PANCDS-2v1 2

Download as pdf or txt
Download as pdf or txt
You are on page 1of 5

International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056

Volume: 04 Issue: 09 | Sep -2017 www.irjet.net p-ISSN: 2395-0072

Cloud Data Security Using Elliptic Curve Cryptography

Arockia Panimalar.S 1, Dharani.N2, Pavithra.S3, Aiswarya.R4

1 Assistant Professor, Department of BCA & M.Sc SS, Sri Krishna Arts and Science College, Coimbatore, India
2,3,4 III
BCA, Department of BCA & M.Sc SS, Sri Krishna Arts and Science College, Coimbatore, India
---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract - Data security is, protecting data from ill- customers are still unwilling to place their business in the
conceived get to, utilize, introduction, intrusion, change, cloud. One of the real concerns which lessens the
examination, recording or destruction. Cloud computing is a development of Cloud computing is security and impediment
sort of Internet-based computing that grants conjoint PC with data security and information protection keep on
handling resources and information to PCs what's more, infecting the market. Cloud information storage augments
different gadgets according to necessity. It is a model that the danger of data spillage and ill-conceived get to. The
empowers universal, on-request access to a mutual pool of architecture of cloud poses certain dangers to the security of
configurable computing resources. At present, security has the existing technologies when deployed in a cloud
been viewed as one of the best issues in the improvement of environment. Cloud service users need to be alert in
Cloud Computing. The key issue in effective execution of Cloud interpreting the risks of data intrusion in this new
Computing is to adequately deal with the security in the cloud environment.[1] The security concerns with respect to cloud
applications. This paper talks about the part of cryptography computing are end-user data security, network traffic, file
in cloud computing to improve the data security. The systems and host machine security which can be addressed
expectation here is to get bits of knowledge another security with the help of cryptography to a considerable level.
approach with the usage of cryptography to secure “Security and privacy are indeed interrelated because the
information at cloud data centers. security is provided without having privacy but the privacy
is not maintained without security. “[2]
Key Words: Cloud Computing, Elliptical Curve
Cryptography, Cryptography What is Cryptography?

Cryptography is the art and science of assuring security by


1. INTRODUCTION
converting information messages into non- readable ones.
The original message also referred to as plain text message is
Cloud computing provides a new way of services by
in simple English language that can be interpreted by
organizing various resources and providing them to users
everyone.
based on their demands. It also plays a crucial role in the
next generation mobile networks and services (5G) and
The encrypted message, obtained by applying cryptographic
Cyber-Physical and Social Computing (CPSC). Cloud
techniques to the plain text, is called as cipher text message.
computing and capacity arrangements give clients and
There are three types of cryptographic techniques:
ventures different qualities to store and process their
information in third-party data centers that might be
1) Symmetric Key Cryptography
arranged a long way from the user running in remove from
2) Asymmetric key cryptography
over a city to over the world. Cloud computing counts on
3) Hash Function Cryptography
sharing of resources to attain endurance and economy of
scale, similar to a utility (like the electricity grid) over an
electricity network. Storing data in the cloud greatly 2. LITERATURE SURVEY
decreases storage load of users and brings them access
1. Wang, L., Tao, J., & Kunze, M. in their research paper
comfort, thus it has become one of the most important cloud
services. Possibilities guarantee that, cloud computing “Scientific cloud computing: Early definition and experience”
enables organizations to keep away from forthright says that, Computing clouds equips users with services to
infrastructure costs (e.g. purchasing servers). Likewise, it access hardware, software, and data resource. Some clouds
engages associations to focus on their core businesses service models are:
instead of investing energy and supports on computer
infrastructure. Cloud computing enables undertakings to get i) HaaS: Hardware as a Service
their applications up and running speedier, with enhanced
sensibility and less maintenance. Be that as it may, concerns Hardware as a Service was proposed possibly at 2006. As an
are starting to create about how safe Cloud is? as more data outgrowth of rapid advances in hardware virtualization, IT
on people and organizations are being put in the cloud. automation and usage metering and pricing, users could buy
Disregards to all the hype surrounding the cloud, enterprise IT hardware - or even an entire data center/computer center

© 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 32
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 04 Issue: 09 | Sep -2017 www.irjet.net p-ISSN: 2395-0072

- as a pay-as-you-go subscription service. The HaaS could be 3. CLOUD COMPUTING ENVIRONMENT


flexible, scalable and manageable to meet your needs.
A) History and Definition
ii) SaaS: Software as a Service
Cloud computing bursts as a hot topic from the late of 2007
Software or application is hosted as a service and provided due to its capabilities of rendering elastic propelling IT
to customers across the Internet, which excludes the infrastructures, QoS assured computing environments and
requirement to install and run the application on the configurable software services [3]. The Cloud Computing
customer’s local computer. SaaS therefore amends the provides computing over the internet and this word is
customer’s headache of software maintenance, and basically inspired by the weather cloud. In cloud, data is
decreases the expense of software purchases by on demand stored at remote location and is available on demand. It
pricing. allows clients to use application software without installing
the file at any computer locally, with internet connectivity.
iii) DaaS: Data as a Service By data outsourcing user can obtain the required
information from anywhere more efficiently and has no
Data in various formats, from various sources, could be headache of storage space and can skip the extra expenses
accessed via services to users on the network. Clients could, on software, hardware, and information resources and data
for instance, control remote information simply like work on maintenance [2].
local disk or access data semantically on the Internet.
2. Er. Sharanjit Singh and Er. Rasneet Kaur Chauhan,
B) Current Cloud Projects
“Introduction to CryptoCloud in Cloud Computing“proposes
Cryptographic Algorithms as:
Currently numerous projects from industry and academia
1) Data Encryption Standards (DES) have been proposed, for example, RESERVOIR project [4] -
2) Advanced Encryption Standards (AES) IBM and European Union joint research initiative for Cloud
3) Triple – DES computing, Amazon Elastic Compute Cloud [5], IBM’s Blue
4) RSA Cloud[6], scientific Cloud projects such as Nimbus [7] and
5) Blowfish Stratus[8], OpenNEbula [9].
These algorithms can be applied successfully in cloud
environment. C) Classification of Clouds

3. Nelson Gonzalez, Charles Miers, Fernando Redígolo, Clouds may be classified broadly as:
Tereza Carvalho, Marcos Simplicio, Mats Näslundy and
Makan Pourzandi in their research paper, “An quantitative i) Public Cloud: hosted, operated and managed by third
analysis of current security concerns and solutions for cloud party vendor from one or more data centers.
computing” says that aiming to organize the information ii) Private Cloud: managed or owned by an organization,
related to cloud security have identify the main problems in providing services within an organization.
the area and grouped them into a model composed of eight iii) Hybrid Cloud: comprised both the private and public
categories: Compliance, Trust, Architecture, Identity and cloud models where organization might run non - core
Access, availability, incident response, data protection and application in a public cloud, while maintaining core
governance. applications and sensitive data in- house in a private cloud.

D) Features of Cloud Computing

i) Resource Pooling and Elasticity

In cloud computing, resources are pooled to serve a large


number of customers. Cloud computing utilizes multi-tenure
where distinctive resources are progressively allotted and
de-assigned by request. From the client's end, it is unrealistic
to know where the resource really resides. The resource
allocation ought to be flexible, as in it should change suitably
and rapidly with the demand. In the event that on a specific
day the request expands a few times, at that point the system
ought to be sufficiently versatile to meet that extra require,
Fig.1: Security Problems in Cloud Computing Environment and should come back to the normal level when the demand
diminishes.

© 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 33
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 04 Issue: 09 | Sep -2017 www.irjet.net p-ISSN: 2395-0072

ii) Self and On-Demand Service i) Cloud Consumer: One who uses a cloud provider's
resources, from a company to an individual.
Cloud computing depends on self-service and on-demand ii) Cloud Auditor: The goal of Cloud Audit is to provide
service models. It ought to enable the client to collaborate cloud service providers with a way to make their
with the cloud to perform assignments like building, performance and security data readily available for potential
deploying, managing, and scheduling. The client ought to customers.
have the capacity to get to figuring abilities as and when they iii) Cloud Broker: the Service brokers concentrate on the
are required and with no association from the cloud service negotiation of the relationships between consumers and
provider. This would help clients to be in control, getting providers. There are two major roles for brokers: SLA
deftness their work, and to settle on better choices on the Negotiation and VM Monitor. The SLA Manager takes care
present and future needs. that no Service Level Agreement (SLA) is violated and VM
Monitor the current stated of virtual machines periodically
iii) Broad Network Access at specific amount of time[2].
iv) Cloud Provider: The Company who makes the cloud
Capabilities are accessible over the network and got to available to others. They are in charge of maintenance/
through standard mechanisms that advance use by upkeep of the cloud and, of course, making sure it is always
heterogeneous thin or thick client stages (e.g., cell phones, available to the cloud user.
tablets, portable PCs and workstations).
4. ROLE OF CRYPTOGRAPHY IN CLOUD COMPUTING
iv) Measured Services
A) Introduction to Cryptography
Cloud systems consequently control what's more, upgrade
resource use by utilizing a metering ability at some level of Cryptography is the technique widely used in computer
reflection proper to the type of service (e.g. storage capacity, networks to provide security to the data and messages
processing, transmission capacity and active client communicated over the network. The plain text message
accounts). Resource utilization can be monitored, controlled being sent from sender is encrypted in to a special format
and reported, giving straightforwardness to the provider and called as “Cipher Text” by applying some cryptographic
consumer. algorithm and then communicated over the network. At the
receiver’s end, the Cipher text message is decrypted in the
v) Rapid Flexibility original plain text again by applying some decryption
algorithm. Thus only the sender & receiver of the
Capabilities can be flexibly provisioned and discharged, now communication can read the encoded message and no one
and again naturally, proportional quickly outward and else. Cryptography is used for addressing the network
internal proportionate with demand. To the customer, the security problems.
capacities accessible for provisioning regularly have all the
earmarks of being boundless and can be appropriated in any i. Data Integrity: Information has value only if it is correct,
quantity whenever. this refers to maintaining and assuring the accuracy and
consistency of data, its implementation for computer
E) Cloud Computing Entities systems that store use data, processes, or retrieve that data.
ii.Authentication: Determining whom we are talking to
Figure shows the cloud computing entities: before revealing the sensitive information or entering into a
business deal.
iii. Non Repudiation: Deals with signatures and is the
assurance that a party, contract or someone cannot deny the
authenticity of their signature and sending a message that
they originated.
iv. Secrecy: Keeping information out of the hands of
unauthorized users, relates to loss of privacy, identity theft.

B. Cryptographic Model

The following figure helps to understand the basic idea of


cryptography.
Fig: Cloud Computing Entities

© 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 34
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 04 Issue: 09 | Sep -2017 www.irjet.net p-ISSN: 2395-0072

