requires ...

Journal of Information Technology and Sciences Volume 2 Issue 1

Efficient Hybrid MAES Encryption Algorithm for Mobile Device Data Security at Rest in Cloud Environment Sujithra. M, Padmavathi. G Department of Computer Science, Avinashilingam Institute for Home Science and Higher Education for Women, Coimbatore, India E-mail: [email protected]

Abstract Mobile devices like smart phones and tablets are becoming one of the major information processing devices for users. Due to increasing use of mobile devices, the need of cloud computing in mobile devices arises. Mobile cloud computing refers to an infrastructure where data processing and storage can happen away from mobile device. While using the cloud storage services on resource constraint mobile device, the mobile user needs to ensure the confidentiality of the critical data before uploading and downloading data on the cloud storage. Keeping in view the resource limitation of mobile devices, this paper, introduces a hybrid cryptographic approach for improving the security of outsourced data to cloud. Cryptography application supports symmetric, asymmetric and hashing encryption algorithm to encrypt and decrypt data for uploading and downloading within cloud storage.

Keywords: Mobile, smart phones, tablets, cloud computing, algorithm

INTRODUCTION

subscriptions will reach 9 billion by 2017

Mobile devices have become the most

[1, 2]. However, the mobile devices are

common means of communication around

facing many challenges in their resources

the whole world. Smart phones and tablets

like

have added new dimensions in the field of

bandwidth. To

mobile

limitations, the

estimates

technology.

mobile

research

life,

storage

overcome integration

and these

of

cloud

subscribers

computing with mobile device arises.

worldwide will reach 6.9 billion by the

Mobile cloud computing refers to an

end of 2013 and 8 billion by the end of

infrastructure where data storage and

2016. Ericsson also forecasts that mobile

computation can happen away from

1

that

Portio

battery

Page 1-9 © MAT Journals 2016. All Rights Reserved

Journal of Information Technology and Sciences Volume 2 Issue 1

mobile device. Ensuring the security of

Integrity

stored data in cloud servers is one of the

It means the information provided is

most

authentic, complete and trustworthy. The

challenging

issues

in

such

environments [3, 4].

data over the cloud shall not be changed or altered by any unauthorized user or by any

The proposed encryption based scheme

malicious activities [9, 10].

guarantees the data security in the mobile cloud computing environment. As the

Confidentiality

internet-enabled mobile devices including

Confidentiality

smart phones and tablets continue to grow

accessed only by an authorized person or

it introduces the new security malice.

shared among authorized groups. An

Considering

constraint

authentication method includes credential

limitations on mobile devices, users are

verification that can be applied to protect

interested in moving their mobile data and

data against malicious attack.

the

resource

means

information

is

computations into cloud to reap its significant benefits of on-demand service,

Availability

resource pooling and rapid elasticity [5,

It refers to the availability of the requested

6]. The

proposed

based

on

security

framework

data resource. Data should be available

cryptography

techniques

under authorized operation including read,

provides adequate security for the mobile

write and etc. Since cloud computing is

data stored in cloud. Protecting mobile

utility available on internet, so various

data at rest in cloud is handled through

issues like user privacy, data theft and

encryption methods. Encryption is the

leakage and unauthenticated accesses are

process of encoding data in such a way

raised [11–13].

that only authorized users can decode and use the data which is self-defensive and

ENSURING

enhances data security. According to

SECURITY

NIST’s definition, information security is

ENVIRONMENT

the practice of maintaining the integrity,

The Encryption most commonly used

confidentiality and availability of data

technique to protect data within cloud

from malicious access, system failure and

environment. The data related to a client

etc. [7, 8].

can be categorized as public data and

OUTSOURCED IN

DATA CLOUD

private data. The public data is sharable 2

Page 1-9 © MAT Journals 2016. All Rights Reserved

Journal of Information Technology and Sciences Volume 2 Issue 1

among trusted clients that provide an open

cryptosystem are RSA (Rivest Shamir

environment for collaboration. Private

Adleman)

data is client’s confidential data that must

Cryptosystem). For Digital signature the

be transferred in encrypted form for

representatives are MD5 and SHA1.

