Design and Implementation of Strong Security Architecture

for Amazon Web Service based On Cloud Applications

Madan Solanki Prof.(Dr.) Vrinda Tokekar

M.E. Student Department IT
Department IT IET DAVV Indore(M.P.)
IET DAVV Indore(M.P.) [email protected]
[email protected]

ABSTRACT
Cloud applications are becoming a necessary part of modern life. Security is one of the most
important non-functional requirements of every solution. Early days, security and data privacy was
just luxury part of software development and it was an optional requirement but nowadays it plays
a critical role in daily life. The presented work will be made to observe the need for security
algorithms in Cloud application. This work observes that the current security level of existing
applications recommend improved security solutions to enhance the security level as well
performance of proposed architecture. This work recommends Blowfish, RC6 algorithm
(symmetric key cryptography) can be used to achieve confidentiality during communication. It
also considers the MD5 algorithm to maintain the integrity and modified Kerberos algorithm to
achieve authentication. The complete work will propose a security architecture having solution to
achieve confidentiality, integrity with strong authentication policy for Cloud application
development in Amazon web service .
The strong security architecture provide for data and minimum executive time in upload and
download file, different key size, file size and chunking size in file.
Keywords: Cloud based application, RC6, Blowfish, Kerberos authentication, MD5

1. INTRODUCTION
Cloud computing consist of resources, serving with services and providing with infrastructure. It
is bulk storage of resources with convenient computations and operations and provides with ease
to access on-demand services. Cloud is an emerging technology, which copes with changing
trends. This technology is flexible to use with low cost and in an advantageous way. Security
policies of cloud are studied in introduction part for achieving authentication of data for security
purpose. Security and privacy always comes as future challenge for researchers and authors, these
challenges are authentication, authorization, integrity, confidentiality, availability and privacy.
These challenges are the major concern due to dependency on third party, because it leads to loss
of data. Bulk data is communicated in cloud that comes up with the issue of generating risk of
accessing data in cloud by attackers.
Amazon Web Service are various type service provider in cloud computing, for example elastic
cloud compute, containers, database, storage, developer tools, strong security service, serverless,
networking & content delivery , media service, IOT, front-end web and mobile etc. AWS are on
demand service provide, free service offers some time duration in cloud computing.
Many organization cloud computing service used Google, Microsoft, facebook, Twitter et cetera.
Amazon Web Service provide at 2006 in IT infrastructure service to ecommerce businesses.
Architecture of cloud computing service-
I. SaaS - Software as a service:- End-user service provide, web application, customers are
provided with application anytime and any-where. cloud provider are salesforce.com, etc.
 II. PaaS- Platform as a service:- Runtime environment for applications development &
data processing hosted in cloud. examples- Google app engine, Microsoft azure.
III. IaaS (infrastructure as a service)- Infrastructure clouds, Rent processing, storage and
other fundamental computing resources, dropbox, amazon web services, Mozy and
Akamai.

Since cloud are broad field in computing. there is abundance of research method and defiance that
can be research survey. Research paper focus on strong security architecture provde for
communication data and minimum executive time in upload and download file, different key size,
file size and chunking size in file.
1. Authentication
Authentication is one of the security concern in security policies and it cannot be removed
ever. Authentication checks user identity and system identity for the purpose of communication.
2. Confidentiality
Confidentiality explains privacy; some parameters are required for securing delivery of
information to any wrong person by making sure that message will delivered to right person. Only
the authorized people have the right to access data.
3. Integrity
Integrity means accuracy, where data cannot be modified or altered while transmission by
unauthorized user. Alteration is the activity where error is created or unauthorized user while
transferring of data deletes some sensitive part of the data.

