Fully Homomorphic Encryption (FHE): a Framework for Enhancing Cloud Storage Security with AES

INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 04, APRIL 2020 ISSN 2277-8616

Fully Homomorphic Encryption (FHE): A Framework For Enhancing Cloud Storage Security With AES

Rudragoud Patil, R. H. Goudar

Abstract: Cloud computing is an environment where a huge amount of data and programs can be stored, which are accessed through the internet on- demand. With this rapid evolvement, there are more concerns with respect to cloud technology, data security and there is a necessary requirement to enhance security algorithms that are used in the process. Homomorphic Encryption is the encryption algorithm that works on ciphertext data to provide data confidentiality. But performing the Homomorphic encryption (computations on encrypted cloud data) on a single node or in the sequential process took the more processing time and memory than the performing the same operations on the plain text (unencrypted data). Parallel processing enables us to perform operations on multiple nodes it will take lesser time to complete the applied operation than the sequential process. In this work, we also show another work on the Data partitioning method is used to improve the security of client data on the cloud. Client data will be divided into multiple parts of chunks with equal size and store on a different server. In this paper, Fully Homomorphic Encryption (FHE) framework using an Advanced Encryption Standard (AES) is implemented. It will perform various operations on ciphertext information. The implemented solution also solves the issue of noise which is coming out because of the usage of FHE on the huge cipher text.

Index Terms: cloud storage, data confidentiality, data privacy and security, data partitioning, fully homomorphic encryption, gentry’s encryption algorithm. ——————————  ——————————

1 INTRODUCTION That means performing the operations on the data (ciphertext) Cloud computing technology hosts the different types of that is encrypted and stored on the cloud without decrypting it services like software, hardware, networking capabilities, etc. (without converting the ciphertext into plain text). The result and provides these cloud services to the users, clients, produced by the Homomorphic encryption is the same as the organizations, public and etc., on-demand in as pay-as-you-go result produced by performing the same operations on method. In cloud computing security and privacy is a major unencrypted (plain text) data. concern. Commonly data encryption techniques are used by clients to secure the data on the cloud. Encryption techniques effectively secure the client data on the public environment called cloud computing. The client can use encryption algorithms on plaintext for security purposes before outsourcing data on the cloud, and the client can use the decryption method to get his own data from the cloud storage. Generally, if the client wants to apply some computational operations on his personal data stored on cloud storage. First, .Working of Homomorphic Encryption he should retrieve the data by decrypting the cipher text (i.e., Fig.1 converting cipher text into plain text) from the cloud. After decryption, he can apply the computing operations on that Homomorphic Encryption techniques are classified into three data, after applying the operations client can again encrypt the categories those are: Partially Homomorphic Encryption result and store it on the cloud. This decrypting the data and (PHE), Somewhat Homomorphic Encryption (SHE) and Fully applying operations, again encrypting the result is an Homomorphic Encryption (FHE) schemes. PHE scheme is the overhead procedure. So this long procedure is reduced by only method that allows performing any one operation at a using the Homomorphic encryption method. time on encrypted data. SHE scheme allows us to perform more than one operation on cipher text data but still, there is a 1.1 Homomorphic Encryption restriction on the number of multiplication and addition The Homomorphic encryption method provides an ability to operations on encrypted data. FHE scheme it supports to apply addition, multiplication and other operations on the perform any number of arithmetic operations and can also cipher text data. compute any functions.

1.2 Data Partitioning And Encryption Technique In the multi-cloud system, cloud storage is used for storing the ______user’s huge volume of data. User’s huge data can be stored on cloud storage and also users can share and download the • Rudragoud Patil, Research Scholar, VTU RRC, Department of data. As we know two major concerns like security and privacy CSE, KLS GIT, Visvesvaraya Technological University, Belagavi, cloud storage. There are many techniques that exist to provide India. E-mail: [email protected] • R. H. Goudar, Associate Professor, Department of CSE, security for user data in the cloud. Sometimes user’s data may Visvesvaraya Technological University, Belagavi, India. E-mail: lose on cloud storage. Here we present the data partitioning [email protected] method to enhance the security and privacy of user’s data. In this method, the data is first partitioned into multiple parts based on size (with equal size of chunks), after partitioning the 3728 IJSTR©2020 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 04, APRIL 2020 ISSN 2277-8616

