Securing the Information using Improved Modular Encryption Standard in Cloud Computing Environment

Abstract

All aspects of human life have become increasingly dependent on data in the last few decades. The development of several applications causes an enormous issue on data volume in current years. This information must be safeguarded and kept in safe locations. Massive volumes of data have been safely stored with cloud computing. This technology is developing rapidly because of its immense potentials. As a result, protecting data and the procedures to be handled from attackers has become a top priority in order to maintain its integrity, confidentiality, protection, and privacy. Therefore, it is important to implement the appropriate security measures in order to prevent security breaches and vulnerabilities. An improved version of Modular Encryption Standard (IMES) based on layered modelling of safety mechanisms is the major focus of this paper's research work. Key generation in IMES is done using a logistic map, which estimates the values of the input data. The performance analysis demonstrates that proposed work performs better than commonly used algorithms against cloud security in terms of higher performance and additional qualitative security features. The results prove that the proposed IMES has 0.015s of processing time, where existing models have 0.017s to 0.022s of processing time for a file size of 256KB.

1. Introduction

The use of cloud computing is on the rise. Cloud computing services are becoming popular because they are flexible, reliable, scalable, and cost-effective [1]. Using a computer network for access to share dynamically customizable resources is known as "cloud computing" [2]. Cloud computing services such as Amazon EC2 (Amazon allow users for rent to run their computer programmes and support virtual information technology (virtual IT). Amazon EC2 delivers scalable computing power in the AWS [3]. For instance, the Google App Engine is a cloud computing service that serves as a platform for hosting web applications. Examples of software as a service are Google app and Microsoft office online which offer both infrastructure and platform as a service for servers [4]. Cloud services are mainly categorized into Infrastructure as a Service (IaaS), Platform-based services (PaaS), and Software-based Services (SaaS). In which IaaS scalable and highly automated and it can be used to monitor computers, nets, storage, and other resources. IaaS enables enterprises to acquire services on-demand rather than acquiring hardware altogether [5]. PaaS, which delivers the cloud mechanism of specific apps, is the key use case for this service. Using PaaS, app creators may use a common platform to create and build their apps [6]. The most generally utilised solution for businesses in the cloud market is SaaS [7] and it might also refer to it as cloud application hosting. In SaaS, a third-party provider provides services to customers via internet. No client-side downloads or installations are required for most SaaS applications.

Cloud infrastructure is affected by a diversity of issues, with interoperability, scalability, and multi-tenancy issues. There are several vulnerabilities to cloud infrastructure, The most significant issue is protecting it from various threats as a system that uses the internet (such as embedded networks, grid computing, etc.) [8]. Cloud computing's mainstream adoption will be hampered by security issues. It is challenging to keep cloud computing services secure and safe from unauthorised access or use because of sharing these services. This is a problem that primarily affects data that has been moved to the cloud [9-10]. Network security which relates external and internal attacks on cloud computing creates safe link between cloud provider and user. There are many mechanisms and protocols in place to maintain data transfer security via the internet, and cryptography is the operative method. In cryptography, the process of converting plaintext into ciphertext is necessary. In general, it is a mechanism for transferring files securely so that only the intended receiver can access them [11]. Fig. 1 shows the workflow of securing the data in cloud.

Fig. 1. Overall flow of Securing data in Cloud Computing

Unauthorized access to private data, information, or messages can be prevented by the study of cryptographic procedures [12]. Non-repudiation and data confidentiality are two of the most important features of modern cryptography, and the practise includes both aspects into its work. Cloud computing encryption is a critical subject which needs numerous studies. Encryption in cloud computing is identified based on area of encryption, according to Jaber and Bin, [13]. Security is a major problem because cloud computing maintains sensitive data and may be accessed from anywhere in the world over the internet [14]. E-commerce security, media privacy, and secure data transfer over the internet benefit by the use of cryptography [15]. These include the DES and the Rivest Shamir Adleman Algorithm as RSA [16] for data encryption and decryption. The main contribution of the research work is described as follows:

◆ The MES is modified in this research to provide a new, more portable encryption algorithm.

◆ IMES is the proposed model for strengthening cloud computing data security, where the logistic map is introduced in the key generation process.

◆ The proposed model is tested with other existing techniques in terms of various metrics such as modularity check, processor utilization, colligation rate and memory utilization.

◆ The key management is complicated in the existing techniques like blowfish. But the proposed model uses a logistic map for key generation and more mathematical expressions are used to protect the sensitive data from attackers.

◆ As a result, protecting data and the minimum procedures to be handled has become a top priority in order to maintain its integrity, confidentiality, protection, and privacy

The rest of the discussions are arranged in the following order. Section 2 of the paper, provides an overview of security issues. Section 3 delivers a review of relevant literature, while Section 4 clarifies the rationale for the study. Section 5 provides a description of the suggested model. It is proposed in Section 6 that the proposed model be validated using current methodologies in terms of various metrics. Section 7 concludes the work with a summary of the findings.

2. Cloud computing security impression

All the methods for safeguarding, re-establishing, and ensuring the security in computer system frameworks are incorporated into cloud security measures. Cloud application security engineering is examined in greater detail in ElasticaQ2 2015 and the Cloud Security Alliance (CSA). Data Security concerns can also be led by ISO in respect to cloud computing key security standards for a secure and efficient innovative knowledge solution. That cloud computing is extremely safe and demonstrated here. In a cloud environment, outsourcing data and software removes the user's ability to control them from the hands of the service provider. Consequently, Trust relies on the cloud's concept and the cloud's service provider for its security.

2.1. Key security necessities in Cloud

Cloud computing, like any other information expertise management system, requires a high level of confidentiality, availability, and integrity, according to NIST. As shown in Fig. 2 further authorisation, and privacy are introduced as cloud protection standards.

Fig. 2. Basic cloud security requirement.

• The term "confidentiality" refers to the practise of protecting client data and only allowing authorised users access to it.

• Transmitting or processing information should not modulate or modify its "integrity", and consumers should be permitted to make changes, amend, repeat, remove or remove information as they see fit.

• "Authentication" is possible to ensure the integrity of a customer's account information.

• "Availability" refers to the ease with which a customer's requested data or services can be accessed at any time and from any location.

• "Authorization" means that only those customers who have provided special information will be given access to it.

3. Related works

The hybrid technique proposed by Sajay et.al [17] aims to increase the security of cloud data by encrypting it. In order to protect and store vast amounts of data in the cloud, encryption methods are commonly employed. In order to improve cloud security, this research uses a combination of homographic and blowfish encryption. If the security issues are addressed, cloud storage solutions for both small and large businesses will be the future. On the subject of cloud computing security, it is still in its infancy when it comes to protecting consumers' personal information, which is provided by Tajammul et.al [18]. Since the dawn of cryptography, a number of algorithms have been studied and used. However, none of these methods generate the encryption key on their own. This study developed an algorithm that generates a key based on the input and then encrypts the data using the key generated. Encrypted statistics will be loaded to the cloud, while the decryption key will remain on the local server.

An effective time-variant attribute-based multitype (TAM) encryption method was devised by Kumaresan et.al [19]. The TAM procedure maintains a nomenclature of properties and related keys for encryption and decryption. The ciphertext was generated using the corresponding keys. For better integrity organization and security performance than earlier algorithms, this new taxonomy's content has been constantly changing in each time window. Up to 89.6% greater security performance is provided by the TAM method. Using this technique, you can also cut the time difficulty by up to 21 seconds and boost the throughput by up to 96%.

An ABE technique based on the SM9 encryption algorithm (SM9-ABE) was devised by Ji et.al [20] to make SM9 allow control that would be improved and implemented in DCC. In the selective CPA model under the DBDH supposition, our suggested technique (SM9-ABE) has been demonstrated to secure extremely. In addition, we put SM9-ABE into action and access its usability in the real world. The implementation shows that our strategy achieves well in terms of security and functionality, and that the additional time cost is tolerable. Viswanath et.al [21] has created a system that prevents insider attacks. For the purpose of protecting huge data before it is stored in many clouds, an encryption method known as a hybrid was created. Storage environments are used for the simulation investigation. Using suggested approach, the encryption procedure was recorded at a rate of approximately 2630 KB/S. The findings display the suggested method outperforms the benchmark procedures in terms of performance.