2. LITERATURE SURVEY

Many area of researchers have addressed cloud security issues in cloud computing.
Sakshi et all [1] Cloud Computing is involves the concept of on demand services which means
using the cloud resources on demand and we can scale the resources as per demand. Cloud
computing undoubtedly provides unending benefits and is a cost effective model, The major
concern in this model is Security in cloud. This is the reason of many enterprises of not preferring
the cloud computing. This paper provides the review of security research in the field of cloud
security. After security research we have presented the working of AWS (Amazon Web Service)
cloud computing.AWS is the most trusted provider of cloud computing which not only provides
the excellent cloud security but also provides excellent cloud services and other research paper are
Monika Gogna[2] July 2018 JETIR, volume 5, Issue7, the comparison of three protocols X.509,
Kerberos 5 and PKINIT have been presented in a distributed network to analyse whether mapping
between these protocols is possible or not.
P.Princy[3] IJCSET published paper different symmetric algorithm used here are many symmetric
algorithms are used now a day’s like AES, DES, 3DES, BLOWFISH, RC4, RC6.In this survey we
make the blowfish algorithm is more secure to compare other symmetric algorithms and D
Rachmawati [4] et all, 2nd international conference on computing and applied informatics 2017
publishing doi :10.1088/1742-6596/978/1/012116, There are many hash functions. Two of them
are message digest 5 (MD5) and SHA256. Those both algorithms certainly have its advantages
and disadvantages of each. The purpose of this research is to determine the algorithm which is
better. The parameters which used to compare that two algorithms are the running time and
complexity. The research results obtained from the complexity of the Algorithms MD5 and
SHA256 is the same, i.e., Ɵ (N), but regarding the speed is obtained that MD5 is better compared
to SHA256.
 3. PROBLEM DOMAIN

Disadvantages of Cloud necessary a persistent net connection, does not work excellent on slow
connections, if net speed slow , can have minimal functionality, Net speed slow data are insecure
and data can be destroy.
1. Whenever any organization stores data on public cloud then there is a risk of accessing
sensitive data, attackers may attack the data internally.
2. Difficult X.509 Protocol is maintain the database of Private keys owned by certificate
authority and public keys is distributed to the user
3. AES Algorithm Memory Space,Battery consumption and 3DES Memory Space, Slow
process and takes the large time of data transfer, AES Key size 128,192,256 bits and 3DES
key size 112 or 118 bits.
4. SHA256 is difficult to handle because of its size 256 bit digest size for single input and 64
hexadecimal digit generate.Performance-wise,20-30% slower to calculate than MD5.

4. SYSTEM ARCHITECTURE AND METHODOLOGY

System architecture and methodology are flow of complete work is described step by step with
the encryption and decryption of flow diagram. Systematic procedure is cited below:-

Figure 4.1: System Architecture

Step 1: Generation of Key:

• Login user from application in authentication server
 • Gererate token from ticket granting server
• match the token Login user from Authentication Server.
Step 2: Calculate Integrity:- MD5 caculate integrity when file is uploading and applied on it
generation 512 bit digest size. Integrity of the file will be checked in this process.

Figure 4.2: Integrity Calculation

Step 3: Encryption Process:- When confidentiality is used to keep data private and safe from
unauthorized used. RC6 and Blowfish maintain the confidentiality when data transfer unauthorized
network. when file user upload on application then divided given administrative user chunk size,
Even chunks takes RC6 algorithm and Odd chunks takes Blowfish algorithm. Encrypted and
unreadable formed into cipher chunks file.

Fig. 4.3: Encryption Process

• Chunks are addressed with some chunk id.

• These chunks are stored in Map Index.
 •
On the chunks the generated multiple keys are applied.
•
Cipher chunks that are addressed as key_id in map index using Blowfish and RC6
symmetric algorithm.
• After cipher text is stored in database.
• The chunk_id that are stored in Map index are encrypted using MD5.
Step 4: Decryption:- A decryption process that takes an encrypted piece and then identifies the
even and odd pieces. Even fragments are decrypted using RC6 to get simple fragments and
Blowfish are odd chunks to get simple fragments. These fragments are rewritten to produce a
complete file.

Figure 4.4: Decryption Process

Step 5: Original File Comparison: Recalculation of fragment file integrity is done using
MD5. The recalculated files are then compared to the counted files and if they match, they
are accepted rather than rejected.

Figure 4.5: Comparison of original file

5. RESULT ANALYSIS
5.1 Upload file:- Table 1 Comparative Execution Times(text,docx file size , chunking time
campare with different chunking size,key size RC6-192, Blowfish-128) of encryption algorithms
with different file size.

