See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/301324486

Applying Encryption Algorithm for Data Security in Cloud Storage

Chapter · January 2016

DOI: 10.1007/978-981-287-990-5_12

CITATIONS READS

2 1,551

7 authors, including:

Zaid Kartit Ali Azougaghe

Mohammed V University of Rabat Ecole Nationale Supérieure d'Informatique et d'Analyse des Systèmes
14 PUBLICATIONS   38 CITATIONS    7 PUBLICATIONS   14 CITATIONS   

SEE PROFILE SEE PROFILE

Mohamed El marraki Hedabou Mustapha

Mohammed V University of Rabat ENSA de Safi
97 PUBLICATIONS   287 CITATIONS    14 PUBLICATIONS   15 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Channel Decoding using cGA View project

IDS in cloud computing View project

All content following this page was uploaded by Zaid Kartit on 27 November 2017.

The user has requested enhancement of the downloaded file.

 Applying Encryption Algorithm for Data Security in
Cloud Storage

1,*
Zaid KARTIT , Ali AZOUGAGHE2, H.KAMAL IDRISSI1,
M.EL MARRAKI1, M.Hedabou, M.BELKASMI2, A.KARTIT3
1
LRIT, Mohammed V University, Faculty of Sciences Rabat, Morocco
[email protected]
2
SIME, Mohammed V University, ENSIAS Rabat, Morocco
[email protected]
3
LTI, University Chouaib Doukkali, ENSA, El jadida, Morocco

Abstract. This paper proposes a simple, secure, and privacy-preserving archi-

tecture for inter-Cloud data sharing based on an encryption/decryption algo-
rithm which aims to protect the data stored in the cloud from the unauthorized
access.

Keywords: Cloud Storage, Data security, cryptography, RSA, AES

1 Introduction

Cloud computing is the concept implemented to remedy the Daily Computing Prob-
lems. Cloud computing is basically virtual pool of resources and it provides these
resources to users via internet. It provides IT services as on-demand services, accessi-
ble from anywhere, anytime and by authorized user. It offers a range of services for
end users; among which there's Storage as a service. Storage as a service (STaaS) is a
Cloud business model in which a service provider rents space in its storage infrastruc-
ture to individuals or companies. The data stored in the cloud can be sensitive to the
business. The problematic is that these data are likely to be exploited by the provider
or other unauthorized persons. Currently, most of cloud storage users protect their
data with SLAs contracts and are based on the trust and reputation of the provider.
This weakness has motivated us to think about solutions that enable users to secure
their data to prevent malicious use.
In recent years, STaaS in Cloud gained popularity among both companies and private
users [1]. It allows the end-user to take advantage of the maximum computing capa-
bility with minimum hardware requirement. However, data privacy, security, reliabil-
ity and interoperability issues still have to be adequately solved. But the most im-
portant problem is security and how cloud provider assures it. Data security in cloud
storage is a major obstacle limiting its spread. There are various opinions on the secu-
rity of cloud computing with pros and cons [2].
1
Our contribution aims to provide a solution that ensures the storage of data securely in
the cloud. The data must be encrypted before sending them to the cloud. We used the
symmetric encryption algorithm AES in order to benefit from its advantages in terms
of robustness and speed. The AES key will be encrypted by the asymmetric encryp-
tion algorithm RSA and will be stored in a private server away of the cloud. The in-
tegrity and confidentiality of the data is ensured by providing access to the data only
on successful authentications (authentication in cloud and authentication in private
server). The authorized user can also download the file and read it on the system. This
hybrid model that we have proposed allows to secure the data and to enhance the
resistance to attacks.
This document is organized as follows: The first section gives a comprehensive defi-
nition and the characteristics of cloud computing. The second section describes layers
and their technologies related to this concept. The third section describes the different
types of cloud computing and their characteristics. The fourth section describes our
model proposed of securing data in cloud storage algorithm for encryption/decryption
for outsourcing data in cloud storage and then the general conclusion.

2 About Cloud Computing

2.1 Definition
Cloud Computing is an important concept in computer development in recent years.
This concept refers to the use of computing capacity and storage of computers and
servers in the world over the Internet. Cloud services allow individuals and businesses
to use software and hardware that are managed by third parties at remote locations.
Examples of cloud services include online file storage, social networking sites, web-
mail, and online business applications. Cloud computing provides a shared pool of
resources, including data storage space, networks, computer processing power, and
specialized corporate and user applications.

2.2 Essential Characteristics

Cloud model promotes availability and is composed of five essential characteris-
tics[4]:
 On-demand self-service: A consumer can unilaterally provision computing
capabilities, such as email, applications, and network or server service, as
needed automatically without requiring human interaction with each service
provider.
 Broad network access: Capabilities are available over the network and ac-
cessed through standard mechanisms that promote use by heterogeneous thin
or thick client platforms (e.g., mobile phones, tablets, laptops, and work-
stations).
2
  Resource pooling: The provider’s computing resources are pooled to serve
multiple consumers using a multi-tenant model, with different physical and
virtual resources dynamically assigned and reassigned according to consum-
er demand. Examples of resources include storage, processing, memory, and
network bandwidth.
 Elasticity: Capabilities can be elastically provisioned and released, in some
cases automatically, to scale rapidly outward and inward commensurate with
demand.
 Measured service: Cloud systems automatically control and optimize re-
source use by leveraging a metering capability at some level of abstraction
appropriate to the type of service (e.g., storage, processing, bandwidth, and
active user accounts). Resource usage can be monitored, controlled, and re-
ported, providing transparency for both the provider and consumer of the uti-
lized service.

3 Layers of cloud computing

There are different layers of cloud services that refer to different types of service
model (fig 1), each offering discrete capabilities. Apart from management and admin-
istration, the major layers are[2]:

3.1 Infrastructure as a Service (IaaS)

Infrastructure as a service delivers computing resources as a service, servers, network
devices, and storage disks are made available to organizations as services on a need-to
basis.
Virtualization, allows IaaS providers to offer almost unlimited instances of servers to
clients, while making cost-effective use of the hosting hardware. Companies can use
IaaS to build new versions of applications or environments without having to invest in
physical IT assets. Some cloud solutions also rely solely on this layer like the Ama-
zon’s product EC2, Amazon S3.

3.2 Platform as a Service (PaaS)

This layer provides a platform for creating applications. PaaS solutions are essentially
development platforms for which the development tool itself is hosted in the Cloud
and accessed through internet. With PaaS, developers can build Web applications
without installing any tools on their computers and then deploy those applications
without any specialized systems administration skills.
Examples include Google App Engine, Force.com and Microsoft Azure.

3
3.3 Software as a Service (SaaS)
This layer includes applications that run off the Cloud and are available on demand to
Web and paid for on a per-use basis, anytime-anywhere basis. There is no need to
install and run the special software on your computer if you use the SaaS. A more
efficient form is fine grained multi-tenancy [5].
The concept of SaaS is attractive and some software runs well as cloud computing,
but the delay of network is fatal to real time or half real time applications such as 3D
online game [6].
Examples include online word processing and spreadsheet tools, customer relation-
ship management (CRM) services and web content delivery services (Salesforce
CRM, Google Docs, etc.)
These three are the main layers, although there can also be other forms of service
provided, such as business process as a service, data as a service, security as a service,
storage as a service (object of our paper), etc.

4 Cloud deployments models

4.1 Private cloud

Private cloud is a new term that some vendors have recently used to describe offer-
ings that emulate cloud computing on private networks. It is set up within an organi-
zation’s internal enterprise datacenter. In the private cloud, scalable resources and
virtual applications provided by the cloud vendor are pooled together and available
for cloud users to share and use. Only the organization and designated stakeholders
may have access to operate on a specific Private cloud [7].

4.2 Public cloud

A public cloud is a model which allows users access to the services and infrastructure
and are provided off-site over the Internet [8]. It’s typically based on a pay-per-use
model, similar to a prepaid electricity metering system which is flexible enough to
cater for spikes in demand for cloud optimization. Public clouds are managed by third
parties or vendors over the Internet. Public clouds are less secure than the other cloud
models because it places an additional burden of ensuring all applications and data
accessed on the public cloud are not subjected to malicious attacks. However, security
and governance issues must be well planned and ample security controls was put in
place.

4
4.3 Hybrid cloud
A new concept combining resources from both internal and external providers will
become the most popular choice for enterprises. A hybrid cloud is a combination of
public and private cloud models that tries to address the limitations of each approach.
In a hybrid cloud, part of the service infrastructure runs in private clouds while the
remaining part runs in public clouds. Hybrid clouds offer more flexibility than both
public and private clouds. Specifically, they provide tighter control and security over
application data compared to public clouds, while still facilitating on-demand service
expansion and contraction. On the down side, designing a hybrid cloud requires care-
fully determining the best split between public and private cloud components [9].