ii) Guaranteeing Secure Data Transfer


In a Cloud environment, the physical location and reach are
out of control of the end user, where the resources are
hosted.
iii) Ensuring Secure Interface
In the unsecure internet environment the integrity of
information during transfer, storage and retrieval needs to
be ensured.
iv) Security of Stored Data
The issue of controlling the encryption and decryption by
either the end user or the Cloud Service provider is still
doubtful.
v) User Access Control
Web data logs are needed to be provided to compliance
Fig: Cryptographic Model auditors and security managers for web based transactions
(PCI DSS).
i) Plaintext is the original source information or data that is
input to algorithms. In the referenced research work, a security framework has
ii) Cipher text is the scrambled message output as random been proposed for cloud computing to assure confidentiality,
stream of unintelligible data. integrity and authentication criteria using symmetric and
iii) Encryption Algorithm substitutes and performs asymmetric cryptographic algorithms. But there are still
permutations on plain text to cipher text. some problem areas observed in this work listed as
iv) Decryption Algorithm is encryption run in reverse by follows[10]:
taking the secret key and transforming the cipher text to
produce the original plain text. ->No any strong valid authentication scheme had been
v)Keys are used as input for encryption or decryption and proposed or implemented yet.
determines the transformation. ->Security criteria of Server storage had not been considered
vi) Sender and Recipient are persons who are in case of client-server interaction.
communicating and sharing the plaintext. ->The proposed framework is Weak and less secure (as
concatenations tends to be more vulnerable to brute-force
attacks).
C) Classification of Security Algorithms
-> Security factors which are Randomness related, had been
completely neglected.
i) Private Key/ Symmetric Algorithms: These algorithms
->This framework is not completely suitable for highly
use a single secret key that is known to the sender and
confidential data (related to banking, defense and other
receiver.
brokerage related applications).
E.g. RC6, AES, 3DES, IDEA, Blowfish.
ii) Public Key/ Asymmetric Algorithms: Use a key pair for
cryptographic process, with public key for encryption and 5. Elliptical Curve Cryptography in Cloud
private key for decryption Computing
E.g. RSA, Diffie Hellman
Elliptic Curve Cryptography (ECC) is effectively used as a
D) Security Issues that arise in the Cloud touch of preparing to instantiate public key cryptography
conventions, for instance executing keys and digital
Security issues in cloud fall into two general classes: security signatures. There are diverse motivations behind energy of
issues confronted by cloud providers (associations giving using elliptic bends as they offer more little key sizes and
programming, platform, or framework as-a-benefit by means more possible executions [11].
of the cloud) and security issues confronted by their clients
(organizations or associations who have applications or ECC is a kind of open cryptosystem like RSA. Be that as it
store data on the cloud)[15]. may, its snappier advancing limit and by giving appealing
and option approach to specialists of cryptographic
i) Guaranteeing Data isolation calculation influences it to contrast from RSA. A similar
In order to optimize resources, cut costs, and maintain security level gave by RSA, can be additionally given by ECC,
efficiency, Cloud Service Providers store multiple customers’ that likewise with littler key sizes. For example, the 1024 bit
data on the same server. This leads to a chance that user's security strength of a RSA could be reduced to 163 bit
private data can be viewed by each other. To avoid such security strength of ECC with the same level. Apart from this,
sensitive situations, cloud service providers must ensure ECC is especially well suited for wireless communications,
proper data isolation and logical storage separation. like mobile phones, PDAs, smart cards and sensor networks.

© 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 35
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 04 Issue: 09 | Sep -2017 www.irjet.net p-ISSN: 2395-0072

