See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/314891569

Homomorphic Encryption as a Service for Outsourced Images in Mobile Cloud

Computing Environment

Article · April 2017

DOI: 10.4018/IJCAC.2017040103

CITATIONS READS

53 1,251

3 authors:

Mouhib Ibtihal Driss Moulay El Ouadghiri

Ecole marocaine des sciences de l'ingenieur Université Moulay Ismail
5 PUBLICATIONS 63 CITATIONS 66 PUBLICATIONS 444 CITATIONS

SEE PROFILE SEE PROFILE

Naanani Hassan
Université Hassan II de Casablanca, Faculty of Scienc Ben M'sik
5 PUBLICATIONS 63 CITATIONS

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

NDN VANET smart cities View project

Adaptive SDN View project

All content following this page was uploaded by Naanani Hassan on 07 April 2017.

The user has requested enhancement of the downloaded file.

 Homomorphic encryption as a service for outsourced images
in mobile cloud computing environment

Mouhib Ibtihal 1 Faculty of Science, Moulay Smail University, Meknes, Morocco

El Ouadghiri Driss 2 Faculty of Science, Moulay Smail University, Meknes, Morocco
Naanani Hassan3 Faculty of Science, Ben’msik University, Casablanca, Morocco

Abstract -The integration of cloud computing with mobile computing and internet has given birth to mobile cloud
computing. This technology offers many advantages to users, like Storage capacity, Reliability, Scalability and Real time
data availability. Therefore, it is s increasing fast and it is inevitably integrated into everyday life. In MCC, data processing
and data storage can be migrated into the cloud servers. However, the confidentiality of images and data is most important
in today’s environment. In this paper, we mainly focus on secure outsourcing of images. For this purpose, we propose a
secure architecture composed by two clouds a private cloud dedicated for encryption/decryption and a second public cloud
dedicated for storage. We have implemented the first cloud using openstack while respecting the encryption as a service
concept. As an encryption scheme we have used paillier's homomorphic cryptosystem designed specifically for images .The
test of the homomorphic property is done by applying the Watermarking algorithm DWT.

Keywords: Mobile cloud computing, privacy, Encrypted Image, homomorphic encryption, paillier crypstosystem, openstack
, Watermarking ,DWT algorithm.

I. Introduction

Mobile cloud computing has emerged as new technology to empower the mobile computing functionality. As a
combination of mobile computing and cloud computing [1] the MCC allows to mobile users an empowered the
storage capacity, the reliability, scalability and real time data availability.Due to the limited storage and processing
capabilities of mobile devices, many user start to save their data as videos, photos and music on clouds. The stored
data in public cloud can be accessible by anyone without efficient protection mechanism. Consequently, serious
question of security and trust issues has to be addressed. Even if encryption is used to protect sensitive data requires
complex process to perform processing on encrypted data. Besides we cannot deny another drawback of hiding
the important relationship between documents during the encryption process. In this paper, we are more interested
in privacy issue of outsourced images because many images may include private information [7] ;Most of the
encrypted image schemes use the traditional cryptographic which does not provide secure solution to solve the
images privacy problem. In this context, we propose as solution a secure architecture based on the encryption as a
service concept and the homomorphic encryption. The main advantage in using homomorphic encryption is its
computational ability that allows doing an arbitrary number of additions and multiplications on encrypted
information without knowing decryption system where the secret key belongs only to the client. the first fully
homomorphic encryption scheme was proposed in [3] , Others researchers proposed the variants of Gentry’s model
with some improvement [2][4][5] .There are several partially homomorphic crypto-systems like Goldwasser and
Micali [6], ElGamal[11] and Paillier [10]. on the one hand Partial homomorphic encryption scheme perform one
type of operation (addition or multiplication), on the other hand fully homomorphic encryption scheme use both
operations.However, despite the good performance of fully homomorphic encryption, it requires a huge generated
key using huge calculation number that consequently affect the calculation speed which exceeds 1000 times slower
than the non-homomorphic operations. Several researches were constructed in order to improve the effectiveness
of the cryptosystem in term of the consumed calculation time and the size of the keys [8].In this study we are
interested particularly by using Paillier cryptosystem because this scheme and its variants are famous for their
efficiency” [9].