4.4 Community cloud

This model is rarely offered; the infrastructure is shared by several organizations for a
shared cause and may be managed internally or a third party service provider. It
brings together, in general, the structures with same interest (mostly security) and
may even be in the same field of activity

Fig. 1: Cloud computing map [10]

5
5 Security

Security in cloud computing involves concepts such as network security, equipment

and control strategies deployed to protect data, applications and infrastructure associ-
ated with cloud computing. An important aspect of cloud is the notion of interconnec-
tion with various materials which makes it difficult and necessary securing these envi-
ronments. Security issues in a cloud platform can lead to economic loss, also a bad
reputation if the platform is oriented large public and are the cause behind the massive
adoption of this new solution. The data stored in the cloud for customers represents
vital information. This is why the infringement of such data by an unauthorized third
party is unacceptable. There are two ways to attack data in Cloud. One is outsider
attack and the other is insider attack. The insider is an administrator who can have the
possibility to hack the user’s data. The insider attack is very difficult to be identified.
So the users should be very careful while storing their data in cloud storage. Hence,
the need to think of methods that impede the use of data even though the data is ac-
cessed by the third party, he shouldn’t get the actual data. So, all the data must be
encrypted before it is transmitted to the cloud storage [11].
Security allows the confidentiality, integrity, authenticity and availability of infor-
mation. The development of technologies and their standardization makes available a
set of algorithms and protocols for responding to these issues.

5.1 Asymmetric encryption

Asymmetric cryptography is a class of cryptographic algorithms which requires two
separate keys, one of which is secret (or private) and one of which is public. Although
different, the two parts of this key pair are mathematically linked. The public key is
used to encrypt plaintext or to verify a digital signature; whereas the private key is
used to decrypt cipher text or to create a digital signature. In our paper we used RSA
algorithm through its robustness.
 RSA Algorithm
The most common Public Key algorithm is RSA, named for its inventors Rivest,
Shamir, and Adelman of MIT. RSA is basically an asymmetric encryption/decryption
algorithm. Public key distributed to all through which one can encrypt the message
and private key which is used for decryption is kept secret and is not shared to every-
one. It based on exponentiation in a finite field over integers modulo a prime numbers.
RSA uses Euler's Theorem: 𝑎∅(𝑛) mod(n) = 1 where gcd(a,n)=1 in RSA we have to initial-
ly calculate n=p.q such that ∅(𝑛)=(p-1)(q-1) one has to carefully chose e and d to be in-
verses mod ø(n).
To encrypt a message M we have to obtain public key of recipient Pu={𝑛, 𝑒} to calculate
the cipher: C=𝑀𝑒 mod(n), where 0≤M<n. It is important that the message M must be
smaller than the modulus n. Similarly for decryption the recipient uses their private key
Pr={𝑛, 𝑑} and computes: M=𝐶 𝑑 mod(n).
6
 Fig. 2: RSA decryption time by key length

5.2 SYMMETRIC ENCRYPTION

Symmetric-key algorithms are a class of algorithms for cryptography that use the
same cryptographic keys for both encryption of plaintext and decryption of cipher
text. The keys may be identical or there may be a simple transformation to go be-
tween the two keys. The keys, in practice, represent a shared secret between two or
more parties that can be used to maintain a private information link. This requirement
that both parties have access to the secret key is one of the main drawbacks of sym-
metric key encryption, in comparison to public-key encryption.
 AES Algorithm
AES is a variant of Rijndael which has a fixed block size of 128 bits, and a key size of
128, 192, or 256 bits. The key size used for an AES cipher specifies the number of
repetitions of transformations rounds. The number of cycles of repetition is as follows
(see fig 2):
 10 cycles of repetition for 128-bit keys.
 12 cycles of repetition for 192-bit keys.
 14 cycles of repetition for 256-bit keys.
7
 Fig. 3: Illustration of the AES Algorithm

The advantages of AES are many. AES is not susceptible to any attack but Brute Force
attack. However, Brute Force attack is not an easy job even for a super computer. This
is because the encryption key size used by AES algorithm is of the order 128, 192 or
256 bits which results in billions of permutations and combinations. High speed [12]
(see fig 4) and low RAM requirements were criteria of the AES selection process.
Thus AES performs well on a wide variety of hardware; from 8-bit smart cards to
high-performance computers. AES is also much faster than the traditional algorithms;
therefore in our work AES is adopted [15]. Recently Compact AES S-box is developed
to be more efficient [16].