The multilevel security system described by Thabit et.al [22] is more secure than any existing single-level encryption procedure. Additionally, our algorithm in several instructions, such as when execution uploads and downloads of a given file, thanks to the proposed technique's ability to limit access to cloud data to pre-authorized users only. As a result of Vidhya et.al [23], the work seeks to develop an advanced encryption algorithm (FAEA) that is cost-effective and satisfiable for cloud-based Big Data use. The efficiency, scalability, and security of the FAEA approach have been analysed, and it has been found to be 98% better than the currently used HDFS and Map Reduce Encryption Scheme methods (MRE). There are many issues that must be addressed when using Big Data on the Cloud, and our study seeks to address such issues. For data storage in a multi-cloud context, Seth et.al [24] use three basic algorithms: for user identity, Data encryption is done via Blowfish, and RSA is used to convey the secret key for Blowfish's data encryption. The proposed solution is evaluated based on the time it takes to download, upload, and access it. In order to safeguard the secrecy of the data, this architecture allows secure, quick, and lightweight access to data. Using client-side data encryption, Sohal et.al [25] developed a novel cryptographic technique for encrypting data before uploading it to the cloud. Symmetric-key cryptography using DNA is the basis for this technology. In addition to providing our approach's comprehensive design, we also compared it to the already available symmetric-key methods.

Etemad et al., [26] strengthen the cloud security by proposing dynamic data outsourcing scheme. The integrity verification process was done by black-box access to implicitly authenticated data. A homomorphic verifiable tag scheme is designed for blockless verification. Yang, et al., [27] developed a model for inner product computation using Inner Product Functional encryption (IPFE). There are two privacy weakness presented in the model such as master secret key and encrypted vector. To resolve this weakness, the study designed the strengthened IPFE. The research work also constructs the scheme for outsourced computation scheme for inner product and uses the computation cost and storage overhead as vector sizes.

Yang et al., [28] considered the IPFE by designing the verifiable computation scheme, where the secret key is transformed into blinded form to preserve the key privacy. The computation overhead is eliminated by performing the authentication procedures of cloud servers before the computation. Therefore, only the allowed user can use the outsourced data that are shared in the cloud computing. Yang, et al., [29] resolved the weakness of unbounded-size database by designing verifiable update scheme. Initially, authenticated matrix commitment is developed and give the access to the scheme. To assure the ownership of the opened data, the ordered data collection is represented in the matrix format. The validation provided that the model is efficient than existing techniques.

3.1. Problem statement with solution

As can be seen from the results, our suggested technique beats more standard ones in terms of ciphertext size, time, and throughput. It is thus more efficient and provides higher performance with the new technique provided. All the existing techniques uses blowfish, AES, DES, RSA or time-variant based attribute algorithms for encryption and no mathematical encryption techniques are considered for securing the data. AES is less secure and uses 256-bit key for sharing the sensitive data, where blowfish algorithm requires a unique key for users, so key management becomes complicated, when a greater number of users are added in the network. But the proposed model uses a logistic map for key generation and more mathematical expressions are used to protect the sensitive data from attackers.

4. Proposed System

A certain set of requirements must be met in order for an encryption algorithm to be considered secure. Based on the present literature, the following criteria have been established for the newly created algorithm:

◆ A full character set should be encrypted, and each plain-text message should be encoded into a special order.

◆ The encryption method must also be sophisticated.

Fig. 3 provides the workflow of the proposed model.

Fig. 3. Securing Data by using proposed model

The used representation in the proposed model is depicted in Table 1.

Table 1. The used notations.

In Eq. (1), block cipher (BC) is described in y-bit key.

(PT, K) → CT       (1)

CT = 𝜀(PT, K)       (2)

Encryption conditions are shown in Equations (1) and (2) using the private key that is obtained by a logistic map.

4.1. Key generation block

When it comes to encryption and decryption, the key is the most crucial component. The security of the data is jeopardised if an attacker is able to decipher this key. The integrity of the data is entirely dependent on this key. Different actions are approved out to avert the possibility of a weak key as well as to improve the key's strength in order to produce confusion and dispersion. A logistic map is utilised to generate the key that is employed in the diffusion process. The logistical map is distinct by the following:

𝑌_𝑛+1 = 𝑎Y_𝑛(1 − 𝑌_𝑛)       (3)

Assume that the control structure has an input range of zero through four and that output sequence Yn has an input range of zero through one. When 𝑎 ∈ [2.57, 4]occurs, the map becomes chaotic. The following are a list of the most important steps in the creation process:

1. Use the following equation to determine the beginning value of the logistic map, which is dependent on the plain text PT:

\(\begin{aligned}Y_{0}=\frac{\sum_{i=1}^{M} \sum_{j=1}^{N} P T(i, j)}{M \times N \times 255}\end{aligned}\)       (4)

The integers M and N relate to the sum of rows and columns in the plaintext, correspondingly,

2. Iterate and skip the first 𝑁₀ entries for a novel sequence S of size MN.

3. The subsequent formula to Calculate the key:

𝐾 = mod(floor(S(i) × 10¹⁴), 256), 𝑖 = 1: MN       (5)

4.2. Mathematical Description for Encryption

The Equation (6) describes plaintext expansion from 56-bit to 64-bit. So-called Lightly Encrypted Plaintext is the result of this process.

LEPT = Ext(PT)       (6)

LEPT is provisionally expanded from 64 to 128 bits in order to execute Key whitening, as indicated in Equation (7). Key whitening is done with the K0 key. The LEPT can only be transformed once with the K0 key. In contrast, from K1 to K9, each key converts the LEPT twice.

\(\begin{aligned}(L E P T) \operatorname{Exp} \bar{\oplus} K_{0}\end{aligned}\)       (7)

DExp is used to lower the LEPT to 64 bits in order to remove the transient contraction and it is shown in (8).

DExp((LEPT)Exp) ⊕ 𝐾₀       (8)

Afterwards, the Permutation based on Equation (9) is carried out as follows.

\(\begin{aligned}\left(L E P T \bar{\oplus} K_{0}\right) P^{r}\end{aligned}\)       (9)

For any r-th round, the replacement is followed by the addition of the left half key and the subtraction of the right half key, which is given in Equation 10.

\(\begin{aligned}\left(\left(\left(L E P T \bar{\oplus} K_{0}\right) P^{r}\right) S^{r} \bar{\oplus} K_{L}^{r}\right) \bar{\oplus} K_{R}^{r}\end{aligned}\)       (10)

4.3. Decryption of the Algorithm

To access the encrypted data from the cloud, the cloud computing’s user would first need to decrypt it. Equation (11) describes how key subtraction, which takes place on the encryption side, is cancelled out at the decryption side by subtracting the right half key of the r^th round.

\(\begin{aligned}\left(\left(\left(L E P T \bar{\oplus} K_{0}\right) P^{r}\right) S^{r} \bar{\oplus} K_{L}^{r}\right) \bar{\oplus} K_{R}^{r} \bar{\oplus} K_{R}^{r}\end{aligned}\)       (11)

The next step is to conduct key addition to cancel the effect of key adding on the encryption side, as explained in Equation (12) that utilising the left half key for any subsequent rounds.

\(\begin{aligned}\left(\left(\left(L E P T \bar{\oplus} K_{0}\right) P^{r}\right) S^{r} \bar{\oplus} K_{L}^{r}\right) \bar{\oplus} K_{L}^{r}\end{aligned}\)       (12)

Any subsequent rounds of inverse substitution are used to eliminate the effect of substitution on the encryption side, which is shown in Eq. (13).

\(\begin{aligned}S_{r}^{\prime}\left(\left(\left(L E P T \bar{\oplus} K_{0}\right) P^{r}\right) S^{r}\right)\end{aligned}\)       (13)

According to Equation (14), the permutation effect on the encryption side is cancelled using inverse permutation for any r^th round.

\(\begin{aligned}P_{r}^{\prime}\left(\left(L E P T \bar{\oplus} K_{0}\right) P^{r}\right)\end{aligned}\)       (14)

Key decryption side would counteract effect on the encryption side, which is provided in Eq. (15).

\(\begin{aligned}\mathrm{LEPTK}_{0} \bar{\oplus} K_{0}\end{aligned}\)       (15)

When decryption is complete, LEPT is transformed into standard PT as described in Equation (16).

PT = Cn(LEPT)       (16)

As a result, as previously explained, the plaintext is obtained during the decryption process. Fig. 4 is a flowchart of the full IMES system.

Fig. 4. Flowchart for data enciphering.

Algorithm 1: Algorithm-IMES Encryption

1 Declaration;

2 PT ← Plaintext;

3 N ← Size of PT;

4 CT ← Ciphertext;

5 PPT ← Padded form of PT;

6 BPT ← Binary form of PT;

7 EPT ← Extended form of PT;

8 AGK ← Key generation using logistic map;

9 Ki ← Key, i = 0, 1,.., 9;

