Security Policy: Informacast Java Crypto Library

Total Page:16

File Type:pdf, Size:1020Kb

Security Policy: Informacast Java Crypto Library FIPS 140-2 Non-Proprietary Security Policy: InformaCast Java Crypto Library FIPS 140-2 Non-Proprietary Security Policy InformaCast Java Crypto Library Software Version 3.0 Document Version 1.2 June 26, 2017 Prepared For: Prepared By: Singlewire Software SafeLogic Inc. 1002 Deming Way 530 Lytton Ave, Suite 200 Madison, WI 53717 Palo Alto, CA 94301 www.singlewire.com www.safelogic.com Document Version 1.2 © Singlewire Software Page 1 of 35 FIPS 140-2 Non-Proprietary Security Policy: InformaCast Java Crypto Library Abstract This document provides a non-proprietary FIPS 140-2 Security Policy for InformaCast Java Crypto Library. Document Version 1.2 © Singlewire Software Page 2 of 35 FIPS 140-2 Non-Proprietary Security Policy: InformaCast Java Crypto Library Table of Contents 1 Introduction .................................................................................................................................................. 5 1.1 About FIPS 140 ............................................................................................................................................. 5 1.2 About this Document.................................................................................................................................... 5 1.3 External Resources ....................................................................................................................................... 5 1.4 Notices .......................................................................................................................................................... 5 2 InformaCast Java Crypto Module................................................................................................................... 6 2.1 Cryptographic Module Specification ............................................................................................................ 6 2.1.1 Validation Level Detail ............................................................................................................................. 6 2.1.2 Modes of Operation ................................................................................................................................. 6 2.1.3 Module Configuration .............................................................................................................................. 7 2.1.4 Approved Cryptographic Algorithms ....................................................................................................... 9 2.1.5 Non-Approved Cryptographic Algorithms ............................................................................................. 15 2.1.6 Non-Approved Mode of Operation ....................................................................................................... 15 2.2 Critical Security Parameters and Public Keys ............................................................................................. 17 2.2.1 Critical Security Parameters ................................................................................................................... 17 2.2.2 Public Keys ............................................................................................................................................. 19 2.3 Module Interfaces ...................................................................................................................................... 20 2.4 Roles, Services, and Authentication ........................................................................................................... 21 2.4.1 Assumption of Roles .............................................................................................................................. 21 2.4.2 Services .................................................................................................................................................. 22 2.5 Physical Security ......................................................................................................................................... 27 2.6 Operational Environment ........................................................................................................................... 27 2.6.1 Use of External RNG ............................................................................................................................... 27 2.7 Self-Tests .................................................................................................................................................... 28 2.7.1 Power-Up Self-Tests ............................................................................................................................... 28 2.7.2 Conditional Self-Tests ............................................................................................................................ 29 2.8 Mitigation of Other Attacks ....................................................................................................................... 30 3 Security Rules and Guidance ....................................................................................................................... 31 3.1 Basic Enforcement ...................................................................................................................................... 31 3.1.1 Additional Enforcement with a Java SecurityManager .......................................................................... 31 3.1.2 Basic Guidance ....................................................................................................................................... 31 3.1.3 Enforcement and Guidance for GCM IVs ............................................................................................... 32 3.1.4 Enforcement and Guidance for use of the Approved PBKDF ................................................................ 32 3.1.5 Software Installation .............................................................................................................................. 32 4 References and Acronyms ........................................................................................................................... 33 4.1 References .................................................................................................................................................. 33 4.2 Acronyms .................................................................................................................................................... 