8
 Fig 4: AES speed at 128, 192 and 256-bit key sizes [12]

5.3 Related work

Security storage in cloud computing has been the object of several researches. In [13],
they have addressed the security issues associated in cloud data storage and have ex-
plored many of them. Whenever a data vulnerability is perceived during the storage
process, a precision verification across the distributed servers are ensured by simulta-
neous identification of the misbehaving nodes through analysis in term of security
malfunctioning. It is proved that their scheme is effective to handle certain failures,
malicious data modification attack, and even server colluding attacks.
In [12], the proposed technique emphasizes classical encryption techniques by integrat-
ing substitution cipher and transposition cipher. Both substitution and transposition
techniques have used alphabet for cipher text.
In [14], it suggests the SPKS scheme for cloud storage services to allow users to effi-
ciently access files containing certain keywords in a cloud anytime and anywhere using
any device.

9
6 Proposed algorithm

The above problems motivate us to provide a correct, safe and efficient algorithm for
securing data saved in cloud storage. This algorithm suggests the encryption of the
files to be uploaded on the cloud. The integrity and confidentiality of the data uploaded
by the user is ensured doubly by not only encrypting it but also providing access to the
data only on successful authentication. The existed file on the device will be encrypted
using AES algorithm. To enhance security; AES key will be encrypted using RSA
algorithm and will be stored in intern server. The authorized user can also download
any of the uploaded encrypted files and read it on the system (see Fig 4).

Encrypt with
AES Algorithm
4
Cipher text
1 Host 1
Clair text

2
Encrypt AES key
with RSA Algorithm
Data owner
5 3

Access control
veerr policies
sseerrv
cloud
9 8
DB
DB
Decrypt AES key
with RSA Algorithm
6
Users
10 Host 2
Clair text
Cipher text
7

Decrypt Cipher text

with AES key : Authentication

Fig. 5: Proposed model of data storage in cloud computing

6.1 File Upload

This algorithm got two phases. In the first phase, the algorithm encrypts Clair text
with AES Algorithm. In the second phase, we encrypt AES key using RSA-1024
algorithm.
Our algorithm uses a set of the following functions:

10
NumberOfBlock(F) : It returns the number of block in the file F.
ENC_AES (B,K) : It encrypts the block B using AES Algorithm with key K.
send_to_cloud(F’) : It permits to send the encrypted file F in Cloud storage
ENC_RSA(k) : It encrypts k using RSA Algorithm.
Save_in_server(K’) : It permits to save K’ in the server

Algorithm 1.0: FILE_UPLOAD

1. Encrypt_file (F) {
2. /* algorithm to encrypt file onto cloud storage */
3. /* to transform Clair text in file F into Cipher text in file F’ */
4.
5. /* Phase 1: Encrypt Clair text with AES Algorithm 6. */
7. For B←1 to numberOfBlock(F) do
8. {
9. B’=ENC_AES(B,K)
10. }
11. send_to_cloud(F’)
12. /* Phase 2: Encrypt AES key with RSA Algorithm */
13. For k←1 to SizeOf(K) do
14. {
15. k’=ENC_RSA(k)
16. }.
17. Save_in_server(K’)
18. }.

6.2 File Download

This algorithm got also two phases. In the first phase, the algorithm decrypts AES key
using RSA Algorithm. In the second phase, it decrypts cipher text using AES key
retrieved from the server.
Our algorithm uses a set of the following functions:

NumberOfBlock(F) : It returns the number of block in the file F.

DEC_RSA(k’) : It decrypts k’ using RSA Algorithm.
DEC_AES(B’,K) : It decrypts the block B’ using AES Algorithm with key K.

Algorithm 1.0: FILE_DOWNLOAD

1. Decrypt_file (F’) {
2. /* algorithm to decrypt file downloaded from cloud storage */
3. /* to transform Cipher text in file F’ into Clair text in file F */
4.
5. /* Phase 1: Decrypt AES Key with RSA Algorithm */
11
 6.
7. For k’←1 to SizeOf(K’) do
8. {
9. k=DEC_RSA(k’)
10. }
11. return(K)
12.
13. /* Phase 2: Decrypt Cipher text with AES Algorithm */
14. For B’←1 to numberOfBlock(F’) do
15. {
16. B=DEC_AES(B’,K)
17. }.
18. return(F)
19. }.

6.3 Implement results and analysis

The implementation of results in this section highlights the time of execution in up-
load and in download of files with different sizes. Our application is developed in
java7. The result obtained is in Fig 6 using a PC hp Compaq dc 5800 with the follow-
ing specifications: Intel (R) Core (TM) 2 Duo CPU E6550 @ 2.33GHz (2 CPUs),
with 3072MB of RAM. The download time is greater than the upload time. This is
explained by the addition of key recovery time on server.

12
 Fig. 6: Execution Time for Encryption and decryption

Our algorithm has the following advantages and strengths:

 The data sent to cloud is encrypted from the source machine to the destina-
tion machine and the decryption key does not exist in the cloud.
 AES algorithm used is a safe, fast symmetric algorithm and is one of the
most secure encryption algorithms. It has not been broken to date. It means
that our algorithm is fast in both directions: upload and download.
 Ability to change the symmetric key frequently to enhance security.
 The AES key used for encryption of the data is encrypted by RSA-1024 al-
gorithm robust and has never been broken.
 The decryption of data requires double authentication. The user must have
access rights to the company's server and cloud storage.

7 Conclusion and future work

Although Cloud storage has many advantages, there are still many actual problems
concerning security that need to be solved. If we can eliminate or master this weak-
ness of security, the future is going to be Cloud storage solutions for large as well as
small companies. In this paper, we have suggested a solution that allows storage of
data in an open cloud. Data security is provided by implementing our algorithm. Only
the authorized user can access the data. Even if an intruder (unauthorized user) gets
the data accidentally or intentionally, he can’t decrypt it and needs two keys coming
13
 from two different locations. As perspectives, we will focus on several possible direc-
tions in this area, especially in the homomorphic encryption

References

1. KOLODNER, Elliot K., TAL, Sivan, KYRIAZIS, Dimosthenis, et al. A cloud environment for data-
intensive storage services. In : Cloud Computing Technology and Science (CloudCom), 2011 IEEE
Third International Conference on. IEEE, 2011. p. 357-366.
2. P. Arora, R. C. Wadhawan, and E. S. P. Ahuja, « Cloud Computing Security Issues in Infrastructure as
a Service », Int. J. Adv. Res. Comput. Sci. Softw. Eng., vol. 2, no 1, 2012.
3. M. D. K. Kumar, G. V. Rao, and G. S. Rao, « Cloud Computing: An Analysis of Its Challenges &
Cloud Computing: An Analysis of Its Challenges & Security Issues ».
4. N. Mehta and V. K. Gupta, « A Survey on Use of SaaS of Cloud in Education ». International Confer-
ence on Cloud, Big Data and Trust 2013
5. Chunye Gong, Jie Liu, Qiang Zhang, Haitao Chen and Zhenghu Gong «The Characteristics of Cloud
Computing» 39th International Conference on Parallel Processing Workshops 2010
6. BEZEMER, C.-P., ZAIDMAN, Andy, PLATZBEECKER, Bart, et al. Enabling multi-tenancy: An
industrial experience report. In : Software Maintenance (ICSM), 2010 IEEE International Conference
on. IEEE, 2010. p. 1-8.
7. H. KAMAL IDRISSI, A. KARTIT, M. EL MARRAKI «FOREMOST SECURITY
APPREHENSIONS IN CLOUD COMPUTING » Journal of Theoretical and Applied Information
Technology 31 st January 2014. Vol. 59 No.3
8. Kuyoro S. O, Ibikunle F. & Awodele O « Cloud Computing Security Issues and Challenges » Interna-
tional Journal of Computer Networks (IJCN), Volume (3) : Issue (5) : 2011
9. Chunye Gong, Jie Liu, Qiang Zhang, Haitao Chen and Zhenghu Gongng « The Characteristics of
Cloud Computing » 2010 39th International Conference on Parallel Processing Workshopse Brazilian
Computer Society 2010
10. A Platform Computing Whitepaper. ―Enterprise Cloud Computing:
Transforming IT. Platform Computing, pp6, 2010
11. L. Arockiam, S. Monikandan « Data Security and Privacy in Cloud Storage using Hybrid Symmetric
Encryption Algorithm » International Journal of Advanced Research in Computer and Communication
Engineering Vol. 2, Issue 8, August 2013
12. http://en.wikipedia.org/wiki/AES_implementations
13. Cong Wang, Qian Wang and Kui Ren,”Ensuring Data Storage Security in Cloud computing”978-1-
4244 -3876-1/2009 IEEE
14. LIU, Qin, WANG, Guojun, et WU, Jie. Secure and privacy preserving keyword searching for cloud
storage services. Journal of network and computer applications, 2012, vol. 35, no 3, p. 927-933.
15. NAGENDRA, M. et SEKHAR, M. Chandra. Performance Improvement of Advanced Encryption
Algorithm using Parallel Imputation. International Journal of Software Engineering and Its Applica-
tions, 2014, vol. 8, no 2, p. 287-296.
16. ZHANG, Xiaoqiang, WU, Ning, YAN, Gaizhen, et al. Hardware Implementation of Compact AES S-
box. IAENG International Journal of Computer Science, 2015, vol. 42, no 2.

14

View publication stats