Store, Access and Share Confidential Data Using Elliptic Curve Cryptosystem on Cloud Ashlekha Jain1, Prof

Home , As a service, Cloud storage

Research Article Volume 9 Issue No. 5 Store, Access and Share Confidential Data using Elliptic Curve Cryptosystem on Cloud Ashlekha Jain1, Prof. Dr. Aradhana. D2 Student1, Guide2 Department of CSE Ballari Institute of Technology & Management, Ballari, India

Abstract: Cloud is the big paradigm shift from storing data on local storage devices to storing digital data on centralized cloud. With many advantages, Cloud storage comes with once major user concern: Security and Privacy. The pace with which cloud usage is increasing, demand for user data integrity has also increased because user data on Cloud could be exposed to bigger audience if compromised. Therefore, presently RSA has been the most popular cryptographic scheme used by Cloud Service Provider to secure Cloud Data.This paper is intended to design a security service for Cloud data using Elliptic Curve Cryptography Scheme (ECC). This scheme has advantage of smaller key size compared to RSA for same level encryption and decryption. Various studies have also shown that ECC requires less resources in terms of CPU cycle and memory.

Keywords: Cloud Architecture, Cloud Security, Cloud Services, Cloud Service Model, Cryptography and Elliptic Curve Cryptography.

I. INTRODUCTION Applications can be easily migrated from one physical server to another. Cloud is the method to save data to another off-site storage system that is owned and maintained by a third party. Rather A. The Cloud Architecture than storing information to user’s own computer's hard drive The basic architecture for cloud data storage is or other local storage device, he/she saves it to a remote illustrated in figure 1. The three different identifiable network database. The Internet is the communication channel that entities are as follows: User, Cloud Service Provider (CSP) connects user to the remote storage. Security is one of the and Software Applications. challenging issues in terms of upload and store confidential data to cloud system. In this paper, we have discussed implementation concepts for cloud security using Elliptic curve algorithm as this is better than RSA in terms of key size and security level about confidential data.

II. CLOUD STORAGE SYSTEM

When Why Cloud computing? Various advantages of Cloud have made it the most preferable technology in current scenario. For better understanding of cloud as technology, first step is to know about its characteristics. a. Automated Service Catering: Once the user configures computing logic and requirements, system automatically cater services such as server time and network storage without further human intervention. Figure.1. cloud data storage architecture. b. Range of access technology supported: Data is stored on User can store and access data through any digital media servers and can be accessed through single standard protocol devices like workstation or smart phones or handheld by using like Laptops, Desktops, tablets or mobile phones. devices, using Internet as the communication channel. User c. On-Demand Optimum Resource utilization: The Service Interface is responsible for converting User Requests into a Provider owns resources like storage, processing, memory and Service Provisioning Request. Software Application network bandwidth. The Cloud Service Provider uses multi- processes the request and provides Cloud Storage Services to tenant model and allocate both physical and virtual resources the User and same configuration request is sent over to to multiple consumers based on demand. Cloud Servers. Cloud Storage Servers are the physical d. Transparency in Service Usage: Resource usage can be resources owned and controlled by a third-party service monitored, controlled, and reported, providing transparency provider. To cater requirement of user that varies from one to for both the provider and consumer of the utilized service. other users, virtual storage pools are created and assigned to e. Virtualization: Virtualization technology allows servers respective users, this is charged by the Cloud Service and storage devices to be shared and utilization is increased. Provider.

International Journal of Engineering Science and Computing, May 2019 22448 http://ijesc.org/ B. Cloud Service Models One issue with cloud computing is that the management of the The Cloud Security Alliance has defined three delivery models data which might not be fully trustworthy; the risk of in cloud architecture, which are shown in the Figure 2 Below. malicious insiders in the cloud and the failure of cloud services have received a strong attention by companies.” [2]

III. CHOICE OF EFFICIENT ENCRYPTION TECHNIQUE

A. Concept of Cryptography

There are mainly two kinds of cryptographic systems 1. Symmetric key cryptography 2. Public key cryptography.