34 Document Version 1.2 © Singlewire Software Page 3 of 35 FIPS 140-2 Non-Proprietary Security Policy: InformaCast Java Crypto Library List of Tables Table 1 – Validation Level by FIPS 140-2 Section ........................................................................................................... 6 Table 2 – Available Java Permissions ............................................................................................................................. 8 Table 3 – FIPS-Approved Algorithm Certificates .......................................................................................................... 13 Table 4 – Approved Cryptographic Functions Tested with Vendor Affirmation.......................................................... 14 Table 5 – Non-Approved but Allowed Cryptographic Algorithms ............................................................................... 15 Table 6 – Non-Approved Cryptographic Functions for use in non-FIPS mode only .................................................... 16 Table 7 – Critical Security Parameters ......................................................................................................................... 18 Table 8 – Public Keys ................................................................................................................................................... 19 Table 9 – Logical Interface / Physical Interface Mapping ............................................................................................ 21 Table 10 – Description of Roles ................................................................................................................................... 21 Table 11 – Module Services, Roles, and Descriptions.................................................................................................. 24 Table 12 – CSP Access Rights within Services .............................................................................................................. 26 Table 13 – Power-Up Self-Tests ................................................................................................................................... 29 Table 14 – Conditional Self-Tests ................................................................................................................................. 29 Table 15 – References ................................................................................................................................................. 34 Table 16 – Acronyms and Terms.................................................................................................................................. 35 List of Figures Figure 1 – Module Boundary and Interfaces Diagram ................................................................................................. 20 Document Version 1.2 © Singlewire Software Page 4 of 35 FIPS 140-2 Non-Proprietary Security Policy: InformaCast Java Crypto Library 1 Introduction 1.1 About FIPS 140 Federal Information Processing Standards Publication 140-2 — Security
Recommended publications
  • Reconsidering the Security Bound of AES-GCM-SIV
    Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Reconsidering the Security Bound of AES-GCM-SIV Tetsu Iwata1 and Yannick Seurin2 1Nagoya University, Japan 2ANSSI, France March 7, 2018 — FSE 2018 T. Iwata and Y. Seurin Reconsidering AES-GCM-SIV’s Security FSE 2018 1 / 26 Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Summary of the contribution • we reconsider the security of the AEAD scheme AES-GCM-SIV designed by Gueron, Langley, and Lindell • we identify flaws in the designers’ security analysis and propose a new security proof • our findings leads to significantly reduced security claims, especially for long messages • we propose a simple modification to the scheme (key derivation function) improving security without efficiency loss T. Iwata and Y. Seurin Reconsidering AES-GCM-SIV’s Security FSE 2018 2 / 26 Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Summary of the contribution • we reconsider the security of the AEAD scheme AES-GCM-SIV designed by Gueron, Langley, and Lindell • we identify flaws in the designers’ security analysis and propose a new security proof • our findings leads to significantly reduced security claims, especially for long messages • we propose a simple modification to the scheme (key derivation function) improving security without efficiency loss T. Iwata and Y. Seurin Reconsidering AES-GCM-SIV’s Security FSE 2018 2 / 26 Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Summary of the contribution • we reconsider the security of the AEAD scheme AES-GCM-SIV designed by Gueron, Langley, and Lindell • we identify flaws in the designers’ security analysis and propose a new security proof • our findings leads to significantly reduced security claims, especially for long messages • we propose a simple modification to the scheme (key derivation function) improving security without efficiency loss T.
    [Show full text]
  • A Password-Based Key Derivation Algorithm Using the KBRP Method
    American Journal of Applied Sciences 5 (7): 777-782, 2008 ISSN 1546-9239 © 2008 Science Publications A Password-Based Key Derivation Algorithm Using the KBRP Method 1Shakir M. Hussain and 2Hussein Al-Bahadili 1Faculty of CSIT, Applied Science University, P.O. Box 22, Amman 11931, Jordan 2Faculty of Information Systems and Technology, Arab Academy for Banking and Financial Sciences, P.O. Box 13190, Amman 11942, Jordan Abstract: This study presents a new efficient password-based strong key derivation algorithm using the key based random permutation the KBRP method. The algorithm consists of five steps, the first three steps are similar to those formed the KBRP method. The last two steps are added to derive a key and to ensure that the derived key has all the characteristics of a strong key. In order to demonstrate the efficiency of the algorithm, a number of keys are derived using various passwords of different content and length. The features of the derived keys show a good agreement with all characteristics of strong keys. In addition, they are compared with features of keys generated using the WLAN strong key generator v2.2 by Warewolf Labs. Key words: Key derivation, key generation, strong key, random permutation, Key Based Random Permutation (KBRP), key authentication, password authentication, key exchange INTRODUCTION • The key size must be long enough so that it can not Key derivation is the process of generating one or be easily broken more keys for cryptography and authentication, where a • The key should have the highest possible entropy key is a sequence of characters that controls the process (close to unity) [1,2] of a cryptographic or authentication algorithm .
