2021 International Conference on Simulation, Automation & Smart Manufacturing (SASM)
GLA University, Mathura, India. August 20-21, 2021
Enhance Data Security in Cloud Computing with
Digital Signature & Hybrid Cryptographic
Algorithm
2021 International Conference on Simulation, Automation & Smart Manufacturing (SASM) | 978-1-6654-0357-3/21/$31.00 ©2021 IEEE | DOI: 10.1109/SASM51857.2021.9841171
Purvansh Jain
B.Tech Graduate,
Faculty of Engineering and Technology, Faculty of Engineering and Technology,
JAIN University
Bangalore, India
[email protected]
[email protected]
[email protected]
Abstract— The proposed paper focuses on a hybrid
cryptographic algorithm that aims to provide integrity &
confidentiality to our sensitive data. With the use of
cryptographic algorithms and a blended key exchange
algorithm along with an authentication technique, verification
of data can be protected while uploading it to any cloud
platform. The cloud computing boom is ultimately on the
pinnacle because of the pandemic that forces corporations to
operate virtually and people to stay indoors for their work
from home. Cloud computing offers advantages like on-
demand services, shared hardware and software, but also
involves storing data at unknown place. So they are sometimes
susceptible to leaks of data or other malicious internet attacks,
making it a serious worry for enterprises all over the world.
The objective of this paper is to explore the different
algorithms utilised for security, performance and finally to
identify the most adequate and efficient combination. The
emphasis is on finding the practical consequences of the
presented results and not merely on theoretical principles.
Keywords— Cloud Computing, Cloud Security, Encryption,
Decryption, ECC, AES, Blowfish, Diffie Hellman, RSA,
Hybridization, Cryptography, Digital Signature
I. INTRODUCTION
A. Cloud Computing :
It is an internet-based, dynamically resourced pool of
resources, high availability, and virtualization, all accessed
through the cloud. Increasing capacity dynamically while
reducing investment in new equipment, training new people,
or purchasing new software is possible via cloud computing.
Organizations do not need to purchase any more hardware
for installing various apps in cloud computing as they can be
rented from others. A common name for these providers is
cloud vendors. It is common for customers to use cloud
services, such as cloud storage and web services, provided by
Cloud Service Providers. Cloud computing is beneficial as it
cuts down on hardware and maintenance costs, allowing for
more accessibility worldwide. It is also highly automated,
withcustomers requiring less attention to software upgrades.
1) Cloud computing deployment models
When it comes to cloud deployment model, security is a
problem.There are 4 kinds of cloud deployments depending
on who owns the infrastructure.
a) Public Cloud: In a conventional mainstream by
adopting a self- service model, cloud computing
creates dynamically provisioned resources that can
978-1-6654-0357-3/21/$31.00 ©2021 IEEE
Authorized licensed use limited to: SASTRA. Downloaded on March 05,2024 at 11:41:14 UTC from IEEE Xplore. Restrictions apply.
Piyush Muskara Prati Jain
B.Tech Graduate, 7th Semester Student,
Faculty of Engineering and Technology,
JAIN University JAIN University
Bangalore, India Bangalore, India
be accessed over the internet (e.g Amazon, Google
App Engine).
b) Private Cloud: It is different from typical data
centers in which it uses virtualization to the majority
of its hardware. More so for businesses involved in
mission- and safety- critical endeavors, the private
cloud is a more attractive proposition.
c) Community Cloud: An infrastructure of
interconnected clouds used by multiple enterprises is
called “community cloud”. For example, the Open
Cirrus Cloud Computing Testbed represents a
typical situation.
d) Hybrid Cloud: It includes any combination of two
orthree models given above.
B. Security :
Although cloud services have a large-scale adoption, the
concerns regarding security and privacy of these services
persist. Smart phones' access to rapidly advancing
technologies might allow consumers to quickly access such
services and provide real-time access to photos, videos,
papers, and other essential data across multiple platforms.
However, in the context of a security breach in their cloud
account, customers' data would be at risk. This may lead to
significant losses. One must keep in mind many factors while
discussing cloud security such as trustworthy authentication,
adequate authorization, data security, and privacy. Every
cloud provider must implement these critical security
objectives to meet the fundamental requirements. In order to
secure data, computer and network security has always been
viewed as a property of information technology, thus
encryption has played a major role in safeguarding data.
C. Cryptography :
When you connect a computer to a network, you need to
make sure all the linked systems are protected from hackers
on the internet. These kinds of devices alter the way data is
sent over the network. In order for the security measures to
be able to handle the data being transferred over the network,
the information must be passed on to them. Cryptography is
what's referred to as this method. This process enables us to
transmit the data in a non-readable, unrecognizable format
that an intruder can't read. Receiving a message requires
deciphering the sender's key, which only the senderknows.
Cryptography is made up of two separate but
interconnected disciplines: encryption and decryption. Cipher
1
text is the resulting form of the encryption, after having
converted the text into unreadable text, using a key, called
encryption key. The encrypted message and key are
transferred to the recipient. To retrieve the actual
information, thereceiver will apply the key on encrypted text.
Cryptography can be divided into two types :
1) Symmetric Key Cryptography [ Private Key
Cryptosystem ]:
Single key is used for both encryption and decryption in
this approach. In this class of algorithms, DES, TDES, AES,
and RC4 aresome of the algorithms that you'll see.
2) Asymmetric Key Cryptography [ Public Key
Cryptosystem ]
Here, Two separate keys are needed to encrypt and
decrypt. Under this class, we have RSA, MD5, and ECC
algorithms.
In the implementation of our hybrid cryptographic
system, we are utilizing both symmetric key systems and
asymmetric key systems. This system combines the two key
cryptographic algorithms, symmetric and asymmetric, to
produce a powerful dominant algorithm. The resultant
algorithm has increased security strength and performance.
D. Digital Signature :
Data integrity is one of the most important factors in the
transmission of the packet over the network. In this instance,
a digital signature is a critical component of the verification
process since it is utilized to confirm the integrity. This helps
ensure that the message came from the sender, and therefore
gives a level of trust to the receiver. To keep unauthorized
users from accessing the data, we employ digital signature
techniques. That is why digital signatures play an important
role in keeping data packets safe from cyberattacks.
E. Hybridization:
A hybrid cryptography technique in which both
symmetric and asymmetric algorithms are employed, results
in a hybridization making cryptosystem a powerful
dominating algorithm. Hybrid algorithms can be created by
any combinations of asymmetric algorithms, symmetric
algorithms, or even by utilising both types of algorithms at
the same time. When the private and public keys are safe, a
hybrid algorithm is regarded as extremely secure. In reality,
hybridization does not always result in better performance,
but it certainly enhances the security of the system.
II. PROBLEM STATEMENT
Cloud use is growing, and as a result, so is the demand
and dependence on it as a storage and communication
medium. There's also a growth in cyber crimes, all as a result
of cloud usage. Insufficient and unreliable techniques and
approaches have been discovered previously for ensuring
data security and reliability. Cryptanalytic attacks have
multiplied exponentially because of quicker technology,
putting users and their personal information at risk.
In addition, it is imperative that new and improved ways
be developed for concealing information in order to ensure
that everything is not visible to everyone.In particular, this
paper deals with the topic of Cloud Security and employs the
use of digital signatures and advanced hybrid cryptographic
algorithms to try to identify better and more dependable
security measures.
2
Authorized licensed use limited to: SASTRA. Downloaded on March 05,2024 at 11:41:14 UTC from IEEE Xplore. Restrictions apply.
III. PROPOSED METHODOLOGY
A. Process Flow :
1) Hybrid algorithm
A suitable combination of cryptographic algorithms must
be developed in this step. Once this has been successfully
tested, several parameters, such as encryption, security,
speed, throughput,etc. can be evaluated.
2) Application Design
As a framework for evaluating the hybrid method, one
can develop client-server user application. Deploying that
application on the cloud is required for this purpose.
3) Integration of security in cloud API
With the implementation of security features, including
digital signatures and hybrid cryptographic algorithms for
user authentication and data encryption, the programme
moves on tothe next phase.
4) Deployment on cloud
In this step, Developed application can be deployed on
the cloud and coupled with a cloud database. This will allow
you to test out all of the app's different features.
5) Testing :
Finally, at this step, one can execute real cryptanalytic
attacks against developed application and collect and record
the findings to see if proposed application and algorithm are
functioning as intended.
B. System Architecture :
As indicated in the diagram of figure 1, the system and its
architecture contain the following modules:
Fig. 1. System Architecture
1) User data
Data which is input to the system is the user's
information. People would use text files to fill out the
information and then encrypt and store it on the cloud.
2) Cloud module
This system is based on the cloud depicted in Fig 1.
Cloud would have full control of the whole architecture. To
log in to the system, the user will connect to the cloud from
their existing systems using credentials.
3) Storage server
The encrypted files that the user has uploaded to the
cloud are stored here. These files are kept in an encrypted
manner on this structure.The user has the option to select
any of the files to download, after which they will be
decrypted and delivered.
 4) Trusted computing platform
In terms of the secure/trusted computing platform, the
encryption, decryption, and authentication tasks would be
handled. Prior to uploading a file, Diffie Hellman Key
exchange is used to exchange keys. at time of login. This is
followed by digital signature authentication.
5) Digital signature repository
This stage finalizes the data file encryption process,
which utilizes a hybrid encryption technique. .First, the file
is retrieved from the storage structure, and then it is
decrypted and made accessible for download.
6) Cloud clients
N number of clients may use the system at the same time.
In order to use the system described above, the user must
first register.
C. System Design :
Fig. 2. Proposed System Model
The system (Fig 2), we have presented above protects the
security of data packets which utilizes a three-way
architecture, combining digital signatures for authentication,
a key-exchanging method for communication, and a hybrid
encryption and decryption algorithm for data storage and
verification.
D. Research Algorithms :
Algorithms required to prove proposed model is efficient
and provides high security, throughput & performance are
ECC, AES, BLOWFISH, DIFFIE HELLMAN KEY
EXCHANGE, RSA.
1) Elliptic Curve Cryptography :
Elliptic curve is made up of all the points that have an
equation that fulfills the criteria. The following is a basic
criteria: y² = x³ + ax + b Here: 4a³ + 27b² doesn't equal zero
(To prevent singular points).
The following elliptic curves are provided as examples:
Fig. 3. Examples of Elliptic Curves
All elliptic curves presented above are identical in their
symmetry with regard to the x-axis. This is valid for all
elliptic curves.
3
Authorized licensed use limited to: SASTRA. Downloaded on March 05,2024 at 11:41:14 UTC from IEEE Xplore. Restrictions apply.
Group law for elliptic curves :
1. The points of an elliptic curve form the basis of the
group.
2. An identity element is the point being located at
infinityzero.
3. A point which is symmetric around the x-axis is
inverseof Point A.
4. The following rule provides an equation for addition:
If three points, A, B, and C, are each aligned and
non-zero, then their total must be equal to zero ( Fig
4)
Fig. 4. Sum of 3 points aligned is zero
WORKING
As elliptic curve public key cryptography is explained,
let us now examine how it functions. Ace and Rob would
like to connect to each other securely through an unsecured
network by exchanging a private key across it in following
way :
1. For usage with a particular elliptic curve F(Lq), fixed
base point A ( rational one) is issued in the domain
whichis public.
2. Rohit and Mohit choose two different random
integers IJ & IK and use those numbers as their
privatekeys.
3. Rohit evaluates IJ x A, and Mohit evaluates IK x A,
which they then trade values through an untrusted
network.
4. Rohit & Mohit are using the information that they
have acquired & their private keys to complete the
computation ( IJ x IK) x A = IJ x (IK x A) = IK x (IJ
x A). Due to the high complexity of the ECDLP,
private keys IJ and IK and the common secretly
(IJ*IK)*A makes it difficult to compute IJ x A & IK
xA.
Therefore, Rohit and Mohit do not negotiate a shared
secret with each other or jeopardize their private keys.
2) Advanced Encryption Standard :
In 2001, the United States (NIST) approved the AES
(original name Rijndael) as a standard for encrypting
electronic data. This block cipher is symmetric and is
designed to last for approximately until around 2030, and
offers protection of data till 2100. It is free of licensing
restrictions.
Unlike some other encryption algorithms, the AES
standard uses a 4 × 4 column-major order matrix of bytes,
referred to as the state, but certain implementations of
Rijndael include larger size of block & additional columns in
state as shown in Fig 5.
Fig. 5. AES Round Structure (a)
Just in case, if there are 16 bytes, they can be described
as following matrix :
As seen above, the number of repetition counts in a cycle
is equal to the following :
10 full iterations of the sequence with a key length of 128
bits
12 full iterations of the sequence with a key length of 192
bits
14 full iterations of the sequence with a key length of 256
bits.
Encryption Process : In this part, we'll look at a typical
round of AES encryption. In each cycle, there are 4 sub-
processes.
a) Sub Bytes : The input bytes are searched for S-box
(a fixed table) supplied in design, so that a user can
replace the 16 input bytes. In the end, this 4-row, 4-
column matrix is the result.
b) ift Rows : Every single row of the matrix is shifted to
the left. In the event that a certain entries drop off the
right side of the row, those entries are moved back
into same place. The process looks like this :
x shifts have been applied to the first row.
x byte has been relocated to left in second row.
x rd row has been shifted two positions to left.
x th row has been shifted three positions to left.
x he final product is a new matrix with the same 16
bytes shifted around.
c) x Columns : In this, A precise mathematical
approach was used to convert each column of four
bytes. The output of this function consists of four
fully new bytes which replace the old column. A
new matrix has therefore been created, which now
contains an additional 16 bytes.
d) d Round Key : 16 bytes of the matrix have been
upgraded to 128 bits and then XORed with the round
key's 128 bits to create the secret state. If this is the
last round, the output is the cipher text and if not
then we must convert the 128 bits into 16 bytes, and
then we would have to do the procedure again.
3) Blowfish Algorithm :
This algorithm is a symmetric-key block cipher. To our
knowledge, no successful cryptanalysis of this has been
found in software. Software makes it possible to attain a high
encryption rate in a short time. Key-based S-boxes and a
very intricate key scheduling are among the notable elements
of the design. Blowfish comes with a block size of 64 bits
and a flexible key length [ 32 - 448 bits]. It uses big key-
dependent S-boxes and it is a Feistel cipher with 16 rounds
as shown in Fig 8.
WORKING :
In addition to 4-Twofifty-six entry S boxes, the 18-entry
P- array is used. 8-bit input is supported by S-boxes, which
can provide thirty two bit output. One P-array entry is used
in every round, and after the last round, the half of the data
block to which each P-array entry was XORed is one of the
two P-array entries that remain unused. Each of the four
eight-bit quarters from the 32-bit input is used as an input.
The outputs are added and XORed to get the final 32-bit
result.
In Blowfish, a Feistel network has been used. So, to flip
the process, XOR the outputs of P17 and P18 to the
encrypted text block and in the reverse sequence use P-
entries. There are 521 iterations (approximately 4KB of data
handled) where the Blowfish encryption technique is used to
generate all the sub keys.

Fig. 6. AES Round Structure (b)

4
Authorized licensed use limited to: SASTRA. Downloaded on March 05,2024 at 11:41:14 UTC from IEEE Xplore. Restrictions apply.

Fig. 7. Blowfish F Function
Fig. 8. Process of Blowfish Algorithm
4) Diffie Hellman Key Exchange ( Exponential
Algorithm) :
This key exchange is a kind of digital encryption that
employs numbers powered to particular powers to obtain
decryption keys. This makes it practically impossible for an
eavesdropper to obtain the keys. To execute Diffie- Hellman,
Rohit and Mohit while conversing over a private channel,
agree on i and j such that i is a prime number and j is a
generator of i. There are no whole numbers for which
generator j gives the same output for any two numbers with a
prime factor i. The absolute value of i is very high, while the
relative value of j is typically small.
In order to make a pair of numbers (i, j) so Rohit and
Mohit agree for private conversing, they need positive
whole- number private keys (r, s) which are smaller than the
5
Authorized licensed use limited to: SASTRA. Downloaded on March 05,2024 at 11:41:14 UTC from IEEE Xplore. Restrictions apply.
prime- number modulus (i).The system requires both users to
memories their own cryptographic keys; ideally, they do not
write these numbers down or save them anywhere. After
that, Rohit and Mohit calculate public keys r* and s*
corresponding to their personal keys by using formula :-
R* = JR MOD I AND S* = JS MOD I
Though it may be presumed to be insecure, like the
Internet, the two users' public keys r* and s* are shared over
a communication medium.
A number x can be formed using either user's personal
keys, provided that user has created the corresponding public
keys.
Rohit calculates x using formula :- x = (s*) r mod i
Mohit calculates x using formula :- x = (r*) s mod i
According to both formulae above, the value of x is
equal. Nevertheless, the two vital, public keys (r and s) that
are necessary for the computation of x have not been provided
to the public. Due to the sheer size and seemingly random
nature, even with the assistance of a powerful computer, it is
nearly impossible for a hacker to accurately guess x. Thus,
theoretically, the two users can secretly communicate over a
public channel with an encryption method of their choice
with the decryption key x.
5) RSA Digital Signature Algorithm :
RSA stands for Rivest, Shamir, Adelman. This algorithm
is a very famous for encryption/decryption which is
asymmetric in nature. Encryption and Decryption aren’t only
thing they can be used for; they are also capable of signing or
confirming data packets. The modulo notion is used to sign
and verify data.
For the purposes of this analogy, let us assume that we
have two firms named A and B. Public cloud is provided by
Company A, where there is information, software, and
applications. Company B is interested in acquiring
information from the A's cloud. Our main goal is to transfer
sensitive material to company B with an encrypted digital
signature using the RSA method.
Flow of Process :-
1. B desires a file that has been retrieved from the cloud
byA.
2. Now, The Hash function will generate a few lines of
code. Those lines will be used to generate a message
digest.
3. The message digest is then encrypted using A's
private key. In this way, the digital signature is
created.
4. To encrypt a digitally signed signature, A will use
RSA algorithm with help of B's public key and by
also decrypting the cipher text using his/her private
key into plain text, B will use A's public key to
authenticate the digital signature.
IV. PERFORMANCE ANALYSIS
A. Multi Level Algorithm Testing :
In this type of comparative testing, the hybrid algorithm
is put through different file sizes to evaluate how its
performance changes as size increases. Having ascertained
that the algorithms combinations are feasible, we decided to observed that combination of ECC and AES offered better
compare techniques between ECC-BLOWFISH, ECC-AES. runtime and higher throughput in kilo bytes per millisecond for
smaller file sizes as compared to combination of ECC and
During testing, different-sized text files were used, from BLOWFISH. As cloud-based business applications tend to
200 kilobytes to 50,000 kilobytes in size. store a significant quantity of data, file sizes might vary widely,
and hence it is recommended to employ the ECC &
TABLE I. COMPARISON OF PERFORMANCE ON BASIS OF FILE SIZE BLOWFISH hybrid method for multi layer security when
storing cloud-based data.
File Size (KB) ECC + BF ECC + AES
200 1323 1408 In order to merge the algorithms with the software to be
placed on the cloud, and then put the algorithms through
2000 1567 1627 rigorous testing against various cryptanalytic assaults to ensure
their stability and security. The work described in this paper
10000 3463 3637
seeks to give a better and more streamlined real-time security
20000 5680 5630 system in order to offer better and more reliable user
experience when using cloud-based services so that security
30000 8376 8014 problems, such as data exposure, vulnerability, authentication,
40000 10746 9894 and non- reprisal, can be fixed.

