Bhangotra et al.

, International Journal of Advanced Engineering Technology

E-ISSN 0976-3945

Research Paper

ENHANCING CLOUD SECURITY BY USING HYBRID

ENCRYPTION SCHEME
Vibhey Bhangotra, Amit Puri

Address for Correspondence

Department of Computer Science, Global Institute of Management and Emerging Technologies
Amritsar, Punjab, India
ABSTRACT
Cloud computing is a developed computing model in which resources of the computing infrastructure are provided as
utilities over the Internet. As likely as it is, this paradigm also brings forth many new challenges for data safeness and access
control when customers outsource delicate data for sharing on cloud servers, which are not within the same trusted domain
as data owners. This paper addresses this challenging open issue by, on one hand, defining and requiring access policies
depend on data attributes, and, on the other hand, allowing the data owner to delegate most of the computing tasks involved
in fine- grained data access control to untrusted cloud servers without disclosing the basic data contents. We attain this target
by accomplishing and uniquely combining techniques of message Digest encryption (MD5), alternate re-encryption, and
slow re-encryption. Our proposed scheme also has salient properties of user access right confidentiality and customer private
key accountability. Extensive analysis shows that our proposed scheme is highly efficient and provably secures under
existing security models.

INTRODUCTION
Cloud computing model has emerged recently and it
has taken commercial computing to a new level. The
concept of cloud computing aim on the idea that
computing resources will reside somewhere other
than the computer room and that the customers will
attach to it using the resources as and when required.
In effect, it displaces the infrastructure to the network
so that the net price with respect to the management
of hardware/software resources is reduced. It appears
to be highly disruptive technology hinting to the
future where computation moves from local
computers to integrate opportunities operated by third
party compute and storage utilities. Cloud Computing
is typically defined as a type of computing that
depends on distributing computing resources rather
than having local server or personal device to manage
services. In Cloud Computing, the term cloud is used
as a metaphor for the Internet, so the phrase cloud
computing means a type of Internet-based
computing, where different facilities such as servers,
storage and applications are provided to a company
computers and devices through the internet. One of
the key characteristics of cloud computing is the
mouldability that it offers and one of the ways that
mouldability is offered is through scalability. This
refers to the capability of a system to adjust and scale
to changes in workload. Cloud technology allows for
the automatic provision and deprivation of resource
as and when it is necessary, thus ensuring that the
level of resource available is as closely resembled to
latest demand as possible. This is a defining
characteristic that differentiates it from other
computing models where facility is delivered in parts
(e.g., individual servers, downloaded software
applications), usually with confirmed volume and
upfront costs. With cloud computing, the end user
usually pays only for the resource they use and so
keep away the disorganization and cost of any unused
capacity.
PROBLEM FORMULATION
This system developed a cloud-computing
environment by using 5 machines with minimum
dual Core processor and 2 gigabytes of random
access memory. These machines are connected to
each other and are loosely coupled to each other for
synchronization process. MacAfee security solutions
are used for prevention of attacks on every machine.
Int J Adv Engg Tech/Vol. VI/Issue IV/Oct.-Dec.,2015/34-40