ECC uses point of multiplication operation, which has been to discover better solutions utilizing Elliptical Curve
found to be computationally more efficient than RSA Cryptography.
exponentiation[12].
8. REFERENCES
ECC has drawn much attention as the security solutions for
wireless networks such as Clouds, due to the small key size [1]S. Subashini, V. Kavitha -Anna University Tirunelveli,
and simplified computation [13]. Elliptic curve has a unique India,” A survey on security issues in service delivery models
property that makes it fit for use in cryptography in cloud of cloud computing“ELSEVIER- Journal of Network and
computing i.e. its power to take any two points on a specific Computer Applications Volume 34, Issue 1, January 2011,
curve, add them together and get a third point on the same Pages 1–11.
curve. The fundamental operation engaged with ECC is point [2] Jashanpreet Pal Kaur, Rajbhupinder kaur, Yadavindra
multiplication, i.e. increase of a scalar K with any guide P on College of Engineering, Talwandi Sabo, Bathinda Punjab,
the curve toward get another point Q on the same curve[14]. “Security Issues and Use of Cryptography in Cloud
The general equation for an elliptic curve is: Computing"
[3] Wang, L., Tao, J., & Kunze, M. (2008). “Scientific cloud
y2 + axy + by = x3 + cx2 + dx + e
computing: Early definition and experience”.
Where a, b, c, d and e are real numbers and x and y belongs [4] Reservoir Project [URL]. http://www-03.ibm.com/
to a set of real number. In its simplest form, an elliptic curve press/us/en/pressrelease/23448.wss/, access on June 2008.
equation can be given as: [5] Amazon Elastic Compute Cloud [URL]. http://aws.
amazon. com/ ec2, access on Nov. 2007.
y2 – x8 + dx + e [6] IBM Blue Cloud project [URL]. http://www-
3.ibm.com/press /us/en/pressrelease/22613.wss/, access
6. ANALYSIS on June 2008.
[7] Nimbus Project [URL].http://workspace.globus.org/
A Statistical investigation, demonstrates that a similar level clouds/nimbus.html/,access on June 2008.
of security rendered by a RSA-based framework with a huge
modulus can be proficient with a considerably smaller [8] Status Project [URL]. http://www.acis.ufl.edu/vws/,
elliptic curve group, i.e. a 163 piece key of ECC is thought to access on June 2008.
be as secure as 1024 bits key in RSA. Also ECC uses smaller [9] OpenNEbula Project [URL].http://www.opennebula.org /,
key sizes, which effects in faster calculations, lower power access on Apr.2008.
consumptions, saving memory and bandwidth. ECC thus [10] Tadapaneni, N. R. (2017). Different Types of Cloud
clubbed with Cloud computing will definitely provide much Service Models. Available at SSRN 3614630.
more secure environment along with speed and saving of
[11] Shweta Sharma, Bharat Bhushan, Shalini Sharma -
many intangible/indirect resources. ECC applied in cloud ”Improvising Information Security in Cloud Computing
will result in more attention paid towards how to avoid data Environment”- International Journal of Computer
duplications, how to utilize data and services efficiently and Applications (0975 – 8887) Volume 86 – No 16, January
how to achieve cost-effective solutions. 2014.
7. CONCLUSION AND FUTURE ENHANCEMENT [11]D. J. Bernstein and T. Lange (editors). eBACS: ECRYPT
Benchmarking of Cryptographic Systems, http://bench.
crypto, October 2013.
Cloud Computing is utilized for service-based architecture.
To plough on cloud computing, the community must take [12] Dr.R.Shanmugalakshmi, M.Prabu – “Research Issues on
sincere and dedicated measures to ensure security. A Elliptic Curve Cryptography and Its applications”- IJCSNS
movement continues to adopt universal standards (for International Journal of Computer Science and Network
example, open source) to ensure interoperability among Security, VOL.9 No.6, June 2009.
service providers. [13] Wang, H., Sheng, B. and Li, Q. (2006) ‘Elliptic curve
cryptographybased access control in sensor networks’, Int. J.
ECC can be utilized as a part of mobile computing, remote Security and Networks,Vol. 1, Nos. 3/4, pp.127–137.
sensor systems, server based encryption, image encryption [14] Ms Bhavana Sharma, B.P.I.T., Rohini, Delhi-“security
and its application in each field of communication. Cloud
architecture of cloud computing based on elliptic curve
computing with ECC is a totally new area and has colossal
cryptography (ecc)” ICETEM 2013.
extent of research. The concern here is data security with
Elliptic curve cryptography to give secrecy and confirmation [15] Wikipedia, the free encyclopedia of Cloud Computing.
of data between clouds. In future, security issues of cloud [16] Khanna, D. (2019). Internet of Things Challenges and
computing can be focused more and an attempt can be made Opportunities. International Journal For Technological
Research In Engineering

© 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 36

You might also like