Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Zinah Raad Saeed Zakiah Ayop, Nurul Azma, Mohd. Rizuan Baharon
Faculty of Information and Communication Technology, Center for Advanced Computing Technology (C-ACT),
Universiti Teknikal Malaysia Melaka, Malaysia. Faculty of Information and Communication Technology,
Email: zeina_r.saeed@yahoo.com Universiti Teknikal Malaysia Melaka, Malaysia.
Email: zakiah@utem.edu.my, azma@utem.edu.my,
mohd.rizuan@utem.edu.my
Abstract— Current security scheme in cloud computing applied The security concerns have been on the rise. Weaknesses in
single encryption algorithm. However, usage of a single algorithm the user authentication process and the absence of effective
is not effective for high-level security requirement towards data security policies in cloud storage pose a challenge in cloud
processing in cloud computing. Therefore, this study proposes computing. Some of the commonly used encryption algorithms
combination of AES, ECC and RSA encryption method to for ensuring data security are the AES symmetric key
strengthen the security in cloud in terms of authentication and algorithm, ECC and RSA asymmetric key algorithms for
encryption. The method for this study is the text data has been various security levels. However, each of these algorithms has
encrypted using AES then, AES key have been encrypted by ECC weaknesses, which render them vulnerable to intruders. Related
only after that RSA will encrypt both the ciphertext and the
literature on AES shows that AES has a challenge in key
encoding key again. Java NetBean is used to program the
evaluation tool to calculate the performance of the encryption
distribution arising from its simplified algebraic structure and
method. First, the tool has applied the three algorithms AES, the use of a single key for the encryption and decryption
ECC and RSA using a dataset consisting of multiple text file with processes. Furthermore, the computational speed of RSA and
different sizes. Evaluation has been performed using encryption ECC when encrypting and decrypting huge volumes of data is
time, decryption time and secrecy measure. Results showed that slower than that of AES. The use of a single algorithm to
the proposed method has the ability to fulfil both efficiency and secure information in the cloud computing architecture does
security factors with highest secrecy value. The impact of not provide sufficient security. Providing a trade-off between a
combination layer of encryption algorithms provides a higher secure and efficient algorithm is the main challenge of this
secrecy value compared to single layer encryption. study [2, 3, 4].
34 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 16, No. 10, October 2018
this purpose AES data encryption is more scientifically capable hard for invaders to read the data even if they have the public
and graceful cryptographic algorithm, but its main force rests in key. Furthermore, asymmetric algorithms are relatively reliable
the key length. Time to decrypt or break the encryption is in exchanging of encryption-key. The combination of both the
directly proportional to the length of the keys used, the larger Symmetric and Asymmetric Cryptographic Techniques provide
digits the key will be having, and the more time it will require Integrity, Confidentiality and Authentication [8].
to be broken [6]. AES gives multiple options in choosing
number of bits; the available options are 128-bit, 192-bit or Kanna & Vasudevan [8] proposed to improve the security
256-bit key. of outsourced data in cloud computing by combining ECC and
RSA with proxy Re-encryption. The proposed work is
compared with the identity-based encryption technique. The
B. Elliptic Curve Cryptography result shows the high security of this work.
Elliptic curve cryptography (ECC) is asymmetric algorithm
developed in the 80's [5]. The cryptography method makes use Bokefode et al [5] proposed hybrid AES-RSA combination,
of the fact that points on an elliptic curve form an abelian AES algorithm, known for of its higher efficiency in block,
group. The general key size for ECC is around 160 bits, encryption is used for data transmission and RSA algorithm is
providing the same security level as 1024 key bits of RSA. used for the encryption of the AES key to make the data
This makes ECC’s very attractive for implementations in areas transmission more secure. The proposed hybrid provides great
where we have memory limitations and computational efficiency.
overhead is a concern [7]. Shilpi et.al [3] proposed Based on the previous study, we can review some of the
authentication mode by apply an ECC algorithm that provide security features that has been covered in Cloud Computing
same level of security as of other public key cryptosystems (refer Table I) which are:
with less key size and strengthens the security of the algorithm.
ECC is based on the Discrete Logarithm the ECC algorithm • Authentication: is a procedure of confirm one’s
logarithm therefore, it requires major time to computation also identity. This means that before transforming and
it is more complex and more difficult to implement. receiving data in cloud computing the identity of
Furthermore, it increases the size of the encrypted message receiver and sender should be verified.
significantly [7]. • Privacy: is a procedure that determine what data in
cloud computing can be shared with third parties.