Development is done in JAVA language with IDE

Eclipse or Net beans. In this MD5 encryption
mechanism is followed for secure communication.
With this AES Advance is followed as an Encryption
Standard. Along with this hybrid approach of MD5
and AES RC4 algorithm will be used. This work has
yielded results that full fill the objectives. A better
security is provided to the messages that were
exchanged between different connecting nodes. An
encryption based system is established for protecting
messages by encrypting them while they were
transferred to other machine and decrypt them while
receiving on other virtual machine. An application
will be developed where algorithms would be for the
encryption and decryption process.
Results obtained for cloud architecture equipped with
hashing algorithm is been implemented in Java
language in well-known IDE Net Beans. Loosely
synchronized client server architecture has been
implemented as discussed in related study in which
network intrusion detection clients will send the web
log information to servers. Same methodology has
been implemented in the current research. Messages
in the previous study are moving in plain text without
any encryption or hashing which could give rise to
insider attacks.
OBJECTIVES
1. To propose cloud computing environment by
using more than 5 machines with minimum dual
core processor.
2. To propose MD5 encryption mechanism for
secure communication. With this an AES
(Advanced Encryption Standard) will be used.
3. To propose comparison between previous RC4
with our RC6 algorithm.
4. Implementation with CLOUD SIM with Fedora
platform.
METHODOLOGY USED
I have used Cloud Sim. Firstly I have to install
CloudSim. For this, I have to install LINUX because
Cloud Simworks on LINUX.
PROPOSED WORK
To propose cloud computing environment by using
more than 5 machines with minimum dual core
processor. To propose MD5 encryption mechanism
for secure communication. With this AES (Advanced
Encryption Standard) is used.

Bhangotra et al., International Journal of Advanced Engineering Technology

TOOL USED
Introduction of CloudSim
CloudSim is a toolkit (library) for simulation of
Cloud computing framework. It gives fundamental
classes for describing data centers, virtual machines,
applications, users, computational services, and
policies for administration of diverse parts of the
system (e.g., scheduling and provisioning).
MAC layer Protocol: TDMA, CDMA, IEEE Mac
802.x etc.
Introduction of Cloud Analyst
CloudAnalyst is built directly on top of CloudSim
toolkit, leveraging the features of the real structure
and extending some of the capabilities of CloudSim.
CloudAnalyst design. Even though Clouds make
deployment of large scale applications easier and
cheaper, it also creates new issues for planers.
Because Cloud frameworks are distributed,
applications can be deployed in different geographic
locations, and the selected distribution of the
application effects its performance for users that are
far from the data center. Because users around the
world access Internet applications, and because
popularity of applications varies along the world,
experience in the use of application will also vary.
Quantifying impact of number of simultaneous users,
geographic location of relevant components, and
network in applications is hard to achieve in real
testbeds, because of the presence of elements that
cannot be predicted nor controlled by developers.

E-ISSN 0976-3945

Therefore, other methodologies that allow

quantification of such parameters must be used.
To allow control and repeatability of experiments,
simulators such as CloudSim are used. Simulation
experiments apply models of both applications and
infrastructures. So, simulation requires some effort
from application developers to model both the target
infrastructure and the software in a language that is
interpreted by the simulator. Even though simulators
offer support to model such scenarios, they are
conceived to be applied in general experiments, and
so modeling of specific scenarios may be time
demanding.
One of the main objectives of CloudAnalyst is to
separate the simulation experimentation exercise
from a programming exercise, so a modeler can focus
on the simulation complexities without spending too
much time on the technicalities of programming
using a simulation toolkit. The CloudAnalyst also
enables a modeler to repeatedly execute simulations
and to conduct a series of simulation experiments
with slight parameters variations in a quick and easy
manner.
The main features of CloudAnalyst are the
following:
Easy to use Graphical User Interface (GUI)
CloudAnalyst is equipped with an easy to use
graphical user interface (Fig. 3.1) that enables users
to set up experiments quickly and easily.

Fig. 3.1- CloudAnalyst GUI

Ability to define a simulation with a high degree of

configurability and flexibility. Simulation of complex
systems such as Internet applications depends on
many parameters. Typically, values for those
parameters need to be arbitrarily assumed or
determined through a process of trial and error.
CloudAnalyst provides modelers with a high degree
of control over the experiment, by modeling entities
and configuration options such as: Data Center,
whose hardware configuration is defined in terms of
physical machines composed of processors, storage
devices, memory and internal bandwidth; Data
Center virtual machine specification in terms of
memory, storage and bandwidth quota; Resource
allocation policies for Data Centers (e.g., time-shared
vs. space-shared); Users of the application as groups
and their distribution both geographically and
temporally; Internet dynamics with configuration
options for network delays and available bandwidth;
Service Broker Policies that control which segment
of total user base is serviced by which Data Center at
Int J Adv Engg Tech/Vol. VI/Issue IV/Oct.-Dec.,2015/34-40

