cloudComputingSecurity

advertisement
Comparative Study among Modern Encryption
Algorithms based on Cloud Computing Environment
CSC 557
Graduate term paper
Professor
Dr. Box
Student
Mohammad Farhan Hossain
Introduction
[1] Cloud computing uses distributed architecture that enables use of scalable resources to
provide computing services to cloud users using virtualization concept. It allows sharing of
resources, scalability, elasticity, pay per usage and self-provisioning of resources from cloud
providers.[2] Cloud computing moves application software and databases to large data centers
where management of users’ data and services provided to them may not be fully secured.
Communication between services providers and users using cloud network is done through
service legal agreements (SLA). Because data transfer is between user and provider is done
remotely; data security comes into concern as it opens the door to attacks such as intrusion.
This paper is a study of modern encryption algorithms that are used to prevent intrusion with the
intention to achieve data confidentiality, integrity and availability (CIA triangle).
Background
There are two main categories of encryptions used in cryptography to achieve data
confidentiality, integrity, availability, authentication and non-repudiation. Non-repudiation
means that when something has been sent from someone, there has to be a way to track back to
the sender. There are symmetric and asymmetric encryption algorithms. Under the symmetric
encryption algorithms are: Data encryption standard (DES), Advanced encryption standard
(AES), Ron’s code, Triple DES and etc. While examples of asymmetric encryption are: RSA,
Elliptic curve and Diffie-Hellman (DH).
Symmetric Encryption
In symmetric encryption algorithm, encryption and decryption requires that the same algorithm
and key are used to both encipher and decipher the message. There is a private key that is used to
encrypt and decrypt the message at both ends. Symmetric encryption key method is extremely
fast and efficient for processing encrypts and decrypt message. Symmetric encryption algorithm
provides confidentiality, integrity and availability but it fails to provide authenticity and nonrepudiation.
i.
Data Encryption Standard (DES)
One of the first widely popular symmetric cryptography algorithm that uses block
cipher and encrypts 64 bit blocks. Drawback is that it has been cracked back in 1977.
ii.
Triple Data Encryption Standard (3DES)
This algorithm has been designed to replace DES algorithm. It uses 3 rounds of
encryption instead of one and uses 16 iterations within each round.
iii.
Advanced Encryption Standard (AES)
This algorithm has been approved by NIST in the late 2000 as a replacement for DES
algorithm. It performs 3 steps on every 128 bit block of plaintext. Within 2 steps,
multiple rounds are performed depending upon the key size. Drawback is AES
algorithm has been theoretically broken.
Asymmetric Encryption
Asymmetric encryption algorithm uses two keys instead of one. One is a private key only known
to the recipient of the message and the other is a public key known to everyone and can be freely
distributed. Either key can be used to encrypt and decrypt the message. However if only key A is
used to encrypt the message then only key B can be used to decrypt it. Conversely, if key B is
used to encrypt the message then only key A can be used to decrypt it.
Asymmetric algorithms are slower than symmetric algorithms. But it has better key distribution
than symmetric algorithm. It has better scalability and also provides authenticity and nonrepudiation.
i.
RSA encryption
RSA is the most common asymmetric cryptography algorithm. The minimum
recommend key length is 1024 bits.
ii.
Diffie-Hellman (DH) encryption
DH algorithm uses a hybrid model from symmetric and asymmetric method. In this
method, asymmetric encryption is used to exchange private key securely over a
public network for private key distribution. The public key is shared among all. Then
both partied can use their private keys to encrypt and decrypt messages using
symmetric cryptography.
The rest of the paper is organized as existing methods for encryption algorithm in cloud
computing, their comparative analysis and conclusions.
Existing methods
Recently, many researches have been going on encryption process using many techniques in
order to perfectly hide the sensitive transmitted data and files. Many encryption algorithms have
been developed and implemented in order to provide more secured data transmission process in
cloud computing environment such as DES, AES, RC4, Blowfish, and 3DES for symmetric and
RSA, DH for asymmetric category. The study implements symmetric and asymmetric algorithms
in order to ensure data security in cloud computing and examine performance such algorithms
considering the time of encryption and decryption process and the size of the output encrypted
file.
Analysis
For the comparative analysis of the algorithms, analysis has been performed on a cloud network
and a single processor local machine. The cloud network is a Xen (5.6 XPC) server with Core i5
(4.8 GHz), 8 GB ram and 500 GB HDD as the main frame; while the client computer is a Citrix
VMware system with N-para-virtual server that makes use of Core i3 (2.4 GHz), 2 GB ram and
300 GB HDD. In the following analysis both symmetric and asymmetric techniques have been
implemented using several input file sizes: 500 Kb, 1000 Kb, 1500 Kb, 2000 Kb, 2500 Kb and
3500 Kb.
Figure 1. Running time for symmetric algorithm on single processor
Figure 2. Running time for symmetric algorithm on XPC
Figure 1 and 2 represents the running time of the implemented symmetric techniques using
single processor local machine and cloud network. The running time is calculated in seconds and
the input size is taken in kilobytes.
Based on the analysis, the following can be concluded:
i.
The running time is faster on the cloud network.
ii.
Running time is inversely proportional to the input file size.
iii.
AES encryption technique is the fastest symmetric encryption method. The ordering
of the methods is as follows: AES, DES, 3-DES, RC4 and Blowfish.
Figure 3. Running time for asymmetric algorithm on single processor and XPC.
Figure 3 represent the running time of the implemented asymmetric techniques RSA and DH;
using single processor local machine and cloud network. Again, the running time is calculated in
seconds and the input size is taken in kilobytes. It is concluded that RSA algorithm is faster than
DH algorithms on both local machine and cloud network. From the overall analysis, it can be
concluded that,
i.
Symmetric methods are faster than asymmetric methods.
ii.
For both categories of methods, running time is inversely proportional to the input file
size.
iii.
The running time of RSA encryption changes slightly with increase in input file size.
iv.
After having applied symmetric encryption on the input file, its file size changes
whereas for asymmetric encryption, the file size is not changed.
Suggestions
Although the above analysis shows that symmetric algorithm is faster than asymmetric algorithm;
from the nature of the symmetric encryption method, each user has to have a private. The
distribution of a private key to N users is linear and is a major drawback. Most of the symmetric
algorithms have been previously compromised by attackers. The security provided by most of
the symmetric methods does not assure confidentiality and integrity of the data.
Conclusions
Cloud computing involves cloud users to remotely communicate with cloud servers via internet.
With the ease of such technology, data security is of major concern for the both cloud providers
and cloud users. The problem still lies with securing data while providing ease of access to the
clients.
Reference
1. Kohle, Dhage. (2013). Comparative study on virtual machine monitors for cloud.
Retrieved
April
6,
2014,
from
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6409115&url=http%3A%2F%2Fi
eeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6409115
2. Abdelkader, Mohamed. (2013). Enhanced data security model for cloud computing.
Retrieved
April
6,
2014,
from
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6236556
3. Mohammad and et al. (2013). A comparative study between modern encryption
algorithms based on cloud computing environment. Retrieved April 13, 2014, from
http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6750258&url=http%3A%2F%2Fi
eeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6750258
4. Retrieved on 4/26/2014, http://en.wikipedia.org/wiki/Symmetric_encryption
5. Retrieved on 4/26/2014, http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
6. Retrieved on 4/26/2014, http://en.wikipedia.org/wiki/Data_Encryption_Standard
7. Retrieved on 4/26/2014, http://en.wikipedia.org/wiki/RSA_(cryptosystem)
8. Retrieved on 4/26/2014, http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
Download