View/Open
advertisement
Secure Data Processing Algorithms in Mobile Cloud Computing - Survey Divya K B Sijo Cherian Post graduation Student,Dept. Of IT Rajagiri College Of Engineering &Technology Ernakulam,India divyabhakth@gmail.com Assistant Professor,Dept Of IT Rajagiri College Of Engineering &Technology Ernakulam,India sijoc@rajagiritech.ac.in Abstract— Mobile cloud computing is a technique to overcome the inabilities of a mobile device due to less battery power, storage and processing power. However cloud computing provide an illusion of infinite computing resources. Mobile cloud computing is a new platform to combine mobile devices and cloud computing to create new infrastructure whereby cloud perform computationally intensive works and storing massive amount of data. Here the data processing and data storing done outside of mobile device. The surveys predicts that majority of the enterprise will change their working environment to mobile cloud and laptop by 2017. So mobile cloud computing will be an important concern in the coming years. However users concerns about data security are the main obstacles that impede cloud computing from being widely adopted. These concerns are originated from the fact that sensitive data resides in public clouds, which are operated by commercial service providers that are not trusted by the data owner. Thus, new secure service architectures are needed to address the security concerns of users for using cloud computing techniques. This survey focusing on different secure data processing mechanisms, and comparing different encryption and decryption algorithms used in it. 2015 there would be more than 240 million customers using Mobile Cloud Computing services while in 2008 there were only 42.8 million customers[1]. Mobile devices are vulnerable to numerous security threats that aim the theft of users data. Moreover Cloud Computing introduces several security, privacy and trust issues regarding the data processed in the Cloud. Consequently to maintain consumers trust in mobile platforms more specifically in mobile cloud applications, it is important to secure data processing that will be used by mobile cloud applications. The paper is organized in such a way that the section I gives a brief about mobile cloud computing.Section II gives basic ideas of different approaches in secure data processing in mobilecloud. section III,IVand V defines different encryption and decryption algorithms in data processing mechanisms.VI th and VIIth section deals with the defining advantages ,disadvantages and comparison. Finally VIII and IX th section conclusion and future scope. Keywords—:Mobile cloud computing; Decryption;ABE;IB-PRE;PP-CP-ABE; There are three types of data processing approaches are considered here, they are secure data processing framework for mobile cloud computing[2],SDSM: A secure data service mechanism in mobile cloud computing[3],efficient and secure data storage operations for mobile cloud computing[4]. The approaches discussed here are based on bilinear pairing and secret sharing. The next section gives a brief about each processing mechanisms in mobile cloud, the encryption, decryption algorithms as well. I. Encryption; INTRODUCTION Just a short time ago a user was only expecting from her/his mobile phone to allow her/him to perform activities using just the device resources (e.g. to take pictures and save them locally on the device, or to read different types of data that were saved locally). Today, the same user wants to be able to take advantage of powerful and complex applications that manipulate not only the mobile local resources but also external resources as computation power and storage space. To obtain these types of performances several improvements have been made in the domain of mobile hardware and network[1].Even with those improvements mobile devices still have lack of resources and energy, an unstable connectivity and several other security issues[1]. To resolve some of these issues, the concept of Mobile Cloud Computing has been proposed as a solution where the Cloud is used as a platform to execute mobile applications. Mobile Cloud Computing as a term was born shortly after the emergence of Cloud Computing model in 2007 . Marketing research stated that in II. GENERAL APPROACHES TO SECURE DATA PROCESSING IN MOBILE CLOUD COMPUTING A. Bilinear Pairing Major pairing based construction is bilinear map[9].Consider two groups G1 and G2 are multiplicative group with large prime order p. Now consider the mapping e:G1× G1 → G2. Pairing has following properties 1. Bilinearity: e(Pª,Qᵇ) = e(P,Q)ªᵇ,∀ P,Q∈G1,a,b ∈ Z∗ p. 2. Nondegeneracy: e(g,g) ≠ 1 where g is the generator of G1. 