C. Rivest-Shamir-Adleman
In 1978, Adi Shamir, Leonard Adleman, and Ronald Rivest • Integrity: is a process that confirm only authorized user
had developed a public key encryption and now it has become modifies the data in a system.
a de facto standard for all encryption algorithms. Pretty Good • Key Management: it used to manage of cryptographic
Privacy is one of the encryption programs that have been keys in a cryptosystem. This contain dealing with the
formed on the basis of RSA algorithm. RSA is an algorithm for generation, exchange and storage of key.
public key encryption. It was a great contribution for public
key encryption and it is suitable for both encryption and
signing. It involves three steps: key generation, encryption and TABLE I. REVIEW SOME OF THE SECURITY FEATURES IN CLOUD
COMPUTING
decryption it is still widely used in electronic commerce
protocols and is believed security depends on the difficulty of Ref. Authentication Privacy Integrity Key
decomposition of large numbers [8]. Work by Kalpana et. al. Management
[9] shows that RSA algorithm has improved security of data on AES [1][2] 3
cloud storage by allowing only the authorized user access the ECC [3][7] 3
data. When user send a request to the data from the cloud
provider, cloud provider authenticates on the user then delivers RSA [8][5] 3 3
the data. However the drawback of RSA is its computational Our Work 3 3 3 3
overhead, also the large keys size which it used that make it
slow.
35 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 16, No. 10, October 2018
A. Encryption Phase
1. First taking text file as input, Advance encryption (1)
standard algorithm is applied for encrypting the text
file (T0). Secrecy it is a good measurement to get an idea about the
2. Applying AES algorithm for encrypted the text using ciphers. Higher secrecy (numerical value) higher the security.
has secret key that gives (T1).
3. Applying ECC for encrypted the AES key only. V. IMPLMENTATION
4. Encrypting (T1) and ECC key by applying RSA The application of the proposed method has been done
algorithm. using Java NetBeans as a graphical user interface to articulate
5. This gives final encrypted text (Tf) and encoding key. the procedures of carrying out the three encryption algorithms
Where utilized key sizes 128 bit for AES, 160 bits for ECC and
1024 bits for RSA. the application helps the users to check the
B. Decryption Phase encryption time decryption time and secrecy value on screen
when pressed the relevant button.
1. Decryption algorithm will be in reverse order.
2. Apply RSA decryption ( Tf )and encoding key. The 15 files used to test, the file content (alphanumeric
3. This gives T1 and ECC key. characters, special characters) the same inputs are used to test
4. Decrypt encoding key with ECC algorithm. all the algorithms.
5. Decrypt T1 by using AES algorithm to get plaintext T0 The main interface of the application consists of multiple
back. buttons that are intended to perform different functions. First
button enables the user to select one or more text files from the
15 file set. Second button addresses the application of AES
encryption method. The third button will apply ECC
encryption method, as well as, the fourth button, which
intended to apply the RSA encryption method. However, the
fifth button will examine the hybrid between AES and RSA.
Sixth button will address the hybrid between ECC and RSA.
Finally, the seventh button will address the proposed hybrid
method of all the three algorithms. As show in Figure 2.
36 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 16, No. 10, October 2018
37 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 16, No. 10, October 2018
formulations for block cipher and need low RAM for millisecond. This has been followed by RSA, which has been
processing [5]. Vice versa, ECC algorithm which is work based achieved an average time of encryption 21.8 milliseconds.
on the elliptic curve discrete logarithm [11] shown major After that, the AES-RSA algorithm has achieved the third
difference in time taken for encryption and decryption compare lowest average time of encryption by obtaining 47 milliseconds
to time taken by AES and RSA algorithm. In addition, it is then followed by the proposed hybrid algorithm by achieving
clear that the secure encryption would lead to a long encryption an average decryption time of 114.8 milliseconds. Similarly,
and decryption time. Vice versa, the less encryption and the hybrid of ECC-RSA has achieved the highest average time
decryption time would lead to non-secure encryption. of decryption, which was 4632.9 milliseconds.
Table V show a comparison among all the encryption
methods used in experiments. The evaluation is based on the
average encryption time, average decryption time and average
secrecy.
Proposed
hybrid
186.8 114.8 1.581 In Figure 6, in terms of secrecy, the most secure encryption
method was the proposed hybrid algorithm where the secrecy
value was the highest by obtaining 1.58. This has been
As shown in Figure 4, in terms of the encryption method, followed by the hybrid of ECC and RSA, which achieved an
AES has achieved the lowest average time by obtaining 10.5 average secrecy of 1.16. The lowest secrecy value has been
milliseconds. This has been followed by RSA which has obtained by the AES followed by RSA.
achieved an average time of 49.9 milliseconds. After that, the
AES-RSA has achieved the third lowest average time of
encryption by obtaining 164.2 milliseconds followed by
proposed hybrid has achieved time by186.8 milliseconds
However, the hybrid of ECC-RSA algorithms has obtained the
highest average time by achieving an average time of 2077.5
millisecond.