a given time; and simulation duration in minutes,

hours or days.
Repeatability of experiments
CloudAnalyst allows modelers to save simulation
experiments input parameters and results in the form
of XML files so the experiments can be repeated. The
underlying CloudSim simulation framework ensures
that repeated experiments yield identical results.
Graphical output
CloudAnalyst is capable of generating graphical
output of the simulation results in the form of tables
and charts, which is desirable to effectively
summarize the large amount of statistics that is
collected during the simulation. Such an effective
presentation helps in identifying the important
patterns of the output parameters and helps in
comparisons between related parameters. In the
current version of CloudAnalyst, the following
statistical metrics are produced as output of the
simulation: Response time of the simulated
application; overall average, minimum and maximum

Bhangotra et al., International Journal of Advanced Engineering Technology

response time of all user requests simulated;

Response time arranged by user groups, located
within geographical regions; response time arranged
by time, showing the pattern of changes in
application usage during the day; usage patterns of
the application; number of users arranged by time or
regions of the world, and the overall effect of that
usage on the data centers hosting the application;
time taken by data centers to service a user request;
overall request processing time for the entire
simulation; average, minimum and maximum request
processing time by each data center; response time
variation pattern during the day as the load changes;
and details of costs of the operation.
Use of consolidated technology and ease of extension
CloudAnalyst is based on a modular design that can
be easily extended. It is developed using the
following technologies: Java (the simulator is
developed 100% on Java platform, using Java SE
1.6); Java Swing (the GUI component is built using
Swing components); CloudSim (CloudSim features
for modeling data centers is used in CloudAnalyst);
and SimJava (some features of this tool are used
directly in CloudAnalyst).
Proposed Work
One of the crucial feature of cloud computing is the
safe management of the resources that are associated
with cloud services. One of the main tasks of safe
management is cryptographic operations. Hence,
while self-configurable services, elastic abilities and
ubiquitous computing is provided by cloud services
at a lower cost, they also entail performing several
cryptographic operations for the following:
To provide secure storage of data that is
processed by those services.
To provide secure interaction of the cloud
consumer with various services.
The above functions can increase the complexity of
the key management system (KMS) required to
support the cryptographic operations for these
functions for the above because differences in control
and ownership of underlying infrastructures on which
the resources and KMS are located.
Solution to the security issues
In order to manage the encryption keys securely,
enterprises need to employ encryption in their cloud
environment, while maintaining secure off-site
storage of their encryption keys.
Encryption keys should never be stored in the same
place as encrypted data. The keys used for encrypting
sensitive customer data should be managed
effectively by periodic key rotation and re-encryption
of data with new keys.
Employees should be not be given more access than
what is needed to complete their tasks.
EXPERIMENTAL IMPLEMENTATION
RC5

Fig. 4.1- Symmetric Encryption

RC5 is a fast symmetric block cipher. A symmetric

block cipher is a cipher that uses the same key for
encryption and to decrypt as shown in the figure
Int J Adv Engg Tech/Vol. VI/Issue IV/Oct.-Dec.,2015/34-40