Figure.2. Cloud Service Model 1. Symmetric-key algorithm – There is single secret key that is used by both sender and receiver. Secure Key sharing with “Infrastructure as a Service (IaaS): IaaS provides cloud sender and receiver must be performed before data consumers high level of control and responsibility of transmission. As same key is used for both encryption and configuration and utilization of IT-resources like virtual server decryption, security of Key and its sharing is important aspect. instances and storage, APIs hardware, networks and operating 2. Asymmetric – Set of two keys viz: Public Key & Private systems. Key are used at both sender and receiver. The public key is Platform as a Service (PaaS): PaaS provides cloud consumers made available to all whereas sender and receiver maintain a ready-made environment comprised of already deployed and Private Key individually. Encrypt is used by using Private configured IT resources. Here, consumers have lower level of Key of sender and Public Key of receiver, similarly decryption control over the deployed applications. is performed using Public Key of Sender and Private Key of Software as a Service (SaaS): SaaS provides cloud consumers receiver. to use and configures cloud service. A cloud consumer has 3. Combined: Key used for encryption/decryption is very limited administrative control over SaaS implementation symmetric but is transferred between sender and receiver The maintenance, management and implementation of cloud using Asymmetric method. [3] services are done by cloud service provider.” [1] a. Cryptography is used for addressing the network security problems. C. Cloud Classification 1. Data Integrity: It refers to maintain correctness of data Clouds are classified into 4 types depending upon their sizes where data is not edited by any unauthorized person or is and usage. compromised in any sense. “Public cloud: A public cloud is an infrastructure or 2. Authentication: It determines whether data is accessed by environment, which is publicly accessible and is owned by an authenticated user or not, to whom access, or permission third party cloud service provider. In this, CSP provides the has been granted. same infrastructure resources over the Internet to all the 3. Non-Repudiation: It deals with the assurance that sender customers of public cloud with limited configurations, security cannot deny sending a message that they originated. protection and dynamic availability. 4. Secrecy: Security of data. [4] Private cloud: A private cloud is an infrastructure or b. Data Storage on Cloud includes security, key storage, CPU environment that is meant for an organization. Data in private usage etc. RSA has been found the most commonly used cloud are more secured and controlled as compared cryptographic scheme for Cloud Data. In RSA algorithm the to the public cloud. Private cloud can be hosted in on premise security strength is directly proportional to the key size. or by externally trusted third party. Therefore, larger the key size more is the security. But larger Community cloud: A Community cloud is an infrastructure key size demands for more storage capacity to store key in or environment that is meant for more than one organization key server. The cryptosystem called elliptic curve with specific community i.e. shares common and specific cryptography which uses two set of keys Public and Private. needs such as policy compliance, security and privacy. Cloud Even with lesser key size compared to RSA. [5] service provider may manage the community cloud or organizations and may be hosted on-premises or off c. ECC is chosen over RSA due to following advantages: premises.  Shorter keys are as strong as long key for RSA. Hybrid cloud: Integration of two or more clouds (private,  Low on CPU consumption. community, or public) forms hybrid cloud to meet the unique  Low on memory usage. requirements of an organization by performing different  Size of encrypted data is smaller. functions.” [1] In today’s world ECC algorithm is used in case of key exchanges by certificate authority (CA) to share the public D. Security Threats in Cloud key certificates with end users. Elliptic Curve Cryptography Security is considered as one of the most critical aspects in is a secure and more efficient encryption algorithm than RSA everyday computing and it is not different for cloud as it uses smaller key sizes for same level of security as computing due to sensitivity and importance of data stored on compared to RSA. For e. g. a 256-bit ECC public key the cloud. “Cloud Computing infrastructure uses new provides comparable security to a 3072-bit RSA public key. technologies and services, most of which haven’t been fully The aim of this work is providing an insight into the use of evaluated with respect to the security. Cloud Computing has ECC algorithm for data encryption before uploading the several major issues and concerns, such as data security, trust, documents on to the cloud. “Unlike other popular algorithms expectations, regulations, and performances issues.

International Journal of Engineering Science and Computing, May 2019 22449 http://ijesc.org/ such as RSA, ECC is based on discrete logarithms that are much more difficult to challenge at equivalent key lengths. But the entire curve should have the following characteristics: Every participant in the public key cryptography will have a  Forms an abelian group pair of keys, a public key and private key, used for encryption  Symmetric about the x-axis and decryption operations. Public key is distributed to all the  Point at Infinity acting as the identity element” [5] participants where as private key is known to a participant only. “[6] b. Elliptic Curve cryptographic Schemes “Several discrete logarithm-based protocols have been B. Elliptic Curve Cryptography adapted to elliptic curves, replacing the group with an elliptic “Kibitz and Miller independently proposed elliptic curves in curve: public-key cryptography in 1985 and, since then, an enormous  The Elliptic Curve Diffie–Hellman (ECDH) key amount of work has been done on elliptic curve cryptography agreement scheme is based on the Diffie–Hellman scheme, (ECC). The attractiveness of using elliptic curves arises from  The Elliptic Curve Integrated Encryption Scheme the fact that similar level of security can be achieved with  (ECIES), also known as Elliptic Curve Augmented considerably shorter keys than in methods based on the Encryption Scheme or simply the Elliptic Curve Encryption difficulties of solving discrete logarithms over integers or Scheme, integer factorizations  The Elliptic Curve Digital Signature Algorithm a. Elliptic curves (ECDSA) is based on the Digital Signature Algorithm, An elliptic curve (EC) is a smooth, projective algebraic curve  The ECMQV key agreement scheme is based on the of genus one, on which there is a specified point O. An elliptic MQV key agreement scheme. curve is in fact an abelian variety – that is, it has a  The ECQV implicit certificate scheme. [5] multiplication defined algebraically, with respect to which it is ” a (necessarily commutative) group – and O serves as the c. Elliptic curve Diffie Hellman key exchange algorithm identity element. Often the curve itself, without O specified, is – The figure below shows stepwise algorithm using Elliptic called an elliptic curve. Any elliptic curve can be written as a Curve. plane algebraic curve defined by an equation of the form: Y2 =x3 +ax +b (Where a and b are elements of R). The different curves, which are, satisfied the above equation by different values of a (along y axis) and b (along x axis) are as below.