RC6 Blowfish MD5 file

file Chunking file chunk Chunking file chunk Chunking
Upload File File Key Key Key chunk
size(kb) Time(ms) 1024 bit Time(ms) 2048 bit Time(ms)
Size(Bit) Size(Bit) Size(Bit) 512 bit
 Encryption
text 5120.9 192 128 128 10242 9871.51 5121 4067.8016 2561 3093.496
crypto time
Encryption
text 10241.8 192 128 128 20484 18386.2 10242 9049.1928 5121 6461.629
crypto time
Encryption
text 15362.7 192 128 128 30726 27097.2 15363 13334.196 7682 8719.612
crypto time
Encryption
text 20483.61 192 128 128 40968 33630.8 20484 21446.972 10242 10838.91
crypto time
Encryption
docx 5163.8 192 128 128 10328 8865.3 5164 6511.4698 2582 2412.644
crypto time
decryption
docx 10406.64 192 128 128 20814 16594.5 10407 12329.331 5204 5473.423
crypto time
Encryption
docx 15544.55 192 128 128 31090 23923 15545 23517.576 7773 7531.802
crypto time
Encryption
docx 20754.97 192 128 128 41510 41604.5 20755 24371.731 10378 10563.95
crypto time

text and docx file

45000
40000
35000
file chunk 512 bit
30000
25000 Chunking Time(ms)
20000 file chunk 1024 bit
15000
Chunking Time(ms)
10000
5000 file chunk 2048 bit
0 Chunking Time(ms)
5120.9 10241.8 15362.7 20483.61 5163.8 10406.64 15544.55 20754.97
file size (kb) chart-I

Above shown table-1 and chart-I are different file size uploading in application running on amazon
web service, Used key size symmetric encryption algorithm are RC6-192 and Bbowfish-128 bit
key size operated in three file chunks size 512,1024, 2048 bit. We found that file chunk size 2048
bit less time other file chunk size. file size 5mb,10mb, 15mb and 20mb are optimum performance
file chunk size 2048 bit other file chunks size.

5.2 Download file:-Table 2 File chunks and chunking time campare with different chunking size.
RC6 Blowfish MD5 file
Download file Chunking file chunk Chunking file chunk Chunking
File Key Key Key chunk
File size(kb) Time(ms) 1024 bit Time(ms) 2048 bit Time(ms)
Size(Bit) Size(Bit) Size(Bit) 512 bit
decryption
text 5120.9 192 128 128 10242 238301 5121 17228.202 2561 9180.175
crypto time
decryption
text 10241.8 192 128 128 20484 121607 10242 80427.111 5121 40967.67
crypto time
decryption
text 15362.7 192 128 128 30726 391174 15363 234441.68 7682 113813.3
crypto time
decryption
text 20483.61 192 128 128 40968 475108 20484 518063.84 10242 253727.9
crypto time
decryption
docx 5163.8 192 128 128 10328 48281 5164 17803.99 2582 64600.23
crypto time
decryption
docx 10406.64 192 128 128 20814 119343 10407 88406.442 5204 159655.4
crypto time
decryption
docx 15544.55 192 128 128 31090 429386 15545 245621.6 7773 311534.3
crypto time
decryption
docx 20754.97 192 128 128 41510 896379 20755 520315.42 10378 662873.6
crypto time
 Download Text and Docx file
1000000
900000
800000
700000 file chunk 512 bit
Time(ms)

600000
Chunking Time(ms)
500000
file chunk 1024 bit
400000
300000 Chunking Time(ms)

200000 file chunk 2048 bit

100000 Chunking Time(ms)
0
5120.9 10241.8 15362.7 20483.61 5163.8 10406.64 15544.55 20754.97
file size(kb) chart-II

When Different file size Downloading in application running on amazon web service, symmetric
algorithm are reverse process when downloading. file size 5mb,10mb, 15mb and 20mb used in
downloading. Downloading time is taking more than uploading time.

5.3 Upload file:-Table3 Uploading file size, change the key size used RC6-128 andBlowfish-256
RC6 Blowfish MD5 file file file
file Chunking Chunking Chunking
Upload File File Key Key Key chunk chunk chunk
size(kb) Time(ms) Time(ms) Time(ms)
Size(Bit) Size(Bit) Size(Bit) 512 bit 1024 bit 2048 bit
decryption
text 5120.9 128 256 128 10242 9861.41 5121 4057.811 2561 3474.96
crypto time
decryption
text 10241.8 128 256 128 20484 18485.1 10242 9149.679 5121 6511.559
crypto time
decryption
text 15362.7 128 256 128 30726 27196.7 15363 13434.159 7682 8743.579
crypto time
decryption
text 20483.61 128 256 128 40968 33731.8 20484 21549.972 10242 10994.1
crypto time
decryption
docx 5163.8 128 256 128 10328 8865.31 5164 6592.467
crypto time 2582 3743.114
decryption
docx 10406.64 128 256 128 20814 16694.5 10407 12228.581
crypto time 5204 7760.715
decryption
docx 15544.55 128 256 128 31090 23889.4 15545 24506.414
crypto time 7773 10432.89
decryption
docx 20754.97 128 256 128 41510 41704.2 20755 24280.89
crypto time 10378 10274.78

