Homomorphic Encryption For Cluster in Cloud

Download as pdf or txt
Download as pdf or txt
You are on page 1of 6

International Journal of Security and Its Applications

Vol. 9, No. 5 (2015), pp. 319-324


http://dx.doi.org/10.14257/ijsia.2015.9.5.31

Homomorphic Encryption for Cluster in Cloud


N. Vamshinath1, K. Ruth Ramya1, Sai Krishna1, P. Gopi Bhaskar1, Geofrey L.
Mwaseba1 and Tai-hoon Kim2
1

Department of Computer Science and Engineering,


KL University,
Vaddeswaram, AP, 522502, India
[email protected]
2
Department of Convergence Security, Sungshin Women's University,
249-1, Dongseon-dong 3-ga, Seoul, 136-742, Korea
[email protected]
(Corresponding Author)
Abstract
Data storage and its security have been a distress, since the development of the several
computing capabilities. Any potential data mishandling can escalate to leakage or
breaching, resultant of this can be decline or impinging of trust, privacy or economical
stance of the related cloud delegates. Cloud computing is a new technological trend that
enables outsourcing of data into the cloud aimed towards elimination of sneakernet as
there is no need for rudimentary storage of data as previously in confined physical
storages. During decryption data will be vulnerable for some instant of time, as the plain
text can be expose, contrary to homomorphic encryption which promotes privacy of the
secured data by allowing some operation to be performed on the encrypted data, The
homomorphic encryption is presently available for traditional system, the same procedure
is applied to the cloud data and in transit.
Keywords: Homomorphic encryption, Cloud computing, Data security, Cluster

1. Introduction
Since the prevalence of cloud computing as predicted by Gartners Hype cycle [1] for
the emerging technology. Cloud storage have become the predominant methodology for
storing the data by utilizing the network interconnection. Although cloud storage have
been a major game changer for our data storage, still there is a need to secure sensitive
data (dynamic and static) such as tax records, social security number and other personal
data related contents so as to ensure privacy. The cloud service as a mean for outsourcing
data for storage purpose and manipulation of the data which is achieved by having high
computational resources depending on the need of the cloud service based on selfdemand, have been in scrutiny and it have arisen the fear of satisfactory privacy
provision, as data will not be effectively secured enough to quench the qualms of the
service utilizers.
This problem has awaken many viable solutions to curtail the existing problem.
Encryptions of data before sending it to the cloud for storage have been a good technique
adopted for several users of cloud service. Depending on cryptographic algorithms there
are two types of algorithms based on key distribution namely symmetric key and
asymmetric key cryptography. In the symmetric/convectional key cryptography the
sender and the recipient share a key which is known to the parties involved in the given
cryptosystem, both the sender and the receiver. They are further subdivided into stream
and block ciphers [16]. A stream cipher deals with bit by bit encryption while a block

ISSN: 1738-9984 IJSIA


Copyright 2015 SERSC

International Journal of Security and Its Applications


Vol. 9, No. 5 (2015)

cipher deals with group or specific fixed length bits of the data. Usually this kind of
cryptography algorithms is relatively fast because there is a less burden for the system to
evaluate the encrypted and decrypted content. Despite of the advantages it is still not
preferable to utilize them as most of the cryptanalysis has opted for use of asymmetric
key. Examples of such algorithms include RC4, 3DES, DES, AES, blowfish and so forth.
While asymmetric/Public-key cryptography involves the use of separate keys, which are
not the same for both sender and recipient, thus for this kind of key cryptography different
keys will be used for decryption and encryption contrary to the symmetric key algorithm.
Thus there arise a need to specify more keys in which a public key will be universally
known to all the parties confined in the crypto-system and a private/secret key will be
known only to a single user. This in turn helps to preserve confidentiality provided that
the cryptosystem used is less vulnerable to attacks. For asymmetric/public-key
cryptography a sender can encrypt with public key and the receiver can decrypt with
private key or a sender can encrypt with private key and receiver can decrypt with public
key. Several encryption techniques and methodology have been adopted but we will give
in a nutshell preview of the encryption techniques used. Proxy based re-encryption [2]
which was presented by Mambo and Okamoto [3] aimed at improving the traditional
cryptosystem. This allowed the proxies to transfer the decryption rights from source to
destination target, without giving out the private keys of the concerned parties. It can be
utilized for file system security and email for the purpose of spam filtering. Identity Based
Encryption, IBE [4] was a notion brought forward by Adi Shamir in 1984 and further
developed in 2001 arose the first operational IBE scheme [5]. IBE is a public key based
encryption in which a feasible public key can be whichever string; this was developed to
help in managing the certificates in electronic mailing system.
There are two profound types [15] of encryption based on the characteristics of
homomorphism, which are partially and fully homomorphic encryption. Partial
homomorphic encryption enables the user to perform only a limited single operation on
cipher text such as additive and multiplicative homomorphic operations at a time. And the
real life application of it is electronic voting [14]. Examples of partial homomorphic
schemes are El-Gamal and RSA which is unpadded. While full homomorphic encryption
enables several operations to be performed on encrypted data without knowing the secret
key, example of such schemes is DGHV scheme, Gentry full homomorphic scheme and
BGH [15] scheme.
Below we will give overview for homomorphic encryption in further details.
Thereafter we will describe DGHV [6] by van Dijk M., Gentry C., et al., and GEN10 [79] by Craig Gentry. Imagine the possibility of being able for a third party to work on data
and perform some simple computation on the data which is in encrypted format without
disclosing the data, this promotes privacy in turn, and that is in short homomorphic
encryption.
In homomorphic cryptosystem, both sets of all possible plaintexts and cipher texts are
groups such that for any and any two cipher texts c1 = e(m1), c2 = e(m2), the
following condition holds:
d(c1 c2) = m1 m2
(1.1)
d(c1 + c2) = m1 + m2
(1.2)
In which and + symbolizes the group operations in the given cipher texts, C and
messages, M respectively for multiplication and additional.
Homomorphic cryptosystem can be regarded as an arbitrary box in which an operation
can be done over two cipher texts and the result will be as follows:
d(e((m1)(e(m2)) = m1 m2
(1.3)
d(e(m1)(e(m2)) = m1 + m2
(1.4)
Where and denotes operations on cipher texts to obtain encrypted product or sum
respectively for the given two messages in the plaintext.

320

Copyright 2015 SERSC

International Journal of Security and Its Applications


Vol. 9, No. 5 (2015)

2. Existing System
2.1. DGHV Scheme
In this scheme the message, is a composition of bit such that {0, 1} and the
shared key, k is an integer which is positive and odd. p and q are random integers selected
in such a manner that in the given interval hold this relation, |2r |<k/2.
The plaintext messages during encryption can be attained by computational of the
following parameters
c = + kq + 2r
(2.1.1)
The crypto message during decryption can be obtained by evaluation of the following
(c mod p) mod 2 =
(2.1.2)
Observe the following properties for homomorphic operation possible in the DGHV
scheme [6, 9]
Consider ci = i+ qik + 2ri, for i=1 and 2 then
c1 = 1 + q1k +2r1
(2.1.3)
c2=2 + q2k + 2r2
(2.1..4)
The possible homomorphic operations are addition and product that is c1 + c2 and c1
c2 respectively.
Addition
c1 = 1 + q1k +2r1
(2.1.5)
c2 = 2 + q2k + 2r2
(2.1.6)
Thus c1 + c2 +kq +2r
Where
= 1+2, q = q1+q2 and r = r1+r2
Multiplication
c1 = 1 + q1k + 2r1
(2.1.7)
c2 = 2 + q2k + 2r2
(2.1.8)
Thus c1 c2 + kq + 2r
Where = 1 2, q = 1q2 + 2q1 + kq1q2 + 2q1r2 + 2r1q2 and, r = 1r2 +2r1 +4r1r2
The problem with this scheme, DGHV [11] is that after several manipulations for both
addition and multiplication operations are carried out, it causes escalation of noises
through which it will be hard to obtain the plaintext as the cipher text will tremendously
grow in size.
2.2. Gentry Scheme (GEN 10)
Craig Gentry in 2010 proposed this scheme, hence termed as GEN10 [9]. In this
scheme message, is a composition of N-bits such {0, 1}.
The ciphertext carries the following general format, c= kq + where; c depicts a
ciphertext, k assumes a shared key, q is a random integer with odd bits and m represent
plaintext message.
The decryption for the given ciphertext can be obtained by evaluation of c mod q
Upon assuming that c i = i + kq i for i=1 and 2 this follows that,
c1= 1 +kq1
(2.2.1)
c2= 2 +kq2
(2.2.2)
This scheme, GEN10 [7-10] have the following possible operations addition,
subtraction and multiplication which are c1 +c 2, c1 c2 and c1 c 2 respectively.
Addition
c1= 1 +kq1
(2.2.3)
c2= 2 +kq2
(2.2.4)
Thus c1 + c2 + kq
Where = 1+2 and, q = q1 + q2