    [Show full text]
  • Nshield CONNECT Hsms
    Product Sheet /EN nSHIELD CONNECT nSHIELD CONNECT HSMs Certified appliances that deliver cryptographic key services across networks nShield Connect HSMs are FIPS-certified nSHIELD CONNECT appliances that deliver cryptographic services to applications across the network. • Maximizes performance and availability with high cryptographic transaction These tamper-resistant platforms perform rates and flexible scaling such functions as encryption, digital signing and key generation and protection • Supports a wide variety of applications over an extensive range of applications, including certificate authorities, code including certificate authorities, code signing and more signing, custom software and more. The nShield Connect series includes • nShield CodeSafe protects your nShield Connect+ and the new, high- applications within nShield’s secure performance nShield Connect XC. execution environment HIGHLY FLEXIBLE ARCHITECTURE • nShield Remote Administration helps nCipher unique Security World architecture you cut costs and reduce travel lets you combine nShield HSM models to build a mixed estate that delivers flexible scalability and seamless failover and load balancing. nSHIELD CONNECT PROCESS MORE DATA FASTER – now also available from Nexus! nShield Connect HSMs support high transaction rates, making them ideal for enterprise, retail, IoT and other environments where throughput is critical. Available Models and Performance nShield Connect Models 500+ XC Base 1500+ 6000+ XC Mid XC High PROTECT YOUR PROPRIETARY RSA Signing Performance (tps) for NIST Recommended Key Lengths APPLICATIONS 2048 bit 150 430 450 3,000 3,500 8,600 4096 bit 80 100 190 500 850 2,025 The CodeSafe option provides a secure ECC Prime Curve Signing Performance (tps) for NIST Recommended Key Lengths environment for running sensitive 256 bit 540 680 1,260 2,400 5,500 14,400 Client Licenses applications within nShield boundaries.
    [Show full text]
  • Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms
    Implementation and Performance Analysis of PBKDF2, Bcrypt, Scrypt Algorithms Levent Ertaul, Manpreet Kaur, Venkata Arun Kumar R Gudise CSU East Bay, Hayward, CA, USA. [email protected], [email protected], [email protected] Abstract- With the increase in mobile wireless or data lookup. Whereas, Cryptographic hash functions are technologies, security breaches are also increasing. It has used for building blocks for HMACs which provides become critical to safeguard our sensitive information message authentication. They ensure integrity of the data from the wrongdoers. So, having strong password is that is transmitted. Collision free hash function is the one pivotal. As almost every website needs you to login and which can never have same hashes of different output. If a create a password, it’s tempting to use same password and b are inputs such that H (a) =H (b), and a ≠ b. for numerous websites like banks, shopping and social User chosen passwords shall not be used directly as networking websites. This way we are making our cryptographic keys as they have low entropy and information easily accessible to hackers. Hence, we need randomness properties [2].Password is the secret value from a strong application for password security and which the cryptographic key can be generated. Figure 1 management. In this paper, we are going to compare the shows the statics of increasing cybercrime every year. Hence performance of 3 key derivation algorithms, namely, there is a need for strong key generation algorithms which PBKDF2 (Password Based Key Derivation Function), can generate the keys which are nearly impossible for the Bcrypt and Scrypt.
    [Show full text]
  • Optimizing a Password Hashing Function with Hardware-Accelerated Symmetric Encryption
    S S symmetry Article Optimizing a Password Hashing Function with Hardware-Accelerated Symmetric Encryption Rafael Álvarez 1,* , Alicia Andrade 2 and Antonio Zamora 3 1 Departamento de Ciencia de la Computación e Inteligencia Artificial (DCCIA), Universidad de Alicante, 03690 Alicante, Spain 2 Fac. Ingeniería, Ciencias Físicas y Matemática, Universidad Central, Quito 170129, Ecuador; [email protected] 3 Departamento de Ciencia de la Computación e Inteligencia Artificial (DCCIA), Universidad de Alicante, 03690 Alicante, Spain; [email protected] * Correspondence: [email protected] Received: 2 November 2018; Accepted: 22 November 2018; Published: 3 December 2018 Abstract: Password-based key derivation functions (PBKDFs) are commonly used to transform user passwords into keys for symmetric encryption, as well as for user authentication, password hashing, and preventing attacks based on custom hardware. We propose two optimized alternatives that enhance the performance of a previously published PBKDF. This design is based on (1) employing a symmetric cipher, the Advanced Encryption Standard (AES), as a pseudo-random generator and (2) taking advantage of the support for the hardware acceleration for AES that is available on many common platforms in order to mitigate common attacks to password-based user authentication systems. We also analyze their security characteristics, establishing that they are equivalent to the security of the core primitive (AES), and we compare their performance with well-known PBKDF algorithms, such as Scrypt and Argon2, with favorable results. Keywords: symmetric; encryption; password; hash; cryptography; PBKDF 1. Introduction Key derivation functions are employed to obtain one or more keys from a master secret. This is especially useful in the case of user passwords, which can be of arbitrary length and are unsuitable to be used directly as fixed-size cipher keys, so, there must be a process for converting passwords into secret keys.
    [Show full text]
  • Key Derivation Functions and Their GPU Implementation
    MASARYK UNIVERSITY FACULTY}w¡¢£¤¥¦§¨ OF I !"#$%&'()+,-./012345<yA|NFORMATICS Key derivation functions and their GPU implementation BACHELOR’S THESIS Ondrej Mosnáˇcek Brno, Spring 2015 This work is licensed under a Creative Commons Attribution- NonCommercial-ShareAlike 4.0 International License. https://creativecommons.org/licenses/by-nc-sa/4.0/ cbna ii Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Ondrej Mosnáˇcek Advisor: Ing. Milan Brož iii Acknowledgement I would like to thank my supervisor for his guidance and support, and also for his extensive contributions to the Cryptsetup open- source project. Next, I would like to thank my family for their support and pa- tience and also to my friends who were falling behind schedule just like me and thus helped me not to panic. Last but not least, access to computing and storage facilities owned by parties and projects contributing to the National Grid In- frastructure MetaCentrum, provided under the programme “Projects of Large Infrastructure for Research, Development, and Innovations” (LM2010005), is also greatly appreciated. v Abstract Key derivation functions are a key element of many cryptographic applications. Password-based key derivation functions are designed specifically to derive cryptographic keys from low-entropy sources (such as passwords or passphrases) and to counter brute-force and dictionary attacks. However, the most widely adopted standard for password-based key derivation, PBKDF2, as implemented in most applications, is highly susceptible to attacks using Graphics Process- ing Units (GPUs).
    [Show full text]
  • Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 Family
    Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family Dmitry Khovratovich1 and Christian Rechberger2 and Alexandra Savelieva3 1Microsoft Research Redmond, USA 2DTU MAT, Denmark 3National Research University Higher School of Economics, Russia Abstract. We present the new concept of biclique as a tool for preimage attacks, which employs many powerful techniques from differential cryptanalysis of block ciphers and hash functions. The new tool has proved to be widely applicable by inspiring many authors to publish new re- sults of the full versions of AES, KASUMI, IDEA, and Square. In this paper, we demonstrate how our concept results in the first cryptanalysis of the Skein hash function, and describe an attack on the SHA-2 hash function with more rounds than before. Keywords: SHA-2, SHA-256, SHA-512, Skein, SHA-3, hash function, meet-in-the-middle attack, splice-and-cut, preimage attack, initial structure, biclique. 1 Introduction The last years saw an exciting progress in preimage attacks on hash functions. In contrast to collision search [29, 26], where differential cryptanalysis has been in use since 90s, there had been no similarly powerful tool for preimages. The situation changed dramatically in 2008, when the so-called splice-and-cut framework has been applied to MD4 and MD5 [2, 24], and later to SHA-0/1/2 [1, 3], Tiger [10], and other primitives. Despite amazing results on MD5, the applications to SHA-x primitives seemed to be limited by the internal properties of the message schedule procedures. The only promising element, the so-called initial structure tool, remained very informal and complicated.