and

ECC

(Elliptic

Curve

security and privacy [14, 15]. Encryption is a process in which sender converts data

ALGORITHMS IMPLEMENTED

in form of an un-recognized string or

The cryptographic algorithms used are

cipher text for transmission, so that an

Symmetric key algorithms, Asymmetric

eavesdropper could not know about the

key algorithms and this combination with

data. Decryption is just the reverse of

Message Digest algorithm. Encryption

encryption.

transforms

will make the data more secure on single

sender’s cipher text into a meaningful text

system as well as on the cloud network.

known as plaintext. The proposed method

The algorithms will run on single system

uses the cryptographic algorithms with

as well as on cloud network. The

different key lengths are used in various

combinations of algorithms are AES,

environments.

RSA, ECC and MD5.

The

receiver

According

to

key

characteristics, modern cryptosystem can be classified into symmetric cryptosystem,

MD5 and AES Hybrid Approach

asymmetric

digital

In order to increase the level of security,

signature. For a symmetric cryptosystem,

hybrid of Symmetric algorithm with

the

an

message digest is implemented. In this

encryption key and decryption key [16,

method, actual data is encrypted with

17]. These two keys are the same or easy

MD5 algorithm and the encrypted file is

to deduce each other. The representatives

further encrypted with AES.

cryptosystem

sender

and

receiver

and

share

of symmetric cryptosystem are DES (Data Encryption Standard), AES (Advanced

MD5 and ECC Hybrid Approach

Encryption Standard).

In order to increase the level of security, hybrid of asymmetric key algorithm with

For an asymmetric cryptosystem, the

message digest is implemented. In this

receiver possesses public key and private

method, actual data is encrypted with

key. The public key can be published but

MD5 algorithm and the encrypted file is

the private key should be kept secret. The

further encrypted with ECC.

representatives 3

of

asymmetric Page 1-9 © MAT Journals 2016. All Rights Reserved

Journal of Information Technology and Sciences Volume 2 Issue 1

MD5, AES and ECC Hybrid Approach

is considered in this paper. It can be

In order to increase the level of security,

further divided into two categories: portal

hybrid of Symmetric and asymmetric key

CS and back-end CS. The former one is

algorithms are used. In this method, actual

accessed by MD directly. The latter one is

data is encrypted with MD5 algorithm and

accessed by portal CS.

the encrypted file is further encrypted with AES and then with ECC which ensuresthe

U (User)

security.

It is a person who manipulates Mobile Device. Multiple users may exist who

MD5, AES and RSA Hybrid Approach

want to access the same file or data in CS.

In this technique, actual data is encrypted

The operated object is a file or data, both

with MD5 and the encrypted file is further

denoted as F. It is a file to be uploaded

encrypted using AES algorithm. Unlike

into CS and downloaded from CS.

the previous method, here the generated AES key is encrypted using RSA rather

MOBILE

than encrypting the actual data.

SERVER UPLOADING FUNCTION () 

DEVICE

TO

CLOUD

Before uploading files F into CS, MD

PROPOSED METHODOLOGY

prompts for asking U to input a

In typical MCC scenarios, the entities

password, denoted as PWD. 

involved in this system are:

MD generates encryption key spec SK= H (PWD) || FN || FS) and

MD (Mobile Device)

IvParameterSpec

It is a device equipped with capabilities

PWD||FS), where FN is the name of

such as computing, storage and wireless

the file F (character string will be

Communication.

changed to bit string), and FS is the

For

example,

smart

phone, tablet PC, or wireless sensor node which outsources the encrypted data to the cloud environment.

IV=H

(FN)

||

size of the file F. 

MD encrypts F with SK and IV as F′ = ENC (F, SK, IV). MD generates file integrity authentication code, denoted

CS (Cloud Server) It

is a

as MAC = {H (F, IV)}.

service provider

in cloud

computing, which usually provides storage or computing service. Only storage service 4

Page 1-9 © MAT Journals 2016. All Rights Reserved

Journal of Information Technology and Sciences Volume 2 Issue 1



MD sends {F′ || H (FN) ||MAC} to

and deletes SK and IV.

portal CS. MD stores T = 〈FN〉 locally

CLOUD

SERVER

DEVICE

TO

MOBILE

DOWNLOADING

EXPERIMENTAL

RESULTS

AND

DISCUSSION

FUNCTION ()

Each of the there-mentioned algorithms



Suppose MD wants to fetch F with the

was run locally as well as on cloud. Each

name FN, MD then sends H(FN) to

algorithm was run multiple times with

CS. CS searches in 〈F′,H(FN),MAC〉

each input size and the mean value was

sends back {F′ ||MAC} that matches

used for calculations in each case. The

H(FN) to MD.

following tables are showing individual

MD prompts for asking U to input

performance of each algorithm on data of

corresponding PWD for the FN.

different input sizes.

 

MD generates encryption key SK= H (PWD || FN || FS) and IV Parameter



sizes, 2kb, 5kb, 10kb, 20kb and 50 kb.

key IV = H (FN || PWD ||FS), where FS is the size of F′, |F′ |= |F |= FS. 

Create some input data samples of



Run the encryption algorithms with all

MD decrypts out F = DEC (F′, SK,

input data sizes local server using the

IV), and checks whether MAC = H (F,

application

IV) is held. Note that, downloading

observations.

process for a co-operator (instead of U) requires a preparation stage.



tool

and

the

Make a cloud server instance on application tool and then make a dynamic web project.

5

note

Page 1-9 © MAT Journals 2016. All Rights Reserved

Journal of Information Technology and Sciences Volume 2 Issue 1





Run the encryption algorithms on

single system and the cloud network.

cloud server input data sizes and note

Speed-up ratio will provide tell us how

all observations

quickly the data have been encrypted.

Compare the both kind of results. The

Speed-Up Ratio is defined as the ratio of

performance difference will be clearly

mean processing

shown.

processor to the mean processing time on

time

on

a

the

single

cloud.

Speed-Up Ratio Speed-Up ratio is defined as the difference between the mean processing time of Mean Processing Time on Local Machine Speed Up Ratio = Mean Processing Time on Cloud

Mean Processing Time

downloading, the turnaround time is a

Mean processing time is the difference

time

between the starting time taken to encrypt

request, time required to download file

the data and the ending time. It is the

and decryption time.

required

to

send

downloading

difference between the times taken to encrypt the data. As the size of input

Throughput

increases the time taken to encrypt the

Throughput of the encryption algorithms

data will increase and with the increase in

is calculated by dividing the total plaintext

time speed-up ratio decreases.

in

Mean Processing Time=

encryption time for each algorithm. Thus,

End Time to

Encrypt-Start Time to Encrypt

if

Megabytes

throughput

encrypted

increased

consumption is decreased. Turnaround Time In the case of uploading, the turnaround time includes file reading time, encryption time, and uploading time. In the case of

6

Page 1-9 © MAT Journals 2016. All Rights Reserved

on

the

total

power

Journal of Information Technology and Sciences Volume 2 Issue 1

Input Size (mb) Throughput = Execution Time (sec)

Table 1: Performance Comparison of Hybrid Approach in Cloud.

Table 2: Performance Comparison of Hybrid Approach in Local.

CONCLUSION

considered

A security mechanism for securing the

performance of various algorithms is the

data in mobile cloud computing with the

speed of the algorithm to encrypt and

hybrid encryption algorithm is proposed to

decrypt bulk data files of various sizes.

provide confidentiality and integrity to the

We observed that performance of an

data. Protecting mobile data at rest can be

algorithm on a cloud network varies

best handled by a hybrid algorithm with

according to the type of the hybrid

bulk

algorithm such as symmetric, asymmetric

data, 7

the

comparison

factor

here

to

Page 1-9 © MAT Journals 2016. All Rights Reserved

evaluate

the

Journal of Information Technology and Sciences Volume 2 Issue 1

or hashing and also varies with the size of

applications–implementation methods

the input. From the experimental results, it

and challenging issues; 2011.

is obvious that the proposed hybrid M-

6. Sujithra M., G. Padmavathi, Sathya

AES suits best for cloud applications that

Narayanan.

Mobile

device

data

requires high security with relatively large

security: A cryptographic approach by

data size.

outsourcing mobile data to cloud. Procedia Computer Science. 2015; 47: 480–485p.

REFERENCES 1. Kumar K., Lu Y.H.,Yung-Hsiang Lu.

7. Wang Q. et al. Enabling public

Cloud computing for mobile users: can

verifiability and data dynamics for

offloading computation save energy?

storage security in cloud computing”,

Computer. 2010; 43(4): 51–56p.

in

2. M. Sujithra, G. Padmavathi. Next generation biometric security system: an

approach

for

mobile

device

computer

8. Hoang

T.

Dinh,

370p.

Chonho

Lee,

DusitNiyato, et al. A survey of mobile cloud

International

applications,

on

Springer

Berlin/Heidelberg. 2009; 355-

security. In Proc. of the 2nd ACM Conference

security.

computing: and

architecture approaches.

In

Computational Science, Engineering

Wireless Communications and Mobile

and Information Technology. 2012;

Computing; 2011.

377–381p.

9. Wei Ren, Linchen Yu, Ren Gao, et al.

3. Ayesha Malik, Muhammad Mohsin

Light weight and compromise resilient

Nazir. Security framework for cloud

storage outsourcing with distributed

computing environment: A review.

secure accessibility in mobile cloud

Journal

computing. Tsinghua Science And

of

Emerging

Trends

in

Computing and Information Sciences; 2012.

Technology. 2011; 16(5): 520–528p. 10. Liu Q, Wang G, Wu J. Efficient

4. Shashi Mehrotra Seth, Rajan Mishra.

sharing

of

secure

services.

algorithms for data communication.

International Conference on Computer

IJCST. 2011; 2(2).

and Information Technology (CIT10).

Ahma, Khalid Rafique, et al. Mobile

2010

10th

Bradford, West Yorkshire, UK. 2010; 922–929p.

cloud computing as future for mobile 8

IEEE

storage

Comparative analysis of encryption

5. Shahryar Shafique Qureshi, Toufeeq

In:

cloud

Page 1-9 © MAT Journals 2016. All Rights Reserved

Journal of Information Technology and Sciences Volume 2 Issue 1

11. P. Syam Kumar, R. Subramanian D. Thamizh

Selvam.

Ensuring

data

storage security in cloud computing

Energy Aware Computing (ICEAC '10). 2010; 1–2p. 17. S.C. Hsueh, J.Y. Lin, M.Y. Lin.

using sobol sequence. IEEE; 2010.

Secure cloud storage for conventional

12. Venkata Sravan Kumar, Maddineni

data archive of smart phones. Proc.

Shivashanker

Ragi.

Security

15th

IEEE

Int.

Symposium

on

techniques for protecting data in cloud

Consumer Electronics (ISCE '11).

computing. Master Thesis Electrical

2011; 156–161p.

Engineering, School of Computing Blekinge Institute of Technology SE– 371 79 Karlskrona Sweden; 2011. 13. K. Kumar, Y. H. Lu. Cloud computing for mobile users: can offloading computation

save

energy?

IEEE

Journal Computer. 2010; 43: 51–56p. 14. X. Zhang, J. Schiffman, S. Gibbs, et al. Securing elastic applications on mobile devices for cloud computing. Proc. ACM Workshop on Cloud Computing

Security

(CCSW

'09).

2009; 127–134p. 15. W. Ren, L. Yu, R. Gao et al. Lightweight resilient

and

storage

distributed

compromise

outsourcing

secure

accessibility

with in

mobile cloud computing. Journal of Tsinghua Science and Technology. 2011; 16: 520–528p. 16. W. Itani, A. Kayssi, A. Chehab. Energy-efficient incremental integrity for securing storage in mobile cloud computing. Proc. Int. Conference on

9

Page 1-9 © MAT Journals 2016. All Rights Reserved

Suggest Documents