50000 14822 13179 REFERENCES

[1] P. Mell and T. Grance, “The NIST Definition of Cloud
B. Throughput Testing : Computing,” US Nat’l Inst. of Science and Technology, 2011;
http://csrc.nist.gov/ publications/nistpubs/800-145/SP800-
This testing looks to see if combinations of algorithm 145.pdf.
through puts are discovered. Throughput in this case is [2] Saini, Garima, and Naveen Sharma. "Triple Security of Data in
measured in bytes per millisecond. Cloud Computing." International Journal of Computer Science &
Information Technologies 5.4 (2014).
TABLE II. COMPARISON OF THROUGHPUT ON THE BASIS OF FILE SIZE [3] S.C.Iyer, R.R.Sedamkar and S.Gupta, “Multimedia Encryption
using Hybrid Cryptographic Approach,”International Journal of
File Size (KB) ECC + BF ECC + AES Computer Applications, May 2013, vol 5.
[4] Shakeeba S. Khan, R.R. Tuteja, “Security in Cloud Computing
200 153.2181 139.2141 Using Cryptographic Algorithms” International Journal of
2000 1202.5716 1162.8538 Innovative Research in Computer and Communication
Engineering, Volume 3, Issue 1, January 2015, pp. 148-154.
10000 2947.6160 2700.9782 [5] A.P Shaikh, V. kaul, “Enhanced Security Algorithm using
Hybrid Encryption and ECC,” IOSR Journal of Computer
20000 3657.8763 3620.9842 Engineering, vol. 16, Issue 3, pp. 80-85,May-Jun. 2014.
30000 3799.09415 3884.4278 [6] Anususya Sardar and Subba Rao Y.V.and RukmaRekha N, “Zero
Knowledge Proof in Secret Sharing Scheme Using Elliptic Curve
40000 4096.1436 4292.9824 Cryptography”, Global Trends in computing and communication
systems, communication in computer and information science,
50000 4549.6655 5051.8512 2012, 269, 220-226, Springer.
[7] Overall, following table visualizes algorithms according to several
measures, including time, throughput and security.
Overall, following table visualizes algorithms according [8] Bisong, A. and Rahman, S.S.M. (2011), “An Overview of
the Security Concerns in Enterprise Cloud Computing”,
to several measures, including time, throughput and security. International Journal of Network Security & Its Applications,
3(1),30-45. doi:10.5121/ijnsa.2011.3103.
TABLE III. COMPARISON OF HYBRID ALGORITHMS BASED ON
[9] Somani, Uma, Kanika Lakhani, and Manish Mundra.
CHARACTERISTICS
"Implementing digital signature with RSA encryption algorithm
Hybrid Time Throughput Security to enhance the Data Security of cloud in Cloud Computing."
Combination Parallel Distributed and Grid Computing (PDGC), 2010
Elliptic Curve Slow Very High 1st International Conference on. IEEE, 2010.
Cryptography + Fast [10] Nair, Nikhitha K., K. S. Navin, and Soya Chandra. "Digital
Blowfish Signature and Advanced Encryption Standard for Enhancing Data
Elliptic Curve Very Fast Very Security and Authentication in Cloud Computing." (2015).
Cryptography + Fast High [11] Mrs. Mamatha, Mr. Pradeep Kanchan, “Use of Digital Signature
Advanced with Diffie Hellman Key Exchange and HybridCryptographic
Encryption algorithm to Enhance Data Security in Cloud Computing”,
Standard International Journal of Scientific and Research Publications,
Volume 5, Issue 6, June 2015, pp 1-4
V. CONCLUSION AND FUTURESCOPE [12] Al Imem Ali, “Comparison and Evaluation of Digital Signature
Schemes Employed in NDN Network” International Journal of
Through our study of hybrid methods, we were able to
Embedded systems and Applications (IJESA), Volume 5, Issue 2,
determine that the implementation of ECC and AES together June 2015, pp. 15-29
took longer execution time than ECC and BLOWFISH. We

6
Authorized licensed use limited to: SASTRA. Downloaded on March 05,2024 at 11:41:14 UTC from IEEE Xplore. Restrictions apply.