    [Show full text]
  • Advanced Meet-In-The-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2
    Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2 Jian Guo1, San Ling1, Christian Rechberger2, and Huaxiong Wang1 1 Division of Mathematical Sciences, School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore 2 Dept. of Electrical Engineering ESAT/COSIC, K.U.Leuven, and Interdisciplinary Institute for BroadBand Technology (IBBT), Kasteelpark Arenberg 10, B–3001 Heverlee, Belgium. [email protected] Abstract. We revisit narrow-pipe designs that are in practical use, and their security against preimage attacks. Our results are the best known preimage attacks on Tiger, MD4, and reduced SHA-2, with the result on Tiger being the first cryptanalytic shortcut attack on the full hash function. Our attacks runs in time 2188.8 for finding preimages, and 2188.2 for second-preimages. Both have memory requirement of order 28, which is much less than in any other recent preimage attacks on reduced Tiger. Using pre-computation techniques, the time complexity for finding a new preimage or second-preimage for MD4 can now be as low as 278.4 and 269.4 MD4 computations, respectively. The second-preimage attack works for all messages longer than 2 blocks. To obtain these results, we extend the meet-in-the-middle framework recently developed by Aoki and Sasaki in a series of papers. In addition to various algorithm-specific techniques, we use a number of conceptually new ideas that are applicable to a larger class of constructions. Among them are (1) incorporating multi-target scenarios into the MITM framework, leading to faster preimages from pseudo-preimages, (2) a simple precomputation technique that allows for finding new preimages at the cost of a single pseudo-preimage, and (3) probabilistic initial structures, to reduce the attack time complexity.
    [Show full text]
  • Viacoin Whitepaper
    Viacoin Whitepaper Viacoin Dev Team September 12, 2017 Last updated on September 22, 2017 Abstract Viacoin is an open source crypto-currency created in 2014, derived from the [6]Bitcoin protocol that supports embedded consensus with an extended OP_RETURN of 120 byte. Viacoin features Scrypt Merged mining, also called Auxiliary proof of work or AuxPoW, and 25x faster transactions than Bitcoin. Viacoin mining reward halving takes place every 6 months and has a total supply of 23,000,000 coins. The inflation rate of Viacoin is low due to minimal mining reward. As the block reward of Viacoin is low, miners are given incentive to mine Viacoin through Merged mining (AuxPoW). Viacoin is currently mined by one of the biggest mining pools (F2Pool) with a very high hashrate. Other features include a mining difficulty adjustment algorithm to address flaws in Kimoto’s Gravity Well (DarkGravityWave), Versionbits to allow for 29 simultaneous Soft Fork changes to be implemented at a time, Segwit and the Lightning Network Note: The whitepaper, documentation, designs are in research and development phase and subject to change. 1 1 Scrypt In cryptography, [7]Scrypt is a password based key derivation function created by Colin Percival. The al- gorithm was designed to make it costly to perform large-scale custom hardware attacks by requiring large amounts of memory. In 2012, the algorithm was published by the IETF as an internet draft intended to become an informational RFC, but a version of Scrypt is now used as a proof of work scheme by cryptocur- rencies like Viacoin. Scrypt is a memory hard key derivation function, it requires a reasonably large amount of Random Ac- cess Memory to be evaluated.
    [Show full text]
  • The Summation-Truncation Hybrid: Reusing Discarded Bits for Free
    The Summation-Truncation Hybrid: Reusing Discarded Bits for Free Aldo Gunsing and Bart Mennink Digital Security Group, Radboud University, Nijmegen, The Netherlands [email protected], [email protected] Abstract. A well-established PRP-to-PRF conversion design is trun- cation: one evaluates an n-bit pseudorandom permutation on a certain input, and truncates the result to a bits. The construction is known to achieve tight 2n−a=2 security. Truncation has gained popularity due to its appearance in the GCM-SIV key derivation function (ACM CCS 2015). This key derivation function makes four evaluations of AES, truncates the outputs to n=2 bits, and concatenates these to get a 2n-bit subkey. In this work, we demonstrate that truncation is wasteful. In more detail, we present the Summation-Truncation Hybrid (STH). At a high level, the construction consists of two parallel evaluations of truncation, where the truncated (n − a)-bit chunks are not discarded but rather summed together and appended to the output. We prove that STH achieves a similar security level as truncation, and thus that the n − a bits of extra output is rendered for free. In the application of GCM-SIV, the current key derivation can be used to output 3n bits of random material, or it can be reduced to three primitive evaluations. Both changes come with no security loss. Keywords: PRP-to-PRF, Truncation, Sum of permutations, Efficiency, GCM-SIV 1 Introduction The vast majority of symmetric cryptographic schemes is built upon a pseu- dorandom permutation, such as AES [21]. Such a function gets as input a key and bijectively transforms its input to an output such that the function is hard to distinguish from random if an attacker has no knowledge about the key.