3.Computability: There exists an efficient algorithm to compute the pairing. B. Secret Sharing Suppose a secret is divided in to n shares and any t shares can reconstruct the data, if the shares is less than ’t’, we cannot expose the data in the secret[10][12]. The following section will brief about various approaches. III. SECURE DATA PROCESSING FRAMEWORK IN MOBILE CLOUD COMPUTING The architecture consists of three main domains, cloud mobile and sensing domain, cloud trusted domain and the cloud public and storage domain. In this framework each mobile device is virtualized as ESSI(Extended Semi Shadow Image) in the cloud trusted domain, it is due to reduce the uncertainty caused by mobility[5]. The ESSI is a partial, or an exact clone of each mobile device. Each ESSI can be act as a service node(SN) in a particular application. A mobile device can outsource its computing and storage services to its corresponding ESSI and Secure Storage (SS)[5]. The ESSIs can be used to address communication and computation deficiencies of a mobile device, and provide enhanced security and privacy protections. ESSI is a virtual machine that is designed for an end user having full control of the information stored in its virtual hard drive. Networking functions and running processes are done through mobile cloud service provider. The mobile cloud data processing model includes three main components: trust management, multi-tenant secure data management, and ESSI data processing model. ABE(Attribute Based Encryption) had been proposed for data encryption and decryption. 2) ENCRYPT(PK,M,A) : The encryption algorithm takes the public parameter PK, the message M, and the access structure ‘A’ .The algorithm will encrypt the plain text M to cipher text CT such that only a user that possesses a set of attributes that satisfies the access structure will be able to decrypt the message[6]. 3) KEYGEN(MK,S) :This algorithm takes as input the master secret key (MK) and set of attributes S that describe the key.It outputs a private key (SK) with S [6]. 4)DECRYPT(CT,SK) :The decryption algorithm takes as input the public parameters PK, a ciphertext CT, which contains an access policy A, and a private key SK, which is a private key for a set S of attributes. If the set S of attributes satisfies the access structure ’A’ then the algorithm will decrypt the ciphertext and return a message M[6]. IV. SDSM: A SECURE DATA SERVICE MECHANISM IN MOBILE CLOUD COMPUTING The network model[3] consists of data owner(mobile device with internet connection),data sharer(mobile device with internet connection) and the cloud service provider. To protect data to third party data must be encrypted before sending to cloud server to either for file sharing or for personal use. The one who want to share the data must be authorized by the data owner to decrypt the file. This particular model emphasizes on confidentiality and access control of mobile user’s outsourced data in cloud environment. This method employ identity based proxy re-encryption to realize the secrecy of data. Figure 2: Model for SDSM Figure 1: Service Model of mobile cloud A. Attribute Based Encryption(ABE) In ABE cipher text and secret keys are associated with sets of attributes. Here AND gates and OR gates are used to represent the access structure. Attribute based encryption consists of mainly four algorithms (i) setup(ii) key gen(iii) encryption (iv)decryption. 1)SETUP (λ ,U) : On inputting security parameters and attributes, obtain output as public parameters and master secret key. The public parameter is used for encryption and master secret key is used for generating user secret keys[6]. In this work, considers the threats from semi-trusted cloud server in the data storing and malicious sharer in the data sharing. Here the system considers the cloud server to be semitrusted. That is to say, cloud servers will honestly implement the proposed protocol in general, but try to find out as much secret information as possible based on user’s inputs. Malicious sharer may try to access the data without permission by the data owner. In short only authorized sharer can access the data and unauthorized sharer learn nothing. Moreover the collusion attack of the malicious sharers and the semi-trusted cloud servers should also be considered. A) Five phases in this protocol 1) Setup: By using the Setup and KeyGen algorithms in the IB-PRE system parameters and master secret key are builds up. Master secret key is used only at the time of user registration to the system. The one who registered to the system only gets the private key corresponding to his identity. The data owner can share his data only by giving[7] the identity of the sharers. 