In our paper, we propose a secure architecture to resolve privacy issue for images stored in mobile cloud servers.
For this we follow next steps:

1. Implementation of a private cloud using OpenStack dedicated to encryption services and verified the
Encryption as a service concept [12].
2. Development and implementation of a specific program on C language to encrypt/decrypt images by
paillier cryptosystem and implementation on nova hypervisor.
3. Development and implementation of a second program, also on C based on implemented discrete wavelet
transform (DWT) on the encrypted domain, this program aim to test homomorphic property of our
scheme.
This paper is organized as follows. Section 2 gives a literature overview about different concept used in our
architacture and encryption techniques. Section 3 describe the proposed architecture. In section 4, we will
presented simulations results .Finally, the conclusion and future work are in section 5.

II. litterature overview

A. Openstack for building a private cloud

OpenStack [15] is an open source project used to build a private/public cloud infrastructure .It supports all major
virtualization platforms, including Xen, Kernel-based Virtual Machine (KVM), VMware, Hyper-V and container
virtualization. This platform have six necessary core components [16], there are computing components (Nova),
ghost storage components (Glance), block storage components (Cinder), network service components (Neutron),
dashboard components (Horizon) and identification components (Keystone) .Openstack can be deployed in three
different modes [14]:

 Single Node: All nova-services are deployed on only one physical server which hosts also all the virtual
machine instances.
 Dual Node: It consists of two physical servers the Cloud Controller Node which runs all the nova-services
except for nova compute and the Compute Node which is deployed with nova-compute to instantiate
virtual machine instances.
 Multiple Node: Particular number of CNs can be installed resulting in a multiple node installation.

For having an efficient private cloud , We have deployed OpenStack in the three nodes , compute,network and
controller node [fig X]:

B. Paillier cryptosystem : Basic scheme and its variants

Paillier cryptosystem (Paillier,1999) which is an additive homomorphic cryptosystem. It is a semantically secure

cryptosystem based on composite residuosity classes, whose computation is believed to be computationally
difficult .In its most basic form, Paillier scheme is described in table 1:

Basic Paillier
Key generation Alice generates two large prime numbers p and q
and computes N = pq and 𝜆 = 𝜆(𝑁) =
𝑙𝑐𝑚(𝑝 − 1, 𝑞 − 1) She chooses randomly g :
(𝑔𝜆 𝑚𝑜𝑑 𝑁2 )−1
𝑝𝑔𝑐𝑑 ( , 𝑁) = 1
𝑁
Public key (g, N)
Private Key (p, q)
Encryption To encrypt a message 𝑚 ∈ ℤ𝑁 Bob uniformly
randomly chosen 𝑟 ∈ ℤ∗𝑁 , calculates and sends
𝑐 = 𝑔𝑚 𝑟 𝑁 𝑚𝑜𝑑 𝑁 2 to Alice.
Decryption Alice decrypts the message received by
𝑐 𝜆 𝑚𝑜𝑑 𝑁2
calculating 𝑚 = 𝑚𝑜𝑑 𝑁
𝑔𝜆 𝑚𝑜𝑑 𝑁2
Table 1. Basic Paillier scheme

Fast Decryption Paillier [17] has the advantage to Encrypt and decrypt faster, a single modular exponentiation for
encryption against two in the original system , table 2 describe it scheme.

Fast Decryption Paillier

Key Generation 𝑁 = 𝑝𝑞 and = 𝜆(𝑁) = 𝑙𝑐𝑚(𝑝 − 1, 𝑞 − 1) .
Either 𝑔 ∈ ℤ𝑁2∗ random order 𝛼 ∈ {1, … , 𝜆}.
public key (g, N)
 private key (p, q, α)

Encryption To encrypt a message 𝑚 ∈ ℤ𝑁 Bob uniformly

randomly chosen 𝑟 ∈ ℤ∗𝑁 ,, calculates and sends
𝑐 = 𝑔𝑚+𝑁𝑟 𝑚𝑜𝑑 𝑁 2 to Alice.

Decryption Alice decrypts the message received by

𝑐 𝜆 𝑚𝑜𝑑 𝑁2
calculating 𝑚 = 𝑚𝑜𝑑 𝑁.
𝑔𝜆 𝑚𝑜𝑑 𝑁2
Table 2. Fast Decryption Paillier scheme

Small Exponent Paillier : Similarly to RSA, Catalano, Gennaro, Howgrave Graham, and Nguyen [18] suggested
using a public exponent 𝑒 , with a small weight, to accelerate the encryption process. On the other hand, the latter
can be further optimized by choosing 𝑔 = 𝑁 + 1 d so that 𝑔𝑚 = (1 + 𝑚𝑁) 𝑚𝑜𝑑 𝑁. The decryption becomes 𝑐 =
𝑔𝑚 𝑦 𝑒 = 𝑦 𝑒 . (1 + 𝑚𝑁) 𝑚𝑜𝑑 𝑁 2 , with a low exponentiation and a modular multiplication.