Figure. 5. Diffie Hellman Key Exchange Algorithm

2 3 d Advantages of elliptic curve cryptography Figure.3. A) E(-1,0) Y = X – X  Length of the key is shorter than RSA.  Computational complexity of ECC is lesser than RSA  Power Requirement is also low.  Due to above reason and elliptic curve, it is more secure [5]

IV. SYSTEM DESIGN

A. Objective Here we draft a system that stores data on cloud using Elliptic Curve Cryptography with three main aims:

1. Cloud Data Confidentiality: User is allocated storage space on cloud and data is stored in encrypted form. Keys are not stored with the data for security. 2. Secured Access to data: When user requests for downloading his data, file is extracted from user space on Figure.4. B) E (1,1) Y2 = X3 + X + 1 cloud and key is taken from Secured

International Journal of Engineering Science and Computing, May 2019 22450 http://ijesc.org/ Key Server whose location is known only to the system. This Registration: First time, user must register to this secure Key Server is safe from both provider and unauthorized user. system by providing basic details and setting user id and The decrypted file is given to the user. password for further login. 3. Secured Data Sharing: In this user can share his data to Login: User can access this Secure system features after another user of the system using mail. successful login by giving user id & password. Once logged in, user can perform below listed operations. B. System Architecture File Upload: When the user uploads the file, the system takes In our paper, user first registers himself to the system. With the file as input, encrypt it by using ECC public key successful registration, user is allocated with a dedicated space cryptography and store it in the storage server then stores the on cloud. Once user logs in, he has option to upload file, secrete key into the key server. download file, delete file or share file. All data stored on cloud File Download: In downloading phase, the system fetches the is encrypted. The Figure 6 ahead shows system Architecture. file from storage server, then find out the secrete key in key Where F is File to store on Cloud Server, C is Encrypted File, server using the key and encrypted file, then system decrypts K is Key Server storing secret keys of various files and S1, S2, the file and the user fetches it. …Sn represent Storage Server shaving encrypted file of users. File Delete: In deletion phase, on user command the system The proposed approach prevents third party attackers from deletes the encrypted file from storage server and delete hacking the data which is stored in cloud, since data is corresponding secrete key from key server. encrypted, and the key used to encrypt the data is stored in File Forward: In this system architecture, user can forward separate secure key server in the cloud, by this approach user file to other user of this same secure system. In the Figure 6 can trust the third-party cloud to store their confidential data. user ― User A forwards his file to User B. For sharing command, system duplicates the secret key of the file and file itself in User B, storage space. Now receiver can download that file

D. Implementation

1) If the user does not have an account already, new account must be created by filling in the registration form. 2) If the user already exists, the username and password is used to login in to the system. Figure.6. System architecture 3) User creates on folder and selects a file to upload into that The proposed approach prevents third party attackers from folder. hacking the data which is stored in cloud, since data is 4) The file is stored in the user’s cloud space by encrypting the encrypted, and the key used to encrypt the data is stored in file using ECC encryption and storing its key on a separate separate secure key server in the cloud, by this approach user location on server namely Key Storage. can trust the third-party cloud to store their confidential data. 4) User can select file from his created folders to download on host machine. C. Use Case 5) To retrieve above selected file, Key is retrieved from Key Here, user of secured system is the Actor of use case and Storage and file from User Space on server. Decryption is various tasks he can perform are various use case views. As performed. shown below in Figure 7, use case view of proposed system. 6) The file is downloaded at host machine. Your Conference Paper must follow these overall formatting 7) User selects to forward the file from his created folder to specifications: another user, registered in the same application. The file from user space and key from Key storage is copied in the receiver user’s space on cloud server. 8) The file shared with receiver user is decrypted using his key therefore if this key or file is deleted, the original data of sender is secure in his user space. 9) User selects to delete specific file from his created folders, file as well as corresponding key are deleted from user space and key storage respectively.