Upload text and docx file, key size change

45000
40000
35000
30000
Time(ms)

file chunk 512 bit

25000
20000 Chunking Time(ms)
15000 file chunk 1024 bit
10000
5000 Chunking Time(ms)
0
file chunk 2048 bit
Chunking Time(ms)

file size(kb) chart-III

 Symmetric crypto algorithm key size change RC6-128 bit and Blowfish-256 bits executive
time improve uploading file.

5.4 Download file:- Table 4 File chunk and chunking time campare with different chunking
size,key size RC6-128 and Blowfish-256 bit used in Downloading file
RC6 Blowfish MD5 file file file
Download file Chunking Chunking Chunking
File Key Key Key chunk chunk chunk
File size(kb) Time(ms) Time(ms) Time(ms)
Size(Bit) Size(Bit) Size(Bit) 512 bit 1024 bit 2048 bit
decryption
text 5120.9 128 256 128 10242 228310 5121 17126.456 2561 8976.175
crypto time
decryption
text 10241.8 128 256 128 20484 123616 10242 80316.153 5121 40558.29
crypto time
decryption
text 15362.7 128 256 128 30726 382771 15363 233452.62 7682 113120.8
crypto time
decryption
text 20483.61 128 256 128 40968 478123 20484 517172.58 10242 251449.8
crypto time
decryption
docx 5163.8 128 256 128 10328 47290 5164 17158.184 2582 10889.26
crypto time
decryption
docx 10406.64 128 256 128 20814 118314 10407 87416.698 5204 44330.47
crypto time
decryption
docx 15544.55 128 256 128 31090 428385 15545 244637.66 7773 72445.6
crypto time
decryption
docx 20754.97 128 256 128 41510 893621 20755 520202.69 10378 122630.7
crypto time

Download text and docx file, key size change

1000000
800000
Time(ms)

file chunk 512 bit

600000
Chunking Time(ms)
400000
file chunk 1024 bit
200000
Chunking Time(ms)
0
file chunk 2048 bit
Chunking Time(ms)

file size(kb) chart-IV

Above shown table-4 and chart-IV are display Execution time variations Symmetric crypto
algorithm key size change RC6-128 bit and Blowfish-256 bits executive time are improved in
downloading file.

6. COMPRATIVE RESULT ANALYSIS

File uploading Execution Times better than Downloading Execution Times. RC6 and Blowfish
Algorithm Key size change, variations of Uploading Downloading Execution Times. When RC6
Key size 192, Blowfish key size 128 use less execution time in text and docx file Variation of
key size change better execution time 20mb docx file.
Administrative decided File chunks size 512,1024 and 2048 bit (we are file size divided into 512
bit, 1024bit, 2048 bit )File size 5mb,10mb,15mb,20mb better perform of execution time use in file
chunking size 2048 bit. text and docx file encryption crypto time better than decryption crypto
time .If file chunking size greater than execution time less in Upload and download Process. The
lesser file size, less execution time. RC6 and Blowfish fast data encryption and Less Memory use,
key size RC6 128-256 bits and Blowfish key size 32-448 bits. RC6 and Blowfish more secure
other symmetric algo. MD5, 128 bit digest size for single input and fast calculation,32 hexadecimal
digit generate.
 7. CONCLUSION
Amazon web service (cloud computing) obviously offers various facility and numerous
advantages, other than it also has many issues. Conventional encryption methods do not guarantee
accurate and reliable data protection. The raise in internet use and automation of regular industry
influence the way of business. Client always demand for security and data privacy.
They always demand to keep their data safe and secure. AWS are best performance network, rest
data in provide strong security. Kerberos server is the solution for network security broblem since
it provides strong security secret key over the insecure network. Using BLOWFISH and RC6
algorithm with splitting data into chunks and encrypting even and odd chunks with cryptographic
technique.The integrity (MD5) of file or data .We Achieved Authentication, confidentiality,
Integrity one solution of application in cloud computing with AWS. Deploy Application at AWS
Environment. Dependent Execution time on system configuration and internet speed. One year
free EC2 instance Application at t2.micro AWS environment and after minimum cost pay use
service, We used cipher file upload and download for confidentiality, integrity strong security
service.

REFERENCES

1. Sakshi Narula, Arushi Jain, Prachi, “Cloud Computing Security: Amazon Web Service” 2015 Fifth
International Conference on Advanced Computing & Communication Technologies
2. Monika Gogna,[2] © 2018 JETIR July 2018, Volume 5, Issue 7(comparison of x.509,Kerberos,and
pkinit for open distributsd network.
3. P. Princy [3]International Journal of Computer Science & Engineering Technology (IJCSET)(A
comparision of symmetric key algorithm AES, DES, 3DES, BLOWFISH, RC4, RC6: A survey).
4. D Rachmawati (4)* , et all (2nd International Conference on Computing and Applied Informatics 2017
IOP Publishing doi :10.1088/1742-6596/978/1/012116).
5. Piyush Gupta et al, (4) (IJCSIT) International Journal of Computer Science and Information
Technologies, Vol. 5 (3) , 2014, 4492-4495
6. Vishwanath S Mahalle et al. [5] (2014 IEEE )
7. Swedha.K, Tanuja Dubey Analysis of Web Authentication methods using Amazon Web Services”, 9th
ICCCNT 2018 July 10-12, 2018, IISC - Bengaluru,
8. Shrujana Murthy 1 , Kavitha C.R “Preserving Data Privacy in Cloud using Homomorphic Encryption”
Proceedings of the Third International Conference on Electronics Communication and Aerospace
Technology [ICECA 2019] IEEE Conference Record # 45616; IEEE Xplore ISBN: 978-1-7281-0167-
5
9. Khalid M. Abdullah Essam H. HousseinHala H. Zayed, “New Security Protocol using Hybrid
Cryptography Algorithm for WSN”. 9th International Computer Engineering Conference (ICENCO),
28-29 Dec. 2013.
10. MilindMathur, AyushKesarwani, “Comparison between DES, 3DES, RC2, RC6, BLOWFISH and
AES”. Proceedings of National Conference on New Horizons in IT – NCNHIT 2013.
11. M. Harini, K. PushpaGowri, C. Pavithra, M. PradhibaSelvarani, “A Novel Security Mechanism Using
Hybrid Cryptography Algorithms”. International Conference on Electrical, Instrumentation and
Communication Engineering (ICEICE), IEEE 2017.
12. JayrajGondaliya, JinishaSavani, VivekSheetalDhaduvai, Gahangir Hossain, “Hybrid Security RSA
Algorithm in Application of Web Service”. 1st International Conference on Data Intelligence and
Security IEEE 2018.
13. Kalyani Ganesh Kadam, Prof. VaishaliKhairnar, “HYBRID RSA-AES ENCRYPTION FOR WEB
SERVICES”. International Journal of Technical Research and Applications, Issue 31(September 2015),
PP. 51-56.
14. KirtirajBhatele, ProfAmitSinhal, ProfMayankPathak, “A Novel Approach to the Design of a New
Hybrid Security Protocol Architecture”. International Conference on Advanced Communication
Control and Computing Technologies (ICACCCT) IEEE 2012.
15. KhushbuJakhotia, RohiniBhosale, Dr. Chelpa Lingam, “Novel Architecture for Enabling Proof of
Retrievability using AES Algorithm”. Proceedings of the IEEE 2017 International Conference on
Computing Methodologies and Communication (ICCMC).
16. Akshay Arora, Abhirup Khanna, Anmol Rastogi, Amit Agarwal, “Cloud Security Ecosystem for Data
Security and Privacy”. 7th International Conference on Cloud Computing, Data Science & Engineering
– Confluence, 2017.
17. Mr. Manish M Potey, Dr C A Dhote, Mr Deepak H Sharma, “Homomorphic Encryption for Security of
Cloud Data”. 7th International Conference on Communication, Computing and Virtualization 2016.
18. B. Hari Krishna, Dr. S. Kiran, G. Murali, R. Pradeep Kumar Reddy, “Security Issues In Service Model
Of Cloud Computing Environment”.
19. K. Ruth Ramya, T. Sasidhar, D. Naga Malleshwari& M.T.V.S. Rahul, “A review on security aspects of
data storage in cloud computing”, International Jounal of Applied Engineering Research, Vol 10, No 5,
2015. pp. 13383-13394.