C. The discrete wavelet transform (DWT)

The discrete wavelet transform (DWT) is a mathematical tool frequently used in signal processing. The DWT can
be used as interesting tool to extract various kinds of information from digital media in the encrypted domain. In
our case, we are interested to apply it for secure image watermarking. DWT can be expressed recursively using
Mallat’s algorithm [13] as follows :
1
𝑎𝑗 (𝑘) = ∑ ℎ𝑑 (2𝑘 − 𝑙)𝑎𝑗−1 (𝑙)
√2 𝑙 ∈ ℤ
1
𝑑𝑗 (𝑘) = ∑ 𝑔𝑑 (2𝑘 − 𝑙)𝑎𝑗−1 (𝑙)
√2 𝑙 ∈ ℤ

where hd (k) and gd(k) are the low-pass and high-pass decomposition filter coefficients, respectively, j is the
decomposition level of the transformation, j = 1, 2, 3, . . ..a j (k) and d j (k) are the approximation coefficients and
detail coefficients, respectively. a0(l) is defined as the input signal x(l). For convenience, we use X j (k) to represent
both a j (k) and d j (k).

We have implemented A watermarking scheme based on the 2D discrete Haar wavelet transform on encrypted
domain.

III. Proposed architecture

We propose a hybrid architecture constructed by two clouds: First one is used as private cloud dedicated for the
encryption/ decryption process, and the second one is a public cloud used to store encrypted image. To ensure the
security of image outsourcing through this architecture, we propose the following three steps: First we implement
the private cloud, then we provide into this cloud the encryption cryptosystem, and finally we store it in the public
cloud. In order to testify the homomorphic characteristic, we use a watermarking method as an extra step.

Step I: Implementing the private cloud

The private cloud is implemented using openstack. This type of cloud imposes restrictions on the network and user
access which allows to the users more control over the infrastructure in secure manner. Besides, the processed data
within such architecture aren’t affected by the network bandwidth’s limitations while the processing procedure,
and also protected against legal issues. In addition the private cloud is often designed to guarantee the availability
of the services for specific purpose according to the firm objectives. There are many frameworks which are used
according to the user and application requirements. In this work, we utilize OpenStack framework to design and
implement the infrastructure as a service.
In our architecture, we have deployed the encryption server on OpenStack Version. The test bed consists of a
controller node [fig 1], a network node[fig 2], and a compute nodes [fig 3].
Fig 1 : Controller node of openstack

Fig 2 : Network node of openstack

Fig 3 : Compute node of openstack

 Fig 4 : Our private cloud openstack with three nodes.

After lunching the three nodes, we accede to our cloud via the authentication interface by
entering a login and password [fig5] and then accede to the interface of administrator [Figure 6]

Fig 5: Authentication’s interface

Fig 6: Administrator’s interface

Step II: Implementing of the Paillier cryptosystem in an encryption as a service architecture [fig 7]

As mentioned before, the data security and privacy issues are addressed using an encryption system. Consequently
our encryption system as a service should ensure the security of offload image against external/ internal attacks.
For this we intend to encapsulate the Paillier cryptosystem into Nova Hypervisor.
 Fig 7: Encryption as a service architecture [12]

Step III: Storing the encrypted images on the public cloud [fig 8]

Once the images are encrypted, there are stored on an external local server that represents the public cloud. In this
work, paillier cryptosystem is implemented on Node Controller [fig 1] ,especially on nova hypervisor .

Fig 8: Storage of encrypted images

Step VI : Testifying the homomorphic property

In order to testify the homomorphic propriety of our system, we choose the watermarking method based on discrete
wavelet transform DWT. This method proves to be most effective and implementable in cloud computing for
checking the authenticity of information, which guarantees the integrity, originality, and legality of data
usage[19].In our implementation, we have implemented DWT on Encrypted domain using a program on C
language.

Fig 3: Watermarking on Encrypted Images

We have implemented our scheme using C language on the ECLIPSE 4.2.2. The encrypted algorithm and 2-D
Haar wavelet transform algorithm are conducted on a computer with Intel(R) Core(TM) i7-3720QM CPU
processor running at 2.60 GHz, 8 G RAM.
If we take as an example the Original lena [Fig 9] .the cryptogram of this image [fig 10] is also represented by a
message in txt format [fig 10].Finally ,after lanching the DWT program ,we obtain message also in a txt format
[fig 12]

Fig 9 : Original Lena

Fig 10 : Encrypted Lena

Fig 11: Encrypted_Lena.txt

After launching the DWT program, we obtain a message also in a txt format [fig 13] .
 Fig 12: DWT on Encrypted_Lena.txt

The experimental results has proven that time process for encrypted images is boosting with the expansion of
images size and their features [Fig 14 ,15].which means that encryption takes time when it comes to complex
images

Fig 13: Encryption processing

Fig 14: Encryption processing

IV. Conclusion

In this present paper, we propose a architecture to secure outsourced images in mobile cloud computing
environment. This architecture is based on encryption as a service concept in which a private cloud is dedicated to
encryption and decryption. We implemented an additive homomorphic encryption scheme (paillier crysptosystem)
and then we tested the functionality of our scheme by implementing a watermaking method (DWT) on a local
 server. The results show that the method doesn't take a long time in encryption and decryption processing, so it
can be used as a solution of data security/privacy in such environment

References
1. R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic, “Cloud computing and emerging it platforms: Vision,
hype, and reality for delivering computing as the 5th utility,” Future Generation computer systems, vol. 25, no. 6, pp.
599–616, 2009
2. Smart, Nigel P., and Frederik Vercauteren. "Fully homomorphic encryption with relatively small key and ciphertext
sizes." Public Key Cryptography–PKC 2010. Springer Berlin Heidelberg, 2010. 420-443.

3. Craig Gentry, “A Fully Homomorphic Encryption Scheme”, 2009.

4. Van Dijk, Marten, et al. "Fully homomorphic encryption over the integers." Advances in cryptology–EUROCRYPT
2010. Springer Berlin Heidelberg, 2010. 24-43.

5. Stehlé, Damien, and Ron Steinfeld. "Faster fully homomorphic encryption." Advances in Cryptology-ASIACRYPT
2010. Springer Berlin Heidelberg, 2010. 377-394.

6. Goldwasser, Shafi, and Silvio Micali. "Probabilistic encryption." Journal of computer and system sciences 28.2
(1984): 270-299.

7. Wang, Cong, et al. "Privacy-assured outsourcing of image reconstruction service in cloud." IEEE Transactions on
Emerging Topics in Computing 1.1 (2013): 166-177.

8. Naehrig, Michael, Kristin Lauter, and Vinod Vaikuntanathan. "Can homomorphic encryption be
practical?." Proceedings of the 3rd ACM workshop on Cloud computing security workshop. ACM, 2011.

9. Fontaine, Caroline, and Fabien Galand. "A survey of homomorphic encryption for nonspecialists." EURASIP Journal
on Information Security 2007.1 (2007): 1-10.

10. Paillier, Pascal. "Public-key cryptosystems based on composite degree residuosity classes." Advances in
cryptology—EUROCRYPT’99.Springer Berlin Heidelberg, 1999

11. ElGamal, Taher. "A public key cryptosystem and a signature scheme based on discrete logarithms." Advances in
cryptology. Springer Berlin Heidelberg, 1985.

12. Ibtihal, Mouhib, El Oadghiri Driss, and ZineDine Khalid. "Data Encryption as a Service in Mobile Cloud
Computing." Journal of Information Assurance & Security 11.3 (2016).

13. S. Mallat, “A theory for multiresolution signal decomposition: The wavelet representation,” IEEE Trans. Pattern Anal. Mach.
Intell., vol. 11, no. 7, pp. 674–693, Jul. 1989.

14. Ristov, Sasko, Marjan Gusev, and Aleksandar Donevski. "Openstack cloud security vulnerabilities from inside and
outside." CLOUD COMPUTING (2013): 101-107.

15. OpenStack Home Page. http://www.openstack.org/.

16. Lian, Longying, et al. "Constructing virtual network attack and defense platform based on openstack." Proceedings
of the 2015 International Conference on Automation, Mechanical Control and Computational Engineering. 2015.

17. Pascal Paillier, Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. Advances in Cryptology
- EUROCRYPT’99, vol. 1592 of Lecture Notes in Computer Science, pp. 223-238, 1999

18. Catalano, D., Gennaro, R., Howgrave-Graham, N., and Nguyen,P. Q. Paillier’s cryptosystem revisited. In ACM
Conference on Computer and Communications Security (2001), pp. 206–214.

19. D. Kundur and D. Hatzinakos. A robust digital image watermarking scheme using the waveletbased fusion. In IEEE
Signal Processing Society 1997 International Conference on Image Processing (ICIP'97), Santa Barbara, California,
October 1997.

View publication stats