2) Data Encryption :The data is divided into different blocks, each block encrypts the message separately. The corresponding cipher text of each block is upload to the cloud. 3) Data Sharing :In this phase the data owner runs the KeyGen algorithm to generate the proxy key/re-generation key to the cloud. The cloud then encrypts the cipher text again using the proxy key on behalf of data owner under the sharer’s public key. The cloud can deploy the re-encrypt key ‘rk’ to permit the authorized user to get the cipher text decrypted with his own secret key. The cloud can deploy the re-encrypt key to permit the authorized user to get the cipher text decrypted with his own secret key. 4) Access Data :When the sharer want to access the file, he sends a request to the cloud server. The cloud then checks the validity of the sharer , ie it has a re-encryption key to the sharer. The cloud server then runs the RKGen algorithm and achieves the re-encryption cipher text. The sharer then fetches the re-encrypted data from the cloud server and run the decrypt algorithm with the secret key. As doing so, the sharer will get the original data file. 5). Re-encrypt(params,re-encryption key,cipher text): Inputs are parameters, re-encryption key and the cipher text. Output will be re-encrypted cipher text. 6). Decrypt(params, secret key, re-encrypted cipher text): Decrypts the cipher text using the secret key and outputs the plaintext. V. EFFICIENT AND SECURE DATA STORAGE OPERATIONS FOR MOBILE CLOUD COMPUTING This is a framework to secure data storage in public cloud which focus on light weight wireless devices store and retrieve data without exposing the data content to the cloud. To achieve data security, the method uses an encryption technique known as PP-CP-ABE. Using PP-CP-ABE, user can outsource intensive computation for encryption and decryption to cloud service provider without exposing user’s data and secret keys. It proposes an Attribute Based Data Storage(ABDS) system as cryptographic access control mechanism. It achieves optimality in minimizing computation, storage and communication overheads[4]. This is the general working of SDSM. Next section will explain the re-encryption algorithm used in SDSM for secure data processing. B) Identity-Based Proxy Re-Encryption It is an identity based encryption[11] technique in which sender uses ID as public key of recipient to encrypt message. Here the fundamental concept of IB-PRE scheme is that the proxy is not fully trusted[7].It doesn’t have any idea of sender and recipients secret keys and about the plain text. The proxy server or the recipient, any one of them should be honest. This IB-PRE scheme allow a proxy to translate an encryption under Alice’s identity in to one computed under Bob’s identity[7]. The users request key from trusted private key generator(PKG). IB-PRE scheme is a tuple of algorithms ie Setup, KeyGen, Encrypt, Decrypt, RKGen, Re-encrypt[7]. 1) Setup(lª,maximum level): On inputting security parameters and the number of re-encryption, it outputs a master public parameter that are distributed to user and a master secret key(msk) kept private. 2) KeyGen(params,msk,ID) : Inputs are the identity and the master secret key ,outputs a decryption key corresponding to given identity. 3) Encrypt(params,ID,m):On inputting parameters, identity and the plain text m ,it outputs the ciphertext. corresponding to the given identity. 