2015 7th International Conference on Emerging Trends in Engineering & Technology

Enhancing Cloud Security Using Multicloud

Architecture and Device Based Identity
Rutuja G. Warhade

Prof.Basha Vankudothu

PG Scholar: Dept. of Computer Engineering

GSMCOE, Pune
[email protected]

Professor: Dept. of Computer Engineering

GSMCOE, Pune
[email protected]

A Cloud Service Providers (CSP) provides all the services

needed by a customer at their end on a pay-as-you go basis.
In spite of these valuable benefits, cloud lacks the security and
privacy concerns regarding the stored data in the cloud, due to
this security issue the third party cloud storage are not
considered trustworthy to store sensitive user data. Cloud users
losses control over their sensitive data, while using third party
cloud storage. Cloud storage faces many challenges to ensure
privacy of outsourced data since CSP may use customers data
for commercial purpose or third party may gain access to user
data.

AbstractCloud computing is a fastest growing technology in

recent years. One of the most important feature of cloud is its
elasticity , which allows the user to pay as per their needs. While
cloud is beneficial in terms of economy and availability but
organizations cant ignore the security threats to their data on
cloud storage. Due to the security issues in cloud many users are
reluctant to use it for personal and sensitive data storage. Since
cloud storage is third party storage it needs special data security
solutions, than traditional third party storages. This paper
focuses on a concept of multiple cloud storage along with
enhanced security using encryption techniques and device based
identity to access the data. Instead of storing complete file on
single cloud system, the proposed system will split the file in
different chunks then encrypt it and store on multi-cloud.

In this paper we will explore a scheme where data will be

stored on multiple clouds rather than on a single cloud. The
customers need not to rely or have complete trust on a single
CSP to have complete data. Further the data security at each
CSP is enhanced using encryption methods and device based
data access.

Keywordscloud security; storage; file splitting; multi-cloud;

security; identity

I. INTRODUCTION

II. RELATED WORK

Cloud computing is the practice of using remote servers on

the Internet to manage, store and process data instead of using
a personal computer. Cloud computing provides different
services such as: Infrastructure-as-a-Service (IaaS), Platformas-a-Service (PaaS), and Software-as-a-Service (SaaS). IaaS
(or utility computing) follows a traditional utilities model,
providing servers and storage on customers demand and the
customers have to pay accordingly. PaaS allows the customers
to develop their applications within a CSPs framework E.g.
Googles App Engine. SaaS enables customers to use an
application on demand via a browser. A popular example of
cloud computing is Google Drive, where you can access your
stored data from any computer with internet access.

Extensive study has been done by researchers on security

challenges in cloud and they proposed various defense
mechanisms to overcome these threats. In this section, we
conduct a brief study of related work done.
In [2] the author discusses various security issues with use
of cloud and focuses on security threats to public clouds as this
demands for highest security. The author discusses about the
security prospects by using multi-cloud architecture. Here four
architectural patterns are discussed to partition the application
and data fragments to multiple clouds. First approach discusses
about replicating the application this helps to verify integrity of
data. Second approach helps to protect data and application
logic by separating them. Third approach discusses about
breaking application logic in parts and executing each part over
multiple clouds preserves confidentiality. Similar approach is
given in fourth architecture where data is broken into parts and
executed over various clouds which helps to protect the data
from malicious CSP. Each architecture has its pros and cons
however combination of above discussed architectures
according to needs of the customer will give better secure
approach for multi-cloud systems.

Cloud computing is a tremendously growing technology in

last few years. Cloud computing offers dynamically scalable
resources provisioned as a service over the Internet [2]. Among
various computing services (such as PaaS, IaaS, SaaS) offered
by cloud, cloud storage has attracted many users. Cloud storage
allows organizations or individuals to store their data in
scalable, anytime and anywhere available and economic (pay
as you go) cloud infrastructure. Extensive use of Google drive,
Dropbox and such other cloud storages proved popularity and
demand for cloud storages. E.g. In Apr 2013Amazon reported
storing two trillion objects in their storage Amazon S3 [1].