E-ISSN 0976-3945

below. The cleartext and cipher text are fixed-length

bit sequences, that is why it is a block cipher
Important Parameters
1. w- It specifies the variable word size in bits.
Thought the algorithm is made for any
arbitrary length of the word size, that is an
integer greater than zero, but all the choices
require not necessarily perform the purpose
of the required security wherever the
algorithm is executed. Therefore, only the
options like 16, 32 and 64 are allowed for
RC5 algorithm and the suggested choice is
32. RC5 algorithm takes two word input
cleartext, making it a 64-bit plaintext input
and gives a two word output cipher text,
making it a 64-bit cipher text output.
2. r- It specifies the variable number of stages.
The number of stages acts as a trade of
between high speed and high security. For
the same reasons as specified in the
parameter 'w', the suggested value for the
number of stages is 12. The allowed values
for the number of stages are 0, 1, .... 255.
3. b- It is the variable length secret
cryptographic key. 'b' specifies the number
of bytes in the secret key K. For the same
reasons as specified in the parameter 'w', the
suggested value for 'b' is 16, while the
allowable values are from 0 - 255.K- It is
the b-byte secret key array : K[0], K[1],
...,K[b-1]. RC5 cannot be secure for all
possible values of the number of rounds 'r'
and length of the secret cryptographic key
'b'. That means that if the number of
round(s) is zero, it implies that there is no
security. If the number of round(s) is one, it
will provide very less security and as a
matter of fact, it can be easily broken.
Similarly, if 'b' is zero, then there is no key,
therefore there is no security. On the other
hand if the maximum allowable values are
used for these parameters then this might be
an overkill.
Therefore, the nominal choice that is
proposed is:- w - 32 r - 12 k - 16 The
notation to write all the parameters for the
RC5 algorithm is RC5-32/12/16.
Some important notations and the RC5 Primitive
Operations:There are three primitive operations (and their
inverses):1. Two's complement addition of words, that is
done modulo 2w. It is denoted as a '+' symbol
and the inverse operation is subtraction and it is
denoted by '-'.
2. Bit-wise exclusive OR of words. It is denoted
by the symbol.
3. A left rotation of words, that is the cyclic
rotation of a particular word x left by y bits. It is
denoted as x<<>>y. The important point to note
is that the rotations are "rotations by variable
amount" and that amount is not fixed. A
variable rotation takes constant-time, so the
time is independent of the rotation amount.
There are no other non-linear operations in
RC5. Therefore, the strength heavily relies on
the data dependent rotations. Let's have a look

Bhangotra et al., International Journal of Advanced Engineering Technology

at the RC5 algorithm, that is divided into three

parts: Key Expansion.
Encryption Algorithm.
Decryption Algorithm.
4. Key Expansion -Let's see what requirements of
the key expansion are. There is an expanded key
table array S that will contain the random binary
words that will be used in the encryption and
decryption later on. The size of this table is
dependent upon the number of rounds 'r'
mentioned above. The size of this table is given
by, t = 2 (r +1) where:
t - is the size of the table S.
r -the number of rounds in the RC5 algorithm.
Note: -The S table array should not be mistaken
with the S-box concept in the DES
algorithm. Entries in the S table array are
used sequentially, one at a time.
The random binary words that are required to fill this
array are derived from the key array K. We start with
two magic constants:These are two word-sized binary constants
Pw = Odd((e - 2) 2w )
Qw = Odd(( 1) 2w )
Where, e = 2.718281828459 (base of natural
logarithms)
= 1.618033988749 (golden ratio),
Odd(x) = odd integer nearest to x
For w = 16 and 32 in hexadecimal form
P16 = b7e1
Q16 = 9e37
P32 = b7e15163
Q32 = 9e3779b9
Step 1: Converting the Secret Key from Bytes to
Words:The secret key array K is copied into another array L,
where the size of the array L is
c = ceiling(b/u) words.
where,
u = w/8 is the number of bytes/word.
u consecutive key bytes of K fill up each successive
word in L, low-order byte to high- order byte and the
remaining positions are zeroed.
When b=c=0, then c becomes 1 and L[0] is set to
zero.
Step 2: Assuming all the bytes of the key are
unsigned and the array L is initially zeroed, the
following pseudo code copies the secret key from
bytes to words on the little endian machines.