Copyright 2015 SERSC

321

International Journal of Security and Its Applications


Vol. 9, No. 5 (2015)

Subtraction
c1 = 1 +kq1
c2 = 2 +kq2

(2.2.5)
(2.2.6)

Thus c1 - c2 + kq
Where = 1 2 and, q = q 1 - q2
Multiplication
c1= 1 +kq1
(2.2.7)
c2= 2 +kq2
(2.2.8)
Thus c1 c2 = + kq
Where = 12 and, q = 1q2 + 2q1
For the GEN10 [11] scheme to be utilized the noises should be negligible enough such
that the following relation should hold
|12 |<k/2.

(2.2.9)

Where assumes algebraic operations which are addition (+), subtraction (-) and
multiplication ().
2.3. SDC Scheme
This scheme, SDC [11] was derived by taking into consideration of the Gentrys
cryptosystem [6-10]. It helps in recovery of cipher text by modification of the cipher text
recovery algorithm. This enables to prevent exposing of the plaintext hence it is more
secure.
Key-generation (k): The key is a random k-bit odd integer k.
Encryption (k, m): The cipher text carries the following general format
C= m + k+ r * k* q,
(2.3.1)
Where r is a random number, q is a constant big integer, m is the plaintext message,
and c is the cipher text.
Consider the possible homomorphic operation for addition and multiplication that is c1
+ c2 and c1 c2 respectively.
Upon taking ci = mi + k+ ri * k* q for i=1 and i=2 thus
c1 = m1 + k+ r1 * k* q
c2 = m2 + k+ r2 * k* q
Addition
c1 + c2 + 2k + r*k*q,

(2.3.2)
(2.3.3)

(2.3.4)

where = m1 + m2 and, r= r1 + r2
Multiplication
c1 c2 = + k + z*k*q,
(2.3.5)
Where = m1 m2, k= (m1

+ m2 + k )k
z= r1(k+ m2 + r2) + r2(k+ m1)

(2.3.6)

Decryption: c mod k
Retrieval: C mod q where C is equal to the difference between ci and c index.
In order for a client to retrieve the message contents of a specific index that is m index,
then he delivers c index to the required server by using the encryption formula described

322

Copyright 2015 SERSC

International Journal of Security and Its Applications


Vol. 9, No. 5 (2015)

above and upon submitting the cipher text to the server, it computes C mod q if it is
equivalent to zero. Then retrieval for the given cipher text is successful attained.

3. Proposed System
As referred to the below Figure every single node, di in a cluster, C have its own public
key and private key. For all the available nodes d1, d2, .. di must have a session key
which is utilized for a particular instant of accessing the nodes in the cluster. When the
user uploads the file (plaintext, m1) into the cloud it will be encrypted using RSA which
makes use of the public key appended with session key to get the cipher text, c1,
Furthermore the plaintext m1 is encrypted by changing the parameters in public key and
appending it again with session key, in turn we will get another cipher text, c11. Thus
arithmetic operations based on homomorphic properties can be applied to both the cipher
texts c1 and c11 to obtain a new cipher text, say, . If a particular user want to download
the data which is encrypted he must have a private key through which will be used for
decryption.

Figure 1. A Cluster which Composes of Nodes Uploading and


Downloading of Data
Key Generation Step:
1. Generation of two random large prime numbers such that, the large prime
numbers p and q which are not be equal.
2. n = p * q
3. (n)=(r-1)(k-1)
4. Choosing of an integer, such that it will be within the following range 1<
<(n) and its GCD((n), ) = 1
5. Calculation of a secret d, for which (d * ) mod (n) = 1, Choosing of an integer,
such that it will be within the following range 1< <(n)
6. Appended Public key with session key, Papk and appended Private key with
session key, Pask can be obtained by { ,n} and {d,n} respectively.
Encryption:
encrypt (m, Papk)
The general format for the cipher text is C= m mod n
For both cipher texts c i and c ii , c i = mi mod n and c ii = mii mod n respectively
Decryption:
decrypt (, Pask)
Evaluate m = cd mod n
Evaluate:
Upon taking into account that RSA allows multiplicative homomorphic operation then
the following can be considered;

Copyright 2015 SERSC

323

International Journal of Security and Its Applications


Vol. 9, No. 5 (2015)

If we have two cipher texts ci and cii for cii = mi mod n and cii = mii mod n

c ic ii = = (mi mii) mod n which is multiplicative homomorphism thus upon


decrypting we will get the corresponding plaintext which is equivalent to multiplication of
the plaintexts.

4. Conclusion
Although there have been success in implementation of simple homomorphic
encryption full homomorphic encryption remains a great challenge to deploy and
implement it in the cloud. Provided that, fully homomorphic encryption will be given
much emphasis and then effectively utilized, cloud data will be much more secured from
encroachment as during the traditional methodology data was to be decrypted before
doing operations on it this made the data to be vulnerable for particular time instant before
decrypting it again. For, there is a need to adopt and implement a new security approach
to enhance security for cloud service. With regards to the properties of the homomorphic
encryption the possible operations that can be performed on the cipher texts can help to
guarantee security for the data submitted to cloud.

References
[1]
[2]

[3]

[4]

[5]
[6]
[7]
[8]
[9]
[10]

[11]

[12]

[13]
[14]
[15]

[16]

324

D. Chin, In Top 10 IT trends that will shape, vol. 2014, (2013).


A. Giuseppe, K. Fu, M. Green and S. Hohenberger, Improved proxy re-encryption schemes with
applications to secure distributed storage, ACM Transactions on Information and System Security
(TISSEC), vol. 9, no. 1, (2006), pp. 1-30.
M. Mambo and E. Okamoto, Proxy cryptosystems: Delegation of the power to decrypt cipher texts,
IEICE transactions on fundamentals of electronics, Communications and computer sciences, vol. 80, no.
1, (1997), pp. 54-63.
A. Boldyreva, V. Goyal and V. Kumar, Identity-based encryption with efficient revocation,
Proceedings of the 15th ACM conference on Computer and communications security, pp. 417-426.
ACM, (2008).
D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, SIAM Journal on
Computing, vol. 32, no. 3, (2003), pp. 586-615.
V. D. Marten, C. Gentry, S. Halevi and V. Vaikuntanathan, Fully homomorphic encryption over the
integers, Advances in cryptologyEUROCRYPT, Springer Berlin Heidelberg, (2010), pp. 24-43.
C. Gentry, Fully homomorphic encryption using ideal lattices, Proceedings of the 41st annual ACM
symposium on Theory of computing, ser. STOC '09. New York, NY, USA: ACM, (2009), pp. 169-178.
C. Gentry, A fully homomorphic encryption scheme, PhD diss., Stanford University, (2009).
C. Gentry, Computing arbitrary functions of encrypted data, Communications of the ACM, vol. 53, no.
3, pp. 97-105.
J.-S. Coron, A. Mandal, D. Naccache and M. Tibouchi, Fully homomorphic encryption over the
integers with shorter public keys, Advances in CryptologyCRYPTO, Springer Berlin Heidelberg,
(2011), pp. 487-504.
J. Li, S. Danjie, S. Chen and X. Lu, A simple fully homomorphic encryption scheme available in cloud
computing, IEEE 2nd International Conference on Cloud Computing and Intelligent Systems (CCIS),
vol. 1, (2012), pp. 214-217.
J.-S. Coron, D. Naccache and M. Tibouchi, Public key compression and modulus switching for fully
homomorphic encryption over the integers, Advances in CryptologyEUROCRYPT 2012, Springer
Berlin Heidelberg, pp. 446-464.
Somee.com https://somee.com/VirtualServer.aspx.
A. Huszti, A homomorphic encryption-based secure electronic voting scheme, Publ. Math. Debrecen
vol. 79, (2011), pp. 3-4.
J. M. Shah and H. kothadiya, A Survey on Homomorphic Encryption Techniques in Cloud Computing,
International Journal of Advanced Engineering and Research Development, vol. 2, Issue 2, (2015)
February, pp. 234-242.
P. Garg and J. S. Dilawari, A Review Paper on Cryptography and Significance of Key Length,
International Journal of Computer Science and Communication Engineering IJCSCE Special issue on
Emerging Trends in Engineering ICETIE, (2012), pp. 88-91.

Copyright 2015 SERSC

You might also like