    [Show full text]
  • Cryptographic Hash Workshop (2005)
    SHA-160: A Truncation Mode for SHA256 (and most other hashes) John Kelsey, NIST Halloween Hash Bash 2005 1 What’s a Truncation Mode? • Rule for chopping bits off a hash output • We have a big hash fn we trust, Like SHA256 • We need a smaller hash output Like 160 bits • We need to specify how this is done – Interoperability and security reasons 2 Why Do We Need One? • Need drop in replacement for SHA1 (MD5?) • Have unBroken hashes of wrong size – ECDSA/DSA key sizes – File and protocol formats • OBvious approach: Truncate SHA256/SHA512 • This has Been done Before: Snefru, Tiger, SHA384, SHA224 3 Our Proposal in a Nutshell H(X,M) = hash M from initial value X • Start with different IV for each truncation length n: n has fixed-length representation T IV n = H(IV xor 0xccc…c,n) • Run bigger hash normally T T H n(m) = truncate(H(IV n, m),n) • Generic: Any n, many big hashes – (Rivest comment to SHA224) 4 Intuition: Why should this be okay? • If hash “good”, seems like truncation should be good, too. – Fits our intuition about hash functions – Easy proof in Random Oracle Model – Prior art suggests other people agree • So, is intuition correct here? 5 Security Considerations • Issue #1: Related hash outputs T – H n(X) ! H(X’) • Issue #2: Can we safely truncate? – No reduction proof – “Near collisions” 6 Issue #1: Related Outputs T Why we need IV n!IV T What if IV n =IV? Then we get collision before truncation: T H 160(M) = ABCDE T H 192(M) = ABCDEF 7 Does This Matter? A Common KDF • KDF(S,P,n): – T = “” – for j = 1 to n: T = T || hash(S||P||j) • Two people use different truncations: – Result: Two closely related keys “AAAABBBBCCCCDDDD” “AAABBBCCCDDD” • Very unintuitive property! – Related key attack? Protocol problem? 8 Broader Issue: Related Outputs T T H n(m) = truncate(H(IV n, m),n) T • What if H n(m) ! H(m’)? – Broader property: can’t prove it won’t happen – Narrow property: collision before truncation 9 Does Our Scheme Prevent This? We prevent collision before truncation: T • Can’t choose M’ -> IV n (preimage) • Can’t cause intermediate collision (DM constr.
    [Show full text]
  • Tiger Hash Attribute Encryption for Secured Cloud Service Provisioning
    Middle-East Journal of Scientific Research 25 (1): 181-191, 2017 ISSN 1990-9233 © IDOSI Publications, 2017 DOI: 10.5829/idosi.mejsr.2017.181.191 Tiger Hash Attribute Encryption for Secured Cloud Service Provisioning 12P. Muthusamy and V. Murali Bhaskaran 1Department of Computer Science & Engg, Anna University, Chennai - 600 025, Tamil Nadu, India 2Principal, Dhirajlal Gandhi College of Technology, Salem - 636 309, Tamil Nadu, India Abstract: Cloud Computing facilitates organization to share various operation services in a high secure manner. In cloud based communication, the confidentiality of the systemis the major concern. Hence, the secured message communication is to prevent unauthorized access of confidential information. Several encryption approacheshave been developed for cloud service provisioning. But, cloud users still have major security and confidentiality about their outsourced data due to unauthorized access within the service providers. In order to improve the confidentiality in cloud service provisioning, Tiger Cryptographic Hash Function based Attribute Encryption and Decryption (TCHF-AED) technique is introduced. Tiger is a cryptographic hash function for achieving higher confidentiality rate in cloud service provisioning. Initially, the attribute cloud request is sent from the users to cloud server. Next, Tiger Cryptographic Hash Function is used to achieve cloud data confidentiality based on output of hash value.TheAttribute Encryption is performed for converting actual message into cipher textand the hash value of each encrypted message is calculated. The encrypted message with hash value is stored in cloud server. Whenever the cloud user accesses the data from cloud server, the hash value is recomputed to achieve the correctness of the message. If the correctness is achieved the decryption is performed to attain the confidentiality.
    [Show full text]