E-ISSN 0976-3945

B = B + S[1];
for i = 1 to r do
A = (( A B ) <<< B ) + S[ 2 * i ];
B = (( B A) <<< A ) + S[ 2 * i + 1];

The output are in the registers A and B. Work is done

on both A and B, unlike DES, where only half input
is updated in a particular round. Next is the diagram,
which demonstrates the above algorithm and another
diagram following that demonstrate the encryption
implementation on the hardware.

Fig. 4.2- Encryption Algorithm

It includes the time to encrypt the file as requested by

the client. It is the time between the points when user
requests the cloud system to upload the file and the
time when the tasks of encryption and generating key
shares actually finishes and the encrypted file is
actually stored in the cloud data.

Table 4.1- Threshold/ time values

Fig. 4.3- Encryption Algorithm (1)

Secondary key, merge the master key and the

secondary key and time to decrypt the input file. It is
the time between the two points when the user makes
a request to download a file and user actually
receives his file. Below Fig(s).shows the time taken
for file downloading for different file sizes.

Step 3: Mixing in the Secret Key The final step is

mixing of the secret key which can be done by the
following pseudo code

Encryption Algorithm- The two w-bit words inputs

are denoted as A and B.
A = A + S[0];
Int J Adv Engg Tech/Vol. VI/Issue IV/Oct.-Dec.,2015/34-40

Fig. 4.4- Time taken for file downloading

Bhangotra et al., International Journal of Advanced Engineering Technology

1.

2.

3.

4.
Fig. 4.4- Time taken for file downloading (1)

Advantages of the proposed technique over existing

techniques

E-ISSN 0976-3945

Existing techniques are centralized in nature.

We try to provide to provide a distributed
approach for key management.
This technique provides fault tolerance to
byzantine attacks, data modification and server
colluding attacks.
Reliably of the system is increased by using the
voting technique to ensure that the share does
not get modified by the attacker.
After a pre decided crypto time, the shares are
renewed in order to ensure the security of user
data if in case some of the shares get
compromised.

Fig. 4.5- Cloud Regional Boundaries Detail

Fig. 4.6- Shows cloud allocation complete region wise after creating various datacenter

Fig. 4.7- Cloud Regional Boundaries Detail (1)

Int J Adv Engg Tech/Vol. VI/Issue IV/Oct.-Dec.,2015/34-40

Bhangotra et al., International Journal of Advanced Engineering Technology

Fig. 4.8- Hour base usage and response time after using proposed Algorithm

Fig. 4.9- Data center request servicing time

Fig. 4.10- Data center loading with proposed schema

Int J Adv Engg Tech/Vol. VI/Issue IV/Oct.-Dec.,2015/34-40

E-ISSN 0976-3945

Bhangotra et al., International Journal of Advanced Engineering Technology

CONCLUSION AND FUTURE SCOPE

In this research, a system is proposed which removes
the drawbacks of some of the existing cloud systems.
New modules are added to the existing system to
improve the reliability and security of the existing
cloud systems that use symmetric key encryption
techniques to ensure data security.
Key management is the toughest part to manage in
cryptosystems. In the cloud platform, there is always
a possibility of insider attack or outsider attack. Keys
can be accessed or stolen by employees without the
knowledge of end users. The main goal is to provide
secrecy to the data as well as keys that are stored in
cloud systems. The proposed technique provides
better data security and key management in cloud
systems. This technique also provides better security
against failure, server and data modification attacks.
Future Scope
In future, this work can be extended to use some
other secret sharing schemes which are more efficient
so that the performance of proposed system can be
further improved. In addition to this, the proposed
technique can be extended to work with asymmetric
encryption algorithms.
REFERENCES
1.

Dr. Ravish Saggar, Ms. ShubhraSaggar, Ms.