V. CONCLUSION

In this paper, a private cloud storage system design and functionality has been discussed that supports ECC encryption and decryption scheme. This secure system framework supports functionalities like file storing in encrypted format, forwarding, deleting and decryption functions using ECC encryption scheme Additionally, each file forwarding keeps source file and key secured from receiver’s attempt to delete it. It will only delete receiver’s copy. Key Server file storage is tightly secure as key file names are also encrypted so which key file belongs to the supposedly compromised file can only be determined through brute force attack. Therefore, proposed file storing system provides a new level of security to the Figure.7. Use case view of proposed secure system cloud users.

International Journal of Engineering Science and Computing, May 2019 22451 http://ijesc.org/ VI. REFERENCES Confidential Data using AES-128, 192 and 256bit Encryption in Cloud 2015 1st International Conference on Next [1]. Shilpi Singh, Vinod Kumar (2015, May), “Secured User’s Generation Computing Technologies (NGCT-2015) Dehradun Authentication and Private Data Storage- Access Scheme in India, 4-5 September 2015 Cloud Computing Using Elliptic Curve Cryptography” 2015 2nd International Conference on Computing for Sustainable [7]. Gopinath V 1, Bhuvaneswaran R. S (2014 September), Global Development (INDIACom) Vol. 3, Issue 4, Jul-Aug “Study on Secure Cloud Computing with Elliptic Curve 2013, pp.791,792 Cryptography “IJCSI International Journal of Computer Science Issues, Vol. 11, Issue 5, No 2, September 2014 ISSN [2]. Rachna Arora, Anshu Parashar (2013, July-August), (Print): 1694-0814 “Secure User Data in Cloud Computing Using Encryption Algorithms “International Journal of Engineering Research VIII.ACKNOWLEDGEMENT and Applications (IJERA). pp. 1922 I Would like to extend my gratitude to Dr. R.N. Kulkarni, [3]. Bharat S. Rawal, S. Sree Vivek (2017, November), HOD, CSE dept. BITM for encouraging me to take up this “Secure Cloud Storage and File Sharing” 2017 IEEE task to work for this paper. We thank our college Ballari International Conference on Smart Cloud (SmartCloud). p. 79 Institute of Technology and Management, Ballari, where all resources were provided to carry on the research for the [4]. Arockia Panimalar.S, Dharani.N, Pavithra.S, Aiswary.R proposed paper. I thank my mentor and guide, Dr. Aradhana (2017, September) “Cloud Data Security Using Elliptic Curve D, Assistant Professor, CSE dept. BITM, for her constant Cryptography” International Research Journal of Engineering guidance and comments that greatly improved the manuscript. and Technology (IRJET) Volume: 04 Issue: 09 Sep -2017. pp. Last but not the least, I would like to thank my family for their 34 co-operation during my work.

[5]. Amaresh Patil, Valluripalli Srinath, Sudheer Shetty (2014, February), “Survey on Efficient Secure Storage Authentication in Cloud Storage System” International Journal of Engineering Research & Technology (IJERT) p. 3,4,5

[6]. C. Nithiya, R. Sridevi (2016, March), “ECC Algorithm & Security in Cloud” International Journal of Advanced Research in Computer Science & Technology (IJARCST 2016) pp. 25

VII. ADDITIONAL RESOURCES

[1]. Eugene Gorelik (2013, January), “Cloud Computing Models” Working Paper CISL# 2013-01 at 2013 Massachusetts Institute of Technology

[2]. BAI Qing-hai1, ZHANG Wen-bo1, JIANG Peng1, LU Xu1 (2012), “Research on Design Principles of Elliptic Curve Public Key Cryptography and Its Implementation” 2012 International Conference on Computer Science and Service System

[3]. Anshuman Chabbra and Shivam Arora, (2017), “An Elliptic Curve Cryptography Based Encryption Scheme for Securing the Cloud against Eavesdropping Attacks.” 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC)

[4]. Alowolodu O.D, Alese B.K, Adetunmbi A.O., Adewale O.S and Ogundele O.S. (2013, March), “Elliptic Curve Cryptography for Securing Cloud Computing Applications” International Journal of Computer Applications (0975 – 8887) Volume 66– No.23, March 2013

[5]. G. Prabu kanna and V. Vasudevan (2016), “Enhancing the Security of User Data Using the Keyword Encryption and Hybrid Cryptographic Algorithm in Cloud” International Conference on Electrical, Electronics, and Optimization Techniques (ICEEOT) – 2016

[6]. Gaurav Raj, Ram Charan Kesireddiy and Shruti Guptaz (2015, September), “Enhancement of Security Mechanism for

International Journal of Engineering Science and Computing, May 2019 22452 http://ijesc.org/