user’s data (text file) to store them on the different cloud Homomorphic encryption is performed on the multiple nodes servers and also generates a key to store and retrieve the to reduce the processing time. This work is done on a private user's data. This method gives more security to the user’s cloud using the gentry’s algorithm. In paper [2] shows user data. If attackers get anyone chunk of the file, it’s impossible to stores their data on the cloud and they want to protect those get whole file data because the other chunks of data are data from the third party attacker or unauthorized users. So stored on different servers. Fig.2 shows the architecture users need security to their data that is stored on the cloud. diagram of data partitioning and storing them on different cloud On cloud storage, security and privacy are major concerns. servers. This paper is organized as follows in Section 2. There are several encryption methods are exist, used to Objective of the work. In Section 3 related literature work is secure the user’s data that is stored on the cloud. Some presented. Section 4 gives detail design and implementation of methods are like Full Disk Encryption and Fully Homomorphic proposed scheme. Section 5 outlines results and analysis of Encryption. Author’s presented work on Homomorphic the proposed work. Finally conclusion is presented in Section encryption and they used the Diffie Hellman algorithm for 6. symmetric key agreement. Diffie Hellman algorithm is a key exchange algorithm. When two authorized parties want to communicate with each other, this algorithm creates a session key between them. And it also creates HMAC for the user’s data integrity and ―One Time Password‖ for more security. In paper [3] cloud computing provides the on-demand services to the users of the cloud. Users are charged as per the pay-per- use model. This work based on the homomorphic encryption technique to secure client data. And they also show performing the arithmetic operations (addition and multiplication) on encrypted data. RSA algorithm is used to processes the multiplication computation on encrypted cloud data because Fig. 2. Data Partition architecture diagram. RSA is multiplicative Homomorphic encryption. Paillier encryption is used to apply Homomorphic addition operation 2 OBJECTIVE on encrypted data. In [4] this paper presents a medical application. They used the Homomorphic encryption technique In cloud computing environment Fully Homomorphic to allow computation on encrypted cloud data without encryption enables users to perform the operation on decrypting the cipher text. And also they describe encrypted cloud data. This fully Homomorphic encryption Homomorphic encryption roles on encrypted data; it will provides data confidentiality and data privacy for client data provide privacy data sharing and confidentiality of data on the that is stored on cloud storage. FHE takes more processing cloud environment. In this, they show partial Homomorphic time and memory to process the applied operations on algorithms to perform arithmetic operations on encrypted cloud encrypted cloud data than a similar operation on the data. This proposed medical operation is used to process the unencrypted data. By taking parallel processing on encrypted sensitive patient's data that is stored on the cloud. In paper [5] cloud data it will reduce the processing time in cloud they focus on storing encrypted data on the cloud using Fully computing. This work presents secure parallel processing on Homomorphic encryption. The encrypted data is stored on the encrypted cloud data using FHE. This work is done by using Database of AWS public cloud. In this public cloud, the user's Gentry’s Homomorphic encryption algorithm using the AES computations are processed on the encrypted data. A client algorithm. Here processing time is measured by the time taken can download the results from the cloud on a client machine. to execute the applied operations in parallel (on multiple The public cloud has the user’s data in cipher text. In this work nodes) and time taken to transfer the data. The main first, they create a DynamoDB instance on AWS and after disadvantage of cloud storage is security. Clients store their creating an instance, next they create Database Tables. Two important personal large volumes of data on other third-party tables are created on Dynamo Data Base. Balance is stored cloud service providers, but this stored data is not completely using the operation of the Homomorphic encryption technique. safe because many data attackers or hackers try to read this Here the user has the ability to perform subtraction and stored data. So here another goal is to build an application to addition operations on this encrypted balance. In paper [6] improving cloud storage security using data partition and Homomorphic encryption enables to perform securely storing encryption method. and transmitting the confidential information on the cloud. This paper presents a work on Homomorphic encryption; they 3 RELATED WORK discussed the role and significance of the Homomorphic This section provides an ample review that is related to data encryption and also show some limitations with this type of fragmentation and also on secure parallel processing on encryption. And they explained why Homomorphic Encryption encrypted cloud data using Homomorphic encryption. In paper is important? The Homomorphic encryption method allows to [1] shows a fully Homomorphic encryption scheme enables to securely storing of the data, processing and transmitting the operate addition, multiplication and also other operations on encrypted data on a cloud environment without decrypting the cipher text data and also presents a work processing the data cipher text. This kind of encryption is using in many areas like on multiple nodes by parallel processing the encrypted data medical industries, industries with finance, and etc. In this using fully Homomorphic encryption. In this work, they used thesis, they also show an example of Homomorphic encryption the gentry’s algorithm to perform FHE. The parallel processing using in the medical industry. On the cloud, there are several will decrease the time taken to perform the applied operations cloud operating platforms to create and manages virtual on encrypted data in a cloud environment. The fully machines using the various application or system services. In

[7] this paper they explained the different types of security Gentry’s algorithm is used in this work. In this encryption vulnerabilities on different types of cloud platforms. With the scheme, Gentry’s method uses the bootstrapping procedure to knowledge of these types of security vulnerabilities, security reduce noise in the process of fully-Homomorphic encryption. developers can design and develop a secured cloud platform. Gentry’s encryption scheme shows that it will take a few And also they investigate the various possible security attacks seconds to perform two 8-bit integers’ subtraction, addition, on cloud platforms. In [8] this work they used the semi- and comparison arithmetic operations. And this algorithm also Homomorphic encryption. Here they considered the encrypted shows, it took a few minutes to perform multiplication sensor measurements in the networked control systems. operation on two 8-bit integers and for division operation it Paillier encryption algorithm [9] is used in this work to allow took hours. Parallel processing processes the operations performing summation operation on encrypted data. Paillier encrypted cloud data on multiple nodes using a fully- encryption algorithm is partial Homomorphic encryption, this Homomorphic encryption scheme, it reduces the processing assumes that sensors use the Paillier algorithm for encryption time. ―Ryan Hayward, Chia-Chu Chiang [1]‖ (2013a, 2013b) and the controller performs whatever the required presents the work on parallel processing of fully-Homomorphic computations on the encrypted data. In [10] authors had encryption in private cloud using Open Stack. Here we are presented the implementation of Fully Homomorphic using java programming language and stand-alone function. A encryption using AES algorithm and performed both addition client-Server model is shown in below diagram Fig. 4. It shows and multiplication operations. They also compared different the parallel processing of fully-Homomorphic encryption. Here FHE schemes by calculating times of Keygen, Encryption, shows that the client inputs the set of data (in the form of Decryption, and Evaluation and also solved noise problem integers) and those integers are encrypted and split into which will arise by using FHE on large cipher text. In [11] multiple parts (for integers it will split into pair wise). After authors had given solutions to provide confidentiality to user splitting input data, it is stored on multiple servers. Each data on the cloud by performing fragmentation after encryption computation server performs the applied operations. of the file. Various fragmentation techniques [12] are applied to user data before outsourcing to the cloud and found random fragmentation is better than other solutions.

4 DESIGN AND IMPLEMENTATION

4.1 Architecture of Parallel Homomorphic Encryption The basic working principle of the proposed system is shown in Fig. 3. The architecture comprises three entities: Client, Computation Dispatcher, and Computation Servers. Each entity is briefly described below.

Client: The client is one who wants to encrypt the file, upload on a different cloud server and apply the operations on encrypted data.

Computing Dispatcher: It provides services to store and manage client data. Computing dispatcher receives data from the client, divide the data and store on different computation server. Here it takes parallel processing of encrypted data. Fig. 4. Client-Server Model. Computation Servers: Each computation servers perform the applied operations on the client’s encrypted data in parallel 4.2 Data Partitioning To Improve the Security of Cloud and return the result back to the computation dispatcher. Storage Here another concept presenting the work on data partitioning and storing on multiple nodes. To improve the security of cloud data storage using the data partition method. Here client inputs the data, encrypts the data and divided into multiple parts based on the size of user data. Divided data will store on different cloud servers. This process is shown in below block diagram Fig. 5. This figure shows a block diagram of the data partition method. First client encrypts the data and generates a public key to store and retrieve the client data to (from) the different cloud servers. Next divided inputted data into multiple parts with equal size and also based on the number of servers available to store the client data. And next store the divided data on different servers. When a client wants that data back from the cloud, the client should enter a file name and public key to get the original data. Finally, the decrypted result gives Fig. 3. Architecture of secure parallel processing. back to the client. The partitioning method takes an important role in this process. It divides (splits) the client data into equal 3730 IJSTR©2020 www.ijstr.org INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 04, APRIL 2020 ISSN 2277-8616

size of multiple chunks to store on different cloud servers. And After partitioning the client, each part is stored on different it also gives easy access to an authorized user when that data servers. Each server on the cloud contains a part of a file. needs. 3. Homomorphic Technology: The Homomorphic encryption method enables to process of the operations on the encrypted cloud data. After processing the operation, then decrypted result will be the same as the result produced by the applying same operation on the plain text data (unencrypted data).

4. Retrieving the file: To retrieve the file from different servers, the authorized client should send a particular file name and public key to be fetched from the different servers. Then servers received the file name from the authorized client and match the file name with the files that are available in the storage of servers. And then matched file content and will send it to the client.

5. Integers based: Here, the first client can input the eight integers (8-bit). And those integers are split and store on different servers. Each Fig. 5. Block diagram of the data partition method. computation server performs the applied operation on the

stored data. Here shows an example of an addition operation 4.3 Proposed Homomorphic Encryption Scheme with AES on encrypted cloud data and fig. 6 shows the process of this Algorithm operation. First client inputs the 8-bit eight integers and the

addition of these integers was taken by dividing the 8-integers 1. Keygen: The key generated by using this function used for into 4-pairs and addition of each pair on different nodes. Then encryption/decryption operations. In our scheme, we have resulting will be 4-integers, again these 4-integers are splitting used symmetric encryption algorithm AES. Keygen() takes into 2-pairs and finding the sum of each pair. And so on. This security parameter k and returns a secret key K and evaluation addition operation on multiple nodes shows the parallel key eK processing on different servers. This parallel processing (K,eK) ← Keygen (k) where K is a secret key. operation decreases the processing time. The vector product

is done by first applying the pair wise product, and then 2. Encryption: In this scheme, we encrypt the all the file resulting integers are summed. In this process directed graph documents M= (M1, M2, - - - -, Mn) is created to perform the operations and each child node (C) ← EncK (M) depends on the output of the parent node. wherein AES encryption, by taking secret key K and document text M and gives cipher text C.

3. Evaluation: It applies a function to cipher text. In symmetric system, k = eK. (Cʹ) ← Evalek (F, C) where function f is an arithmetic circuit or Boolean circuit and Cʹ is a final cipher text.

4. Decrypt: In decryption takes the encrypted file Cʹ and secret key K and produces the plain text file M. (M) ← DecK (Cʹ)

4.4 Implementation Modules Fig.6. Addition Operation on multiple nodes.

1. Files Split: 4.5 Flowchart of system Here the first client can input the data by browsing the file, The fig.7 shows the flowchart for the sharing of data in a which is available in the client system. And also generates the private cloud. It also gives provides a detailed implementation public key. Secret Splitting is done in this process, where workflow of the system. The client can browse the file from his secret information between the two or more individuals. The system and upload it. After the file upload, the client data will inputted data will be split and stored on different servers; it encrypt and generate the public key is used to store and yields more security to the client data. All the individuals retrieve the client data from (to) different cloud servers. The should be agreed and shared secrete data to merge the data divide into multiple chunks and store on the different individual parts to get the original data. Fig.4. shows the servers. splitting data and stored on different servers.

6 CONCLUSION Cloud computing is used to store up and process the huge data and programs of cloud users. Homomorphic encryption provides data privacy and data confidentiality. Fully- 5 RESULTS AND DISCUSSION Homomorphic encryption supports to execute various types of In this section, we present our implementation of the FHE operations on encrypted cloud data. This work presents scheme on the Intel Core i5 machine, 2.86 GHz with 8GB secure parallel processing on encrypted cloud data using FHE. RAM, Windows OS. We calculated Keygen, Encryption, and Parallel processing means performs the operations on multiple Decryption, Evaluation time in milliseconds by taking various nodes. This parallel processing produces better performance file sizes like 10MB, 20MB, 30MB, and 40MB. The following than computing the same operations in a sequential process. Fig.8 and Fig.9 show details of all the times. In Table 1. All the The final result shows the improvement in the processing time computed values which are carried out are tabulated. means parallel processing of FHE decreases the processing time of performing an operation on the encrypted cloud data. The data partitioning method provides more security to the client data on the cloud. This process generates public key; it is used to store and retrieve the data from cloud storage. Client data is dividing into multiple chunks with equal size of chunks. And each part is stored on different servers. While retrieving the data from the cloud, an authorized user should enter the public key. This method shows the data confidentiality.

7 REFERENCES [1]. Ryan Hayward, Chia-Chu Chiang , ―Parallelizing fully homomorphic encryption for cloud environment‖, ScienceDirect 2015 Journal of Applied Research and Technology 13 (2015) 245-252. [2]. Samjot Kaur, Vikas Wasson, ―Enhancement in Fig.8. Times in ms (Key, Enc, Dec, Eval) Homomorphic Encryption Scheme for Cloud Data Security‖, IEEE 2015 9th International Conference. File [3]. Mbarek Marwan, *Ali Kartit and Hassan Ouahmane, Size/Time in 10MB 20MB 30MB 40MB ms ―Applying Homomorphic Encryption For Securing Cloud Database‖, 2016 IEEE. Keygen 40.27 92.56 125.13 163.14 [4]. Yasmina BENSITEL , Rahal ROMADI, ―Secure data Encryption 250.18 508.14 1009.78 1510.47 storage in the cloud with homomorphic encryption‖, 2016 IEEE. Decryption 135.15 275.34 302.56 434.34 [5]. Mr. Manish M Potey, Dr C A Dhote , Mr Deepak H Evaluation 600.21 1185.46 1823.63 2419.94 Sharma,―Homomorphic Encryption for Security of Cloud Data‖, ScienceDirect 7th International

Conference on Communication, Computing and Table 1: Result analysis Virtualization 2016.

[6]. Monique Ogburn , Claude Turner, Pushkar Dahal, ―Homomorphic Encryption‖, ScienceDirect. [7]. Santosh Kumar Majhi, Sunil Kumar Dhal, ―A Study on Security Vulnerability on Cloud Platforms‖, ScienceDirect International Conference on

Information Security & Privacy (ICISP2015), 11-12 December 2015, Nagpur, INDIA. [8]. Farhad Farokhi, Iman Shames, Nathan Batterham, ― Secure and Private Cloud-Based Control Using Semi- Homomorphic Encryption‖, ScienceDirect IFAC- PapersOnLine 49-22 (2016) 163–168. [9]. A.R.Zade, Shaikh Umar, Potghan Rahul, Rale Sagar and Borade Sagar, ―Improving Cloud Data Storage Using Data Partition and Recovery‖ , International Journal Of Engineering And computer Science ISSN:2319-7242 Volume 4 Issue 1 January 2015. [10]. Alkady Y., Farouk F., Rizk R. (2019) Fully Homomorphic Encryption with AES in Cloud Computing Security. In: Hassanien A., Tolba M., Shaalan K., Azar A. (eds) Proceedings of the International Conference on Advanced Intelligent Systems and Informatics 2018. AISI 2018. Advances in Intelligent Systems and Computing, vol 845. Springer, Cham. [11]. Alsirhani A., Bodorik P., Sampalli S. (2018) Data Fragmentation Scheme: Improving Database Security in Cloud Computing. In: Alja’am J., El Saddik A., Sadka A. (eds) Recent Trends in Computer Applications. Springer, Cham [12]. Lentini S., Grosso E., Masala G.L. (2018) A Comparison of Data Fragmentation Techniques in Cloud Servers. In: Barolli L., Xhafa F., Javaid N., Spaho E., Kolici V. (eds) Advances in Internet, Data & Web Technologies. EIDWT 2018. Lecture Notes on Data Engineering and Communications Technologies, vol 17. Springer, Cham.