NidhiKhurana Cloud Computing: Designing Different
Systems Architecture Depending On Real-World,
International Journal of Computer Science and
Information Technologies, Vol. 5 (4), 2014, 5025-5029.
2. AliKhajeh-Hosseini, David Greenwood, Ian
Sommerville Cloud Migration: A Case Study of
Migrating an Enterprise IT System to IaaS," To appear
in 3rd Int. Conf. on Cloud Computing (IEEE CLOUD
2010), 2010.
3. Ali Khajeh- Hosseini, David Greenwood, James W,
Smith, Ian Sommerville The Cloud Adoption Toolkit:
Addressing the Challenges of Cloud Adoption in the
Enterprise, Cloud Computing Co-laboratory, School of
Computer Science, University of St Andrews, UK
,2010.
4. B.Poornima, Dr.T.Rajendran Improving Cloud
Security by Enhanced Hasbe Using Hybrid Encryption
Scheme, International Journal of Advanced Research
in Computer Science and Software Engineering ,
Volume 4, Issue 4, April 2014 .
5. Matt Blaze GerritBleumer Martin Strauss Divertible
Protocols and Atomic Proxy Cryptography, AT&T
Labs - Research Florham Park, NJ 07932 USA, 1999.
6. Kamal Dhull Cloud computing based e- learning
system to provide easy access of e-contents and web
resources for educational institutes in developing
countries, International Journal of Informative and
Futuristic Research ( IJIFR), Volume 1 Issue 2, October
2013.
7. ThomasRistenpart,
EranTromer,
HovavShacham,
Stefan Savage Hey, You, Get Off of My Cloud:
Exploring Information Leakage in Third-Party
Compute Clouds, ACM 978-1-60558-352-5/09/11,
November 913, 2009, Chicago, Illinois, USA.
8. D. Catteddu and G. Hogben, "Cloud Computing:
benefits, risks and recommendations for information
security, European Network and Information Security
Agency, 2009.
9. MonjurAhmedand Mohammad Ashraf HossainCloud
Computing and Security Issues in the Cloud,
International Journal of Network Security & Its
Applications (IJNSA), Vol.6, No.1, January 2014.
10. Ali
Khajeh-Hosseini,
Ian
Sommerville,
IlangoSriramResearch Challenges for Enterprise
Cloud Computing, Cornell University Library, 1st
ACM Symposium on Cloud Computing, SOCC 2010.
11. Aastha Mishra, Data Security in Cloud Computing
Based on Advanced Secret Sharing Key Management
System, Department of Computer Science and
Engineering National Institute of Technology Rourkela,
June 2014.
12. Dr. Ravish Saggar, Ms. ShubhraSaggar, Ms.

Int J Adv Engg Tech/Vol. VI/Issue IV/Oct.-Dec.,2015/34-40

13.

14.

15.
16.
17.
18.

19.

E-ISSN 0976-3945

NidhiKhurana Cloud Computing: Designing Different

Systems Architecture Depending On Real world
examples, International Journal of Computer Science
and Information Technologies, Vol. 5 (4), 2014.
M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. H.
Katz, A. Kon- winski, G. Lee, D. A. Patterson, A.
Rabkin, I. Stoica, and M. Zaharia, Above the clouds:
A berkeley view of cloud computing, University of
California, Berkeley, Tech. Rep. USB-EECS-2009-28,
Feb 2009.
Q. Wang, C. Wang, J. Li, K. Ren, and W. Lou,
Enabling public verifiability and data dynamics for
storage security in cloud computing, in Proc. of
ESORICS 09, 2009.
Amazon Web Services (AWS), Online at http://aws.
amazon.com.
Google
App
Engine,
Online
at
http://code.google.com/appengine/.
Microsoft Azure, http://www.microsoft.com/azure/.
Lidong Zhou, Michael A , Fred B. Schneider,Anna
Redz, Distributed Blinding for ElGamal Reencryption, 25th IEEE International Conference on
Distributed Computing Systems (ICSCS05), 2005.
Peter Mell. (2011) 'The NIST Definition of Cloud ',
Reports on Computer Systems Technology, Computer
Security Division Information Technology Laboratory
National Institute of Standards and Technology, Sep
2011.