VII. CONCLUSION
This paper has examined the capabilities of cryptography in
terms of providing a security in cloud storage. This has been
done by investigating the common cryptography techniques
including AES, ECC and RSA. However, regarding to the
variations in the performance of these techniques, this study
Figure 4. Average of Encryption time for each encryption method
has addressed the problem of identifying an efficient and
secure encryption method. In fact, each encryption algorithm
On the other hand, as shown in Figure 5, the lowest average
has its own advantages and disadvantages. Some encryption
time of decryption has been obtained by AES 13.13
methods have the ability to guarantee the security, but they
38 https://sites.google.com/site/ijcsis/
ISSN 1947-5500
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 16, No. 10, October 2018
consume a long time in the process of encryption and [2] P.V. Maitri, and A. Verma, “Secure file storage in cloud computing
decryption. Vice versa, other methods may provide an efficient using hybrid cryptography algorithm,” In IEEE International Conference
Wireless Communications, Signal Processing and Networking, pp. 1635-
encryption and decryption time, but they suffer from the lack of 1638, Mar 2016.
security. Therefore, this study aims to propose a trade-off [3] S. Singh, and K. Vinod, "Secured user's authentication and private data
encryption method that has the ability to accomplish the storage-access scheme in cloud computing using Elliptic curve
security issue, meanwhile, maintaining a reasonable time of cryptography," In IEEE 2nd International Conference on Computing for
encryption and decryption. This research has applied the three Sustainable Global Development, pp. 791-795, 2015.
algorithms AES, ECC and RSA using a dataset consisting of [4] G. Singh, "A study of encryption algorithms (RSA, DES, 3DES and
multiple text file with different sizes. A trade-off encryption AES) for information security." International Journal of Computer
Applications, vol. 67(19), pp. 33-38, 2013.
method has been applied where the three algorithms have been
[5] J.D. Bokefode, A.S. Bhise, P.A. Satarkar, and D.G. Modani,
combined with a unique workflow. “Developing a secure cloud storage system for storing IoT data by
The experimental results showed that the proposed trade-off applying role based encryption,” Procedia Computer Science, vol. 89,
pp. 43-50, Jan 2016.
encryption method has achieved a fair encryption and
[6] T. Brindha, and R.S. Shaji. "An Efficient Framework for Providing
decryption time compared to the other methods. AES - RSA Secured Transaction of Data in Cloud Environment," Indian Journal of
have outperformed the proposed method in terms of time, but Science and Technology, vol. 9(44), pp. 1-6, 2016.
the proposed method has outperformed it in terms of secrecy [7] Tirthani, Neha, and R. Ganesan. "Data Security in Cloud Architecture
value. Similarly, in terms of the secrecy value, the proposed Based on Diffie Hellman and Elliptical Curve Cryptography." IACR
method has superior performance compared to all the methods. Cryptology ePrint Archive 2014 (2014): 49.
The hybrid of AES- RSA has outperformed the proposed [8] G.P. Kanna, and V. Vasudevan, "Enhancing the security of user data
method in terms of encryption and decryption time, but again using the keyword encryption and hybrid cryptographic algorithm in
cloud," In IEEE International Conference on Electrical, Electronics, and
the proposed method has encryption and decryption time less Optimization Techniques, pp. 3688-3693, 2016.
than RSA-ECC.
[9] P. Kalpana, and S. Sudha, "Data security in cloud computing using RSA
Hence, this study has accomplished a trade-off encryption algorithm," International Journal of Research in Computer and
Comunication Technology, vol. 1(4), pp. 143-146, 2012.
method that guarantee both efficiency and security has been
conducted. [10] T.D.B. Weerasinghe, "Secrecy and Performance Analysis of Symmetric
Key Encryption Algorithms," IACR Cryptology ePrint Archive 2014,
pp. 175, 2014.
REFERENCES [11] H. Tange, and B. Andersen, “Attacks and Countermeasures on AES and
ECC,” In IEEE 16th International Symposium on Wireless Personal
Multimedia Communications, pp. 1-5, June 2013.
[1] K. Ranjit, and R.P. Singh, "Enhanced cloud computing security and
integrity verification via novel encryption techniques," In IEEE
Advances in Computing, Communications and Informatics, pp. 1227-
1233, Sep 2014.
39 https://sites.google.com/site/ijcsis/
ISSN 1947-5500