Comparative Study among Modern Encryption Algorithms based on Cloud Computing Environment CSC 557 Graduate term paper Professor Dr. Box Student Mohammad Farhan Hossain Introduction [1] Cloud computing uses distributed architecture that enables use of scalable resources to provide computing services to cloud users using virtualization concept. It allows sharing of resources, scalability, elasticity, pay per usage and self-provisioning of resources from cloud providers.[2] Cloud computing moves application software and databases to large data centers where management of users’ data and services provided to them may not be fully secured. Communication between services providers and users using cloud network is done through service legal agreements (SLA). Because data transfer is between user and provider is done remotely; data security comes into concern as it opens the door to attacks such as intrusion. This paper is a study of modern encryption algorithms that are used to prevent intrusion with the intention to achieve data confidentiality, integrity and availability (CIA triangle). Background There are two main categories of encryptions used in cryptography to achieve data confidentiality, integrity, availability, authentication and non-repudiation. Non-repudiation means that when something has been sent from someone, there has to be a way to track back to the sender. There are symmetric and asymmetric encryption algorithms. Under the symmetric encryption algorithms are: Data encryption standard (DES), Advanced encryption standard (AES), Ron’s code, Triple DES and etc. While examples of asymmetric encryption are: RSA, Elliptic curve and Diffie-Hellman (DH). Symmetric Encryption In symmetric encryption algorithm, encryption and decryption requires that the same algorithm and key are used to both encipher and decipher the message. There is a private key that is used to encrypt and decrypt the message at both ends. Symmetric encryption key method is extremely fast and efficient for processing encrypts and decrypt message. Symmetric encryption algorithm provides confidentiality, integrity and availability but it fails to provide authenticity and nonrepudiation. i. Data Encryption Standard (DES) One of the first widely popular symmetric cryptography algorithm that uses block cipher and encrypts 64 bit blocks. Drawback is that it has been cracked back in 1977. ii. Triple Data Encryption Standard (3DES) This algorithm has been designed to replace DES algorithm. It uses 3 rounds of encryption instead of one and uses 16 iterations within each round. iii. Advanced Encryption Standard (AES) This algorithm has been approved by NIST in the late 2000 as a replacement for DES algorithm. It performs 3 steps on every 128 bit block of plaintext. Within 2 steps, multiple rounds are performed depending upon the key size. Drawback is AES algorithm has been theoretically broken. Asymmetric Encryption Asymmetric encryption algorithm uses two keys instead of one. One is a private key only known to the recipient of the message and the other is a public key known to everyone and can be freely distributed. Either key can be used to encrypt and decrypt the message. However if only key A is used to encrypt the message then only key B can be used to decrypt it. Conversely, if key B is used to encrypt the message then only key A can be used to decrypt it. Asymmetric algorithms are slower than symmetric algorithms. But it has better key distribution than symmetric algorithm. It has better scalability and also provides authenticity and nonrepudiation. i. RSA encryption RSA is the most common asymmetric cryptography algorithm. The minimum recommend key length is 1024 bits. ii. Diffie-Hellman (DH) encryption DH algorithm uses a hybrid model from symmetric and asymmetric method. In this method, asymmetric encryption is used to exchange private key securely over a public network for private key distribution. The public key is shared among all. Then both partied can use their private keys to encrypt and decrypt messages using symmetric cryptography. The rest of the paper is organized as existing methods for encryption algorithm in cloud computing, their comparative analysis and conclusions. Existing methods Recently, many researches have been going on encryption process using many techniques in order to perfectly hide the sensitive transmitted data and files. Many encryption algorithms have been developed and implemented in order to provide more secured data transmission process in cloud computing environment such as DES, AES, RC4, Blowfish, and 3DES for symmetric and RSA, DH for asymmetric category. The study implements symmetric and asymmetric algorithms in order to ensure data security in cloud computing and examine performance such algorithms considering the time of encryption and decryption process and the size of the output encrypted file. Analysis For the comparative analysis of the algorithms, analysis has been performed on a cloud network and a single processor local machine. The cloud network is a Xen (5.6 XPC) server with Core i5 (4.8 GHz), 8 GB ram and 500 GB HDD as the main frame; while the client computer is a Citrix VMware system with N-para-virtual server that makes use of Core i3 (2.4 GHz), 2 GB ram and 300 GB HDD. In the following analysis both symmetric and asymmetric techniques have been implemented using several input file sizes: 500 Kb, 1000 Kb, 1500 Kb, 2000 Kb, 2500 Kb and 3500 Kb. Figure 1. Running time for symmetric algorithm on single processor Figure 2. Running time for symmetric algorithm on XPC Figure 1 and 2 represents the running time of the implemented symmetric techniques using single processor local machine and cloud network. The running time is calculated in seconds and the input size is taken in kilobytes. Based on the analysis, the following can be concluded: i. The running time is faster on the cloud network. ii. Running time is inversely proportional to the input file size. iii. AES encryption technique is the fastest symmetric encryption method. The ordering of the methods is as follows: AES, DES, 3-DES, RC4 and Blowfish. Figure 3. Running time for asymmetric algorithm on single processor and XPC. Figure 3 represent the running time of the implemented asymmetric techniques RSA and DH; using single processor local machine and cloud network. Again, the running time is calculated in seconds and the input size is taken in kilobytes. It is concluded that RSA algorithm is faster than DH algorithms on both local machine and cloud network. From the overall analysis, it can be concluded that, i. Symmetric methods are faster than asymmetric methods. ii. For both categories of methods, running time is inversely proportional to the input file size. iii. The running time of RSA encryption changes slightly with increase in input file size. iv. After having applied symmetric encryption on the input file, its file size changes whereas for asymmetric encryption, the file size is not changed. Suggestions Although the above analysis shows that symmetric algorithm is faster than asymmetric algorithm; from the nature of the symmetric encryption method, each user has to have a private. The distribution of a private key to N users is linear and is a major drawback. Most of the symmetric algorithms have been previously compromised by attackers. The security provided by most of the symmetric methods does not assure confidentiality and integrity of the data. Conclusions Cloud computing involves cloud users to remotely communicate with cloud servers via internet. With the ease of such technology, data security is of major concern for the both cloud providers and cloud users. The problem still lies with securing data while providing ease of access to the clients. Reference 1. Kohle, Dhage. (2013). Comparative study on virtual machine monitors for cloud. Retrieved April 6, 2014, from http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6409115&url=http%3A%2F%2Fi eeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6409115 2. Abdelkader, Mohamed. (2013). Enhanced data security model for cloud computing. Retrieved April 6, 2014, from http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6236556 3. Mohammad and et al. (2013). A comparative study between modern encryption algorithms based on cloud computing environment. Retrieved April 13, 2014, from http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6750258&url=http%3A%2F%2Fi eeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6750258 4. Retrieved on 4/26/2014, http://en.wikipedia.org/wiki/Symmetric_encryption 5. Retrieved on 4/26/2014, http://en.wikipedia.org/wiki/Advanced_Encryption_Standard 6. Retrieved on 4/26/2014, http://en.wikipedia.org/wiki/Data_Encryption_Standard 7. Retrieved on 4/26/2014, http://en.wikipedia.org/wiki/RSA_(cryptosystem) 8. Retrieved on 4/26/2014, http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange