CLOUD COMPUTING WITH SMART KEY SELECTION
MODEL
Jitendra Meena
Neeraj Manglani
M.Tech Student
Jagannath University
Jaipur
Assistant Professor
Jagannath University
Jaipur
Jitendra.meena@gmail.com
ABSTRACT
Cloud computing is a promising computing paradigm
which provide hardware, software resources to user as
service on demand basis. To facilitate cost-effective
computing, it brings more complicate security problems with
traditional security threats for user data. In this paper, we
propose for a new model for selection of key for data
encryption &decryption to achieve data security and trust of
user, taking into consideration different security issue that
user and cloud provider face during cloud engineering. Here
in this paper the user and the Third Party Auditor (TPA) key
is used to achieve different goals. User key is used to
provide more trust to user & cost effective environment to
the cloud server. TPA key is used to make system faster. In
this paper we also introduce a new data encryption and
decryption algorithm and its abstract implementation. The
pipeline mechanism is used in this proposed algorithm that
enhances the overall system performance. According to our
algorithm most of the part of data is encrypted or decrypted
by data itself.
Keywords— Third Party Auditor, metadata, spoofing,
Secret key,data-center
1. INTRODUCTION
Cloud computing concept came into picture more than 40
years ago. But actual utilization or implementation of this
technology has started only few years ago. Several IT giants
are now showing interest and investing lots of money in this
field. It is sure that no form of computing is entirely risk free
100% of the time but if we try to criticize this technology
then security issues come into picture. Cloud engineering is
known for its flexibility, cost benefit, openness. But these
issues make things complex by reducing trust-degree and
bringing numerous new security problem with existing
threats. Every client survey shows that security is the single
biggest concern about moving to Cloud Computing. Security
may be as good as or even better than traditional systems, in
part because providers are able to devote resources to
maglani@jagannathuniversity.org
solving security issues that many customers cannot afford.
While cloud computing service providers face comparable
security issues as other sorts of organizations, there are
warnings that the cloud is becoming particularly attractive to
cyber criminals. Since cloud service providers (CSP)
manage all user data, so user lost control over data and give
its fate to service provider. There are a number of security
issues associated with cloud computing but these issues fall
into two broad categories: Security issues faced by cloud
providers and security issues faced by their customers.
Security is a priority concern for many cloud customers;
many of them will make buying choices on the basis of the
reputation for confidentiality, integrity and resilience of, and
the security services offered by, a provider .So there should
be a balance between the security and the convenience. The
provider must ensure that their infrastructure is secure and
that their clients’ data & applications are protected while the
customer must ensure that the provider has taken the proper
security measures to protect their information. It is
mandatory to make trusted cloud data-center[1]which can
provide different mechanism to ensure security of data. To
protect user data cloud provider should select proper
mechanism to encrypt data. Selection of key is also very
important because speed of encryption, most importantly
trust degree is dependent on it. In this paper we will discuss
various security threats upon user data. we will also discuss
our key selection model with proposed encryption and
decryption algorithm. By doing these we are trying to
achieve more efficient and trusted cloud service.
2. DIFFERENT SECURITY PROBLEM
Integrity: This is a huge problem when any data is
outsourced. Amazon S3’s recent downtime[13], Gmail’s
mass email deletion incident[14], and Apple Mobile Me’s
post-launch downtime[15] are all such examples. Data
integrity can be achieved using Message Authentication
Code (MAC) and Digital Signature (DS).MAC is based on
symmetric key and DS is based on asymmetric key
technology[7]. Data integrity can also be checked by Third
Party Auditor (TPA).
Availability: Authorized user can be denied to access his/her
data due to either network based attacks such as DDoS
attacks or CSP unavailability. For example, Amazon S3
suffered from two and a half hours outage in February 2008
and eight hours outage in July 2008[7].
Confidentiality: This can be achieved through proper
encryption techniques taking into consideration the type of
encryption- symmetric or asymmetric encryption algorithms,
also key length and key management in case of the
symmetric cipher. An algorithm is given in part IV for
encryption.
Data segregation: In a cloud, the environment is shared,
resulting in the need of strong schemes to separate users’
data[3].
Investigative support: Every information remains in abstract
form. For several terms and conditions cloud provider may
not help for investigative support. One Provider also may
not have full information[3].
Long-term viability: If the data will be available and in a
format that will allow being imported to a substitute
application, in the case of the cloud provides goes broke or
is acquired by another provider[4].
Data auditability: There should be a TPA who should be
ableto efficiently audit the cloud data storage without
demanding the local copy of data and also introduce no
additional on-line burden to the cloud user[5,6,10].
Recovery: If somehow information about accounts i.e. user
information, data location etc. are lost and proper recovery
plan12 is not implemented than total system will be collapsed
.Valid user then cannot access his/her account. Even it may
happen that after authentication user cannot get his/her data
due to cloud provider fault to locate user data.
Storage correctness: To ensure that there exists no cheating
cloud server that can pass the audit from TPA without
indeed storing users’ data intact[5].
Privacy-preserving: To ensure that there exists no way for
TPA to derive users’ data content from the information
collected during the auditing process[5].
Unfaithful vendor: CSP can be unfaithful by discarding
data that has not been or is rarely accessed[6], or even
hiding data loss incidents to maintain a reputation[8].
Privileged user access: Privileged user may get illegal
access to user data and can take physical, logical, personal
control.
Data stealing can happen when user use a shared
RAM as a cloud service then there remain a chance of
hacking data from RAM which is then a plain text. Many
national security related data can be gone beyond country
area. Apart from above cloud services can have Zombie
attack, Malicious Resource Exhaustion, Platform Attacks,
Backdoor attack[11], Malware Injection, flooding, Metadata
Spoofing Attack[22], unknown profile risk or people
&identity[2], loss of encryption key, security problems. We
can build a cloud firewall[9] to minimize network security
problems.
3. DESIGN GOAL
Here we propose a model for selection of key for data
encryption and decryption. In these model we use one of
user secret key(sk) and Third party Agent[TPA] provided a
mixture of trustful and fast service. Secret key makes our
model faster. If user gives secret key, then it will be more
secure and trustful to user and help to avoid TPA cost for
cloud server hence profitable. If TPA secret key which is by
default, make system faster and free user burden of
generation and managing key. Proposed model and its brief
detail is given in part-4 of these paper.
With choice for key, we also are proposing a new encryption
technique. Our main design goal is to utilize data itself to
encrypt data and make a faster model to encrypt or decrypt
data. In our encryption technique when one block is sent to
data storage after encryption another block is brought to
encrypt. For decryption reverse thing is happen. We use
pipeline mechanism to meet the need of our technique.
These pipeline mechanisms make our model faster. So user
can access some blocks, at the same time other blocks are
decrypted for access i.e., make faster accessible. In
encryption when some blocks are engaged in storing, others
are encrypted in that same time. Proposed encryption &
decryption algorithm and their brief discussion to implement
those is given in part-5 of this paper.
4. PROPOSED KEY SELECTION MODEL
Fig.1: Key selection model
According to these model, user accesses data from W/S
(Work space)(Fig.1).When any file in w/s is to be saved,
first it has to be sent to E/D (Encryption or Decryption)
section. There data will be encrypted by provided key. User
secret key(sk) is taken over TPA’s by default secret key. A
proposed algorithm is given in section C for encryption.
Encrypted data is then sent to B/S (Backup storage) section
to store. When user want to access that data reverse
processes is done i.e. data is brought in E/D. Data is then
decrypted by the same key that was used for encryption.
After that is data is sent to W/S for user access.
5. PROPOSED ALGORITHMS FOR
ENCRYPTION & DECRYPTION
Both of the new encryption or decryption algorithm will
work in E/D section as described in key selection model.
Encryption and decryption algorithm with brief discussions
are given bellow.
Fig.3: Pictorial view of Encryption
5.1. Encryption algorithm:
5.2. Decryption algorithm:
Step 1: Make ‘n’ no of fixed size block from user data.
Step2: Set a pointer to last block.
Step3: Encrypt pointed block using previous block as a key.
Step4: Repeat Step3 until pointer comes to 1stblock.
Step5: Encrypt first block by provided key.