4)RKGen(params,sk,ID1,ID2):Inputting security parameters , secret keys and identities the obtained output is the re-encryption key corresponding to both the identities. Figure 3: System Architecture The proposed model consists of a Data Owner, it can be a wireless device or a sensor that can request and/or store information in the cloud. Data is secured using PP-CP-ABE scheme. There are many data receivers who subscribe the data from data owner. This model has some following properties Data must be encrypted before storing it into Storage Service Provider(SSP). ESP(Encryption Service Provider ) provides encryption without knowing the actual data and the encryption key. DSP(Decryption Service Provider) decrypts the data without knowing data. Even ESP,DSP,SSP collude,the data contents cannot exposed. By doing so the encryption and decryption overheads of the mobile user can be completely outsource to a high capacity cloud infrastructure.That will reduce the time for computation in the mobile device without compromising security. VI. ADVANTAGES AND DISADVANTAGES A) Attribute Based Encryption(ABE) 1)Advantages It is good for one to many communication . Using ABE we can divide a group in to different communicating sub groups.ie, A) Privacy Preserving CP-ABE PP-CP-ABE is an extension of actual CP-ABE. Here Data Owner outsource intensive computation required for encryption and decryption to powerful cloud service providers without disclosing the data contents and keys[4]. PP-CP-ABE consists of four fundamental algorithms. 1). Setup(lk ,k):On inputting security parameters and number of system attributes it outputs public key(PK) used for encryption and master secret key which is used for private key generation. Figure 4: Sample access policy tree 2). KeyGen(PK,MSK,L): It takes public key(PK), master secret key(MSK) generated by Setup algorithm, and the list of attributes(L), outputs the private key . 3) Encrypt(PK,W,M): This algorithm takes public key(PK), the access policy tree(W) ,which will describe later in this section, and the original message to send as input. It outputs the cipher text (CT) such that only user with attribute list which satisfying the access policy can decrypt the cipher text (CT). 2) Disadvantages 4).Decrypt(PK,SK,CT): Inputs given are the public key(PK),private key(SK)and the cipher text (CT).Output will be the original text message the one who satisfying the access policy tree can disclose the original message . B) Access Policy Tree Access policy tree consists of leaf nodes and internal nodes. Leaf nodes are system attributes and internal nodes are logic gates AND,OR. Several functions and terms are defined as follows parent(x): It returns the parent node of x. att(x) :Defines the attribute associated with leaf node x. The access tree consists of leaf nodes and internal nodes. The one who owns the set of attributes satisfying access policy and to reach the root of the tree, it can access the secret secured in the access policy tree. User has private key corresponding to access policy tree. num x : Returns number of children in the node x[8]. The figure is shown below. suppose Alice upload her photo to a site and she wishes to seen these photo to only her female friends. She may not know the exact identities of all her friends, rather she may only have a way to describe them in terms of descriptive attributes. But this is difficult to solve in common cryptosystems. The mobile user must know the sharer’s attribute list before performing encryption. Sharers satisfying the access policy may consist of few persons, that make the data owner difficult to implement the access control of data. The decryption algorithm is computationally expensive because bilinear pairing operations over ciphertext and private key is a computational intensive operation. B) IB-PRE 1) Advantages ID-PRE has strong access control.ie only authorized user can decrypt the data. Data owner can distinguish the identity information of sharers. Flexible, to provide mobile users to change the access policies when needed. It protect the mobile user’s data from leaking to the cloud. Reduce the communication cost of mobile user. 2)Disadvantages VIII. CONCLUSION The File to be transmitted is divided into a number of blocks ,which increases the overhead in user. An extra key ie a re-encryption key is required. In this paper we present different secure mechanism for data processing in mobile cloud computing. Each of these methods used different algorithms for data encryption and decryption .They are Attribute Based Encryption, PP-CP- ABE and IB-PRE. Made a survey based on the algorithms, advantages and disadvantages were found. Finally we concluded that each of these algorithms have both advantages and disadvantages, and PP-CP-ABE has good performance in mobile cloud comparing the others. Compared with existing CP-ABE constructions, PP-CP-ABE significantly reduces the ciphertext size from linear to constant and supports expressive access policies. C) PP-CP-ABE 1) Advantages In PP-CP-ABE ,for decryption securely blinding the private key and outsource the expensive operations to the Decryption Service provider(DSP). Outsourcing will not expose the data content of the cipher text to DSP. Because the final step of decryption is performed at the user. Expensive operation ie encryption and decryptions are outsource to cloud ,that will reduce the cost of the mobile user. Even if the Encryption Service Provider(ESP) possesses secrets of most but not all parts of the access policy tree, the master secret is still secure given there at least one secret that is unknown to ESP. 2) Disadvantages Time consuming, comparing with other methods it will take more time for encryption and decryption. But looking at the overall performance ,it is negligible . PP-CP-ABE is based on BGW CP-ABE scheme[8], which suffers from linearly growing ciphertext size. VII. COMPARISON This section makes a simple comparison of the given three approaches. Table 1: Comparison of algorithms Characteristics CPABE IB-PRE PP-CPABE Key used Public key Public key Public key 2 Encryption based on Identity Identity identity 3 Number of encryption Once Twice Once Encryption done by Data owner User and proxy Outsource to ESP Decryption done by User User Outsource to DSP Sno 1 4 5 IX. FUTURE WORK In PP-CP-ABE, size of the cipher text grows linearly as the number of attribute increases, because it is now based on BGW scheme[8], so new policy which should be constant cipher text size with PP-CP-ABE can be developed. Energy efficiency can be added for further improvement. Moreover in future hidden access policies can be used and the policy may be flexible in future. REFERENCES Hoang T. Dinh, Chonho Lee, Dusit Niyato, and Ping Wang, ”A Survey of Mobile Cloud Computing: Ar- chitecture, Applications, and Approaches ”, Wireless Communications and Mobile Computing -in onlineli- brary.wiley.com/,11 OCT 2011. [2] Dijiang Huang, Zhibin Zhou, Le Xu, Tianyi Xing, Yunji Zhong ”Secure Data Processing Framework for Mobile Cloud Computing ”IEEE INFOCOM 2011 Workshop on Cloud Computing,2011. [3] Weiwei Jia, Haojin Zhu, Zhenfu Cao, Lifei Wei,Xiaodong Lin”SDSM: A Secure Data Ser- vice Mechanism in Mobile Cloud Computing ”,in The First International Workshop on Security in Computers, Networking and Communications IEEE,2011. [4] Zhibin Zhou and Dijiang Huang ”Effcient and Secure Data Storage Operations for Mobile Cloud Comput- ing ”,in Network and service management (cnsm), 8th international conference and 2012 workshop on systems virtualiztion management (svm),2012. [5] D. Huang, X. Zhang, M. Kang, and J. Luo, ”Mobi- cloud: A secure mobile cloud framework for perva- sive mobile computing and communication,”, in Pro- ceedings of 5th IEEE International Symposium on Service- Oriented System Engineering, 2010. [6] Minda Yu Sch. of Comput. Sci. and Technol., Shan- dong Univ., Jinan, China Qiuliang Xu ”A Simple and Effective Scheme of CiphertextPolicy ABE”, Eighth International Conference on Computational Intelligence and Security,2012. [7] Matthew Green, Giuseppe Ateniese ”Identity-Based Proxy ReEncryption”, ”http://eprint.iacr.org”,2006. [8] Zhibin Zhou, Dijiang Huang and Zhijie Wang ”Ef- cient PrivacyPreserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption ”, in Computers, IEEE Transactions on (Volume:PP , Is- sue: 99 ),2013. [9] Gopal, P.V.S.S.N ,Vasudeva Reddy, P.Gowri, T. ”New identity based signature scheme using bilinear pair- ings over elliptic curves”,in 3rd IEEE International Advance Computing Conference (IACC),2013. [10] Youliang Tian ,Jianfeng Ma, Changgen Peng, Qi Jiang ”Fair (t, n) threshold secret sharing scheme”,in Information Security, IET (Volume:7 , Is- sue: 2),2013. [11] Anand, D. Khemchandani,V. Sharma, R.K. ”Identity- Based Cryptography Techniques and Applications (A Review)”,in 5th International Conference on Computational Intelligence and Communication Net- works,2013 [1] [12] A. Shamir,” How to Share a Secret” ,Communica- tions of the ACM, vol. 22, no. 11, pp. 612613, 1979. [13] D. Huang and D. Medhi, A Key-chain Based Keying Scheme For Manyto-Many Secure Group Communi- cation, ACM Transactions on Information and Sys- tem Security, vol. 7, no. 4, pp. 523 552, 2004. [14] Barreto, B. Libert, N. McCullagh, and J. Quisquater, Efficient and provably-secure identity- based signatures and signcryption from bilinear maps, Advances in Cryptology-ASIACRYPT 2005, pp. 515532, 2005.