978-1-4673-8305-9/15 $31.00 2015 IEEE

DOI 10.1109/ICETET.2015.16

In [3] the author proposes an effective and secure multiauthority data access control scheme with efficient decryption
34

and revocation method. They proposed a new multi-authority

CP-ABE scheme with efficient decryption, and an efficient
attribute revocation method that can achieve both forward
security and backward security.

database is provided but they had not given their solution in

details.
In [13] the author suggested that encryption time, memory
usages and level of encryption are the major issue in encryption
algorithms. Two algorithms DES and AES are compared for
performance evolution the results show that AES is better as
compared to DES.

In [4] the authors proposed multi-cloud computing

framework using proxy Virtual Machines for sharing resources
and dynamic collaboration among cloud based services. The
proposed framework manages mutual trust, security and policy
issues without the need of pre-collaboration agreement, which
is required in cloud. Whenever cloud user need to use any
services, they will send request to cloud where CSP has preinstalled proxy VM that will interact with multi-cloud services
and provide necessary results to user. It helps to collaborate
various cloud user.

In [14] the comparative study of DES, 3DES, AES and

Blowfish algorithms is performed. Each of these algorithms is
evaluated by encrypting the input files of varying contents and
sizes using the algorithm. It is concluded that blowfish is the
fastest among all algorithms.

In [5] authors described in their survey paper various

security vulnerabilities, threat models and respective defense
models for preserving data confidentiality, availability,
integrity, privacy and accountability. They have described
various threats like Cross-VM attack, malicious system
administrator for cloud confidentiality, which can be defended
by VM placement prevention. Cloud Integrity is affected by
data loss or data manipulation and dishonest computation in
remote cloud provider server, which can be managed by
replication, re-computation and third party auditing. Cloud
accountability is affected by SLA violation and dishonest Map
Reduce, which can be dealt with accountable SLA, and
accountable Map Reduce. Even though authors had given
complete detailed survey of cloud threats and vulnerabilities
but they have not mentioned which method will be suitable for
multi cloud environment.

In [15] the DES, 3DES, AES and Blowfish block ciphers have
been analyzed for various file features like different data
density, data type, data size and key size, and the author
analyzed the variation of encryption time for different selected
cipher algorithms. The research shown that; encryption only
depends upon the number of bytes present in the file and
encryption time and data size is directly proportional to each
other. It is concluded that AES appears to be fastest block
cipher with encryption rate of 108MB/sec at bare minimal
parameter.
III. PROBLEM DEFINITION
A. Problem Statement
Existing cloud storage schemes may either produce
multiple encrypted copies of the same data or require a fully
trusted cloud server. It increases the malicious user attack
possibilities. To provide secured storage at cloud, splitting
technique can be combined with encryption method to provide
strong protection. Further, the device based identity method to
identify the authenticated user enhances the security.

In [9] the author proposes that security is considered the

major issue in the cloud-computing environment. Customers
do not want to lose their sensitive information as a result of
malicious workers in the CSP. The author also discussed about
the loss of service availability of CSP.

B. Proposed System
Here the Identity based multi-cloud storage scheme
(IBMCSS) is proposed Fig1. shows the system architecture. In
IBMCSS the user can define his data access device from where
only he can get the access. The file is encrypted using the
encryption algorithm thus confidentiality is maintained. The
access permission is bound to the file as well as to the identity
of the authorized access device. The scheme is secured against
data theft attacks. The file is divided in smaller chunks and
stored on multiple clouds to reduce the risk downtime due to a
software, local hardware, or infrastructure failures in a cloudcomputing environment. The file is merged and decrypted
when requested by the authenticated user. This way user can be
sure about the security of data.

In [8] the author proposes an efficient data storage security

in cloud service. The partitioning of data enables easy and
effective storage. It also gives way for flexible access and cost
for data storage is reduced. The space and time utilisation is
improved in this scheme. The author proposed remote data
integrity checking that detects the threats and misbehaving
server while storing the data in cloud ensuring data security.
Single cloud environment faces the challenges such as
service unavailability, malicious insiders in CSP and data
integrity challenges, which can be, overcame by the use of
multiple clouds. In [10] the author described multi-cloud model
as combination of various cloud where user data will be
distributed and executed in those clouds simultaneously. It is
observed that using multiclouds improve performance as
compared to using single cloud environment by dividing
security, trust and reliability among different cloud providers.
In this paper the author surveyed various techniques available
for multi cloud security like use of cryptography, secret sharing
algorithm, DepSky system, redundant array of cloud storage
(RACS) and HAIL protocol. The limitations of exiting
solutions have been discussed and suggestions for secure cloud

C. Objectives

35

Setting up and configuring multiple cloud servers in

order to having storage
Developing encryption techniques like AES for file
encryption before storing it on cloud
Develop file management classes in dot net

Develop a web interface for file upload and download

in cloud storage

D. Development Phases:
1) Registration Module
In registration module we will get user details such as
username, email address, password etc. on user registration
form. After successful registration the user will be in a
deactive state. Application will generate a random verification
code for the user. The verification code will be sent to the user
on specified mail id.

File is uploaded by using file uploader control, we can let

the user select file to be upload.

Get the sever path by using Server.MapPath () function to

get path of server directory.

5) File Encryption Module

In this module we will deal with file encryption and
decryption methods. The File is encrypted using the user
provided key. AES algorithm will be used for file encryption
and decryption.
6) File Splitting and Clubbing Module
In this module we will design the methods to split the file
in smaller chunks while uploading the file and merge the
chunks to form a file while downloading the file. In Proposed
system, we will split the encrypted file in smaller chunks then
store each chunk on different clouds.
E. Algorithms Used:
In this section we will describe the algorithms used for file
upload and download operation. Table 1 shows the notations
used in the algorithms.

[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]

TABLE I.

NOTATIONS USED IN ALGORITHMS

Notation
F
FN
F_Sz
CSP
N
CSP_id
CU
FC
fc
fc_Sz
n

Fig. 1. System Architecture

2) Login Module
In Login module the user has to enter the verification code
code sent to him when he is logging in into the application for
the first time. If the verification code is correct, update the
users state to active, set the users device as his identity and
proceed to home page. If verification code is incorrect redirect
the user to login page.

Description
File to be uploaded
Name of File F
Size of File F (in bytes)
Cloud Service Providers
No. of CSPs
CSP Id
Cloud User
Set of file chunks
Chunk of File F
File Chunk Size (in byte)
No. of Chunks

Algorithm 1: File Splitting and Uploading Operation

Input : F, N
Output: Sending fc to destination CSP_id

3) FTP Settings Module

In the proposed system, file gets distributed at three
different locations. First location is the application server
where 1st part of the file is stored and the other two FTP
servers where 2nd and 3rd part of the file is stored. In FTP
setting module, we will design a setting page where FTP
details such as IP address, username and password will be
taken from the user for further use.

Step 1: Find File Size in bytes

F_Sz = Sizeof (FN)
Step 2: Make n Chunks of file
Where fc_Sz = F_Sz/N
FC = {fc1, fc2,, fcn}

4) FileUpload and Download Module

In this module we will develop a web interface to upload
and download files in cloud storage. For uploading the file
various file uploading links are open. The user can choose the
file, which he want to upload on cloud. User can upload
different type of files such as doc file, video, mp3, etc.

Step 3: Send each chunk to the destined CSP using CSP_id

For j=1 to N do
Get CSP_id[j] from FTP setting module;
fc[j]-> CSP_id[j]; //send each file chunk to specified CSP
Algorithm 2: File Clubbing and Downloading Operation

Homepage will show list of file uploaded by user from user

specific directory. In proposed system, we use data list to show
file list .

Input : FN

36

Output: Download file FN on users device

AES:
AES relies on a style principle referred to as a substitutionpermutation network, combination of each substitution and
permutation, and is quick in each package and hardware [14].
AES may be a variant of Rijndael that contains a fastened
block size of 128 bits, and a key size of 128, 192, or 256 bits.
AES operates on a 44 column-major order matrix of bytes,
termed the state, though some versions of Rijandel have a
bigger block size and have extra columns within the state. Most
AES calculations are wiped out a special finite field.

Step 1: Fetch first part of the file from application servers local
disk
Let Tmp_Fl be used as a temporary storage space for clubbing
the file
Step 2: Combine all fcs of F
For j=1 to N do
Get CSP_id[j] from FTP setting module to fetch fc[j];
Tmp_Fl = combine(Tmp_Fl ,fc[j]);

The key size used for an AES cipher specifies the number
of repetitions of transformation rounds that convert the input,
called the plaintext, into the final output, called the cipher text.
The number of cycles of repetition is as follows:

Step 3: Send combined file Tmp_Fl to CU

Algorithm 3: Encryption/Decryption Algorithm AES
Following points have been taken into consideration while
choosing the Encryption algorithm:
1. Key size variation
2. Encryption throughput
3. Encryption and decryption time with respect to:
Files with different Data types
Data files of same type with different sizes
File with different data densities
Considering the above factors the survey is done for
various block ciphers such as DES, 3DES, AES, and Blowfish
etc. In [14] the author compares the performance of DES,
3DES, AES and Blowfish by encrypting the input files of
varying contents and sizes. Here it is concluded that blowfish is
the fastest among all algorithms. Fig 2 shows the throughput
(encryption time) comparison of block ciphers. In [15] the
author compares all the above mentioned block ciphers with
respect to varying file types, file contents and file size, here it is
shown that for image, audio and video files the performance of
blowfish degrades as compared to AES. Fig. 3 shows the
comparative results of the algorithms for different file types.
By analyzing the comparative study of various algorithms we
found that in our scenario AES will be the best suitable
algorithm.

10 cycles of repetition for 128-bit keys.

12 cycles of repetition for 192-bit keys.
14 cycles of repetition for 256-bit keys.

Fig. 3. Encryption time Vs Cipher Algorithm for files of different data type

Algorithm Description
1. Key Expansion - round keys are derived from the cipher
key using Rijndael's key schedule. AES requires a
separate 128-bit round key block for each round plus one
more.

Fig. 2. Throughput of encryption algorithms

37

2.

Initial Round:
AddRoundKey - each byte of the state is combined
with a block of the round key using bitwise XOR.

3.

Rounds:
SubBytes - a non-linear substitution step where each
byte is replaced with another according to a lookup
table.

4.

ShiftRows - a transposition step where the last three

rows of the state are shifted cyclically a certain
number of steps.
MixColumns - a mixing operation that operates on the
columns of the state, combining the four bytes in each
column.
AddRoundKey

Fig. 4. ShiftRows Operation

The MixColumns Operation

MixColumns perform operations to the state column by
column. Each column is processed according to four
polynomials. Column is considered to be the polynomial in GF
(28) domain, and multiplies the fixed polynomial A(x) given
below equation:
B.

Final Round (no MixColumns)

SubBytes
ShiftRows
AddRoundKey
IV.

A(x)={03}x3+{01}x2+{01}x+{02}
This formula can also be expressed in terms of matrix
multiplication.
Suppose s' (x) = a (x)b(x),

THE MATHEMATICAL MODEL IN AES ENCRYPTION

ALGORITHM

1. AES algorithm sets each input and output for 128 bits,

known as block or group, the number of bits in which is

called block length. AES algorithms key sizes are 128
bits, 192 bits or 256 bits.
2. In AES algorithm operations are done in the state, and the
state is the intermediate result in AES encryption and
decryption process. A State composed of four lines of
bytes, and each line contains a Nb byte.
Nb = (block length) / 32. In AES standard, Nb = 4
State[] is state array
Each byte has two pointers: one is its line number
r (0r<4), the other is its column number c (0 c<Nb).
Each byte of the state can be expressed as State[r, c]
Each column of the state array has 4 bytes which constitute
a 32 bit word, that is to say, state is one-dimensional array
consisting of 32 bit word (column).
A.

As the result of multiplication, four bytes in one column

can be expressed as:
S0,c=({02} S0,c) ({03} S1,c)
S2,c
S3,c

S1,c= S0,c

({02} S1,c)

S2,c= S0,c

S1,c

({03}S2,c)

({02}S2,c)

S3,c
({03} S3,c)

S3,c= ({03}S0,c)
S1,c
S2,c
({02} S3,c)
Fig. 5 shows the example of MixColumns transformation

The ShiftRows Operation

ShiftRows is a substitution operation which conducts cyclic

shift to the line byte according to different byte offset number,
and the first line r= 0 doesnt shift. Fig. 4 shows ShiftRows
operation.
For other rows the ShiftRows expression is:
Sr,c = Sr,(shift(r,Nb)+c) mod Nb, 0<r<4 and 0 c<Nb
In it, the shift value shift (r, Nb) depends on line number - r, such
as (Nb = 4), shift (1, 4) = 1;
Shift (2, 4) = 2;
Shift (3, 4) = 3.

Fig. 5. Example of MixColumns operation

V.

EXPECTED EXPERIMETAL RESULTS

As the number of splits increases the time required to

split/merge the file will be increased.
The time required to encrypt any file type will be
minimum as AES algorithm is used.
The uploading and downloading time of file will be
dependent on the network speed.

VI. CONCLUSION
As discussed earlier the data security and privacy protection
are the primary problems that need to be solved in the cloud
storage. The above-mentioned model is a novel approach to solve
the security issues in cloud computing. By using the multi-cloud

38

approach the users data is more secured, as access to the data

is not entrusted to a single CSP. Further by using the device
based security approach the data security is enhanced as only
the validated user can access the data.

[9]

[10]

REFERENCES
[1]

[2]

[3]

[4]

[5]
[6]

[7]

[8]

Amazon S3 - Two Trillion Objects, 1.1 Million Requests / Second 18

Apr 2013 in AmazonS3, http://aws.amazon.com/blogs/aws/amazon-s3two-trillion-objects-11-million-requests-second/
Jens-Matthias Bohli, Nils Gruschka, Meiko Jensen, Luigi Lo
Iacono, and Ninja Marnau, Security and Privacy Enhancing MultiCloud Architectures, IEEE Transaction on Dependable and Secure
Computing, July/August 2013
Kan Yang, Ren, Xiaohua Jia, Bo Zhang, and Ruitao Xie,
DAC-MACS: Effective Data Access Control for Multi-Authority Cloud
Storage Systems, IEEE 2013
Mukesh Singhal and Santosh Chandrasekhar, Collaboration
in Multicloud Computing Environments: Framework and Security
Issues, Published by the IEEE Computer Society, 2013
Zhifeng Xiao and Yang Xiao, Security and Privacy in Cloud
Computing, IEEE Communication Survey & Tutorials, 2013
Jing-Jang Hwang and Hung-Kai Chuang, A Business Model
for Cloud Computing Based on a Separate Encryption and Decryption
Service, National Science Council of Taiwan Government, IEEE ,2012
Kan Yang, Xiaohua Jia, Attributed-based Access Control
for Multi-Authority Systems in Cloud Storage, in Proceeding of 2012
32nd IEEE International Conference on Distributed Computing Systems
, IEEE ,2012
Selvakumar G. Jeeva Rathanam M. R. Sumalatha , PDDS Improving Cloud Data Storage Security Using Data Partitioning
Technique, IEEE,2012

[11]

[12]

[13]

[14]

[15]

[16]

39

J.-M. Bohli, M. Jensen, N. Gruschka, J. Schwenk, and L.L.L.

Iacono, Security Prospects through Cloud Computing by Adopting
Multiple Clouds, Proc. IEEE Fourth International Conference on Cloud
Computing (CLOUD), 2011
Mohammed A. AlZain, Eric Pardede, Ben Soh, James A.
Thom, Cloud Computing Security: From Single to Multi-Clouds,
IEEE 45th Hawaii International Conference on System
Sciences,IEEE,2012
J. D Assistant Professor, Ramkumar P Systems Engineer,
Kadhirvelu D, Preserving Privacy through Data Control in a Cloud
Computing Architecture using Discretion Algorithm, in Proceeding of
Third International Conference on Emerging Trends in Engineering and
Technology,IEEE,2010
Prashant Kumar, Lokesh Kumar, Security Threats to Cloud
Computing, International Journal of IT, Engineering and Applied
Sciences Research (IJIEASR), Volume 2, No. 1, December 2013
Akash Kumar Mandal, Mrs. Archana Tiwari, Performance
Evaluation of Cryptographic Algorithms: DES and AES, in Proceeding
of 2012 IEEE Students Conference on Electrical, Electronics and
Computer Science, IEEE 2012
Aamer Nadeem, Dr M. Younus Javed, A Performance
Comparison of Data Encryption Algorithms, Information and
Communication Technologies, 2005. ICICT 2005, IEEE 2005
Ranjeet Masram, Vivek Shahare, Jibi Abraham, Rajni
Moona, Analysis and Comparison of Symmetric Key Cryptographic
Algorithms Based On Various File Features , International Journal of
Network Security & Its Applications (IJNSA), Vol.6, No.4, July 2014
Diaa Salama, Hatem Abdual Kader, Mohiy Hadhoud,
Studying the Effects of Most Common Encryption Algorithms,
International Arab Journal of e-Technology, Vol. 2, No. 1, January 2011