Fig.2: Fragmentation of data
According to our algorithm data is broken into small fixed
blocks. These are done in parallel with writing or modifying
the data. Let total data be fragmented into ‘n’ number of
fixed-sized blocks(Fig.2)..For e.g. if block size 32kb and
data size is 256kb then total block will be 8. Now a pointer
say ‘k’ is set to point to nth block. Now kth block is sent to
section-1(Fig.3).It is then pushed to section-2 and (k-1)th
block is then brought to section-1.Now using Section-1 data
block as a key ,section-2 data block is encrypted and stored
into storage area in stack fashion (Fig.3).In this fashion all
bock except the 1stblock will be encrypted by data itself. At
last encrypt 1st block by provided secret key. A flag also has
to add with first block to keep a indicator by which secret
key(sk) data is encrypted.
Step1: Pop 1st block& decrypt it by provided key.
Step2: Decrypt (k+1)th block using kth block as key.
Step3: Repeat step2 until the nth block is decrypted.
Top block is popped from cloud server storage area and
put into 1st section (Fig-4).Secret key that was used to
encrypt these data are already brought in 2ndsection. Now
Using 2nd section data or key(sk) 1st section data is
decrypted and immediately sent to W/S section for user use.
Next 1st section block is pushed to second section and next
block is brought into 1st section in parallel.
So k-th block is decrypted by (k-1)th block.
Formula of decryption of

n
data   1st block  sk  k thblock  (k  1)th block
k 2
So, formula of encryption of
data   (k  1)th block  k thblock  sk  1st block 
1
k n
Fig.4: Pictorial view of Decryption
,
6.
CONCLUSION
When designing and using cloud services security threats
have to be count to provide a trustful an secure paradigm .
We believe that security, especially data security in Cloud
computing is one of most challenging aspect. This paper
aims to solve these problems. In this paper we concentrate
on one-to-one access i.e. only owner of data will access
his/her data. For one to many accesses some modification
will be needed and that will be one of our future work. If

data size is very large then to achieve fast encryption or
decryption it is advised to split data explicitly so that data
can be encrypted or decrypted in parallel. Our future aim is
to optimize data size which will lead best throughput in
terms of speed and accessibility. In this paper we break data
into 1-D array of data blocks. Next we will try to enhance
our algorithm throughput by incorporating 2-D array for
representing data after splitting.
7.
REFERENCES
[01]. Cisco Cloud Computing -Data Center Strategy,
Architecture,and SolutionsPoint of View White Paperfor
U.S. Public Sector
[02]. “IBM Point of View:Security and Cloud Computing”,
Cloud computingWhite paperNovember 2009.IBM.
[03]. “Gartner: Seven cloud-computing security risks”
http://www.infoworld.com/d/security-central/gartner-sevencloud-computing-security-risks-853.
[04]. Shucheng Yu∗, Cong Wang†, KuiRen† , and Wenjing
Lou,” Achieving Secure, Scalable, and Fine-grained
DataAccess Control in Cloud Computing”.
[05]. Cong Wang, Qian Wang, and KuiRen, Wenjing Lou”
Privacy-Preserving
Public
Auditing
for
Data
StorageSecurity in Cloud Computing.”
[06]. G. Ateniese, R. Burns, R. Curtmola, J. Herring, L.
Kissner, Z. Peterson, and D. Song, “Provable data
possession at untrusted stores,” Cryptology ePrint Archive,
Report 2007/202, 2007, http://eprint.iacr.org/.
[7]SameeraAbdulrahmanAlmulla, Chan YeobYeun,” Cloud
Computing Security Management”
[8] G.Ateniese et al., “Provable Data Possession at
Untrusted Stores,” Proc. ACMCCS ‘07, Oct. 2007, pp. 598–
609.
[9]. Weili Huang, Jian Yang” New Network Security Based
On CloudComputing”.
[10]. H. Shacham and B. Waters, “Compact proofs of
retrievability,” in Proc. of Asiacrypt 2008, vol. 5350, Dec
2008, pp. 90–107.
[11]. JunaidArshad, Paul Townend “Quantification of
Security for Compute Intensive Workloads in Clouds”.
[12]. “Cloud Computing and Disaster Recovery Plans”
http://www.brighthub.com/environment/greencomputing/articles/ 71273.aspx.
[13]. Meiko Jensen, J¨orgSchwenk, Nils Gruschka, Luigi Lo
Iacono.” On Technical Security Issues in Cloud Computing”
[14].
http://techcrunch.com/2006/12/28/gmail-disasterreports-of-mass-email-deletions/
[15].http://news.cnet.com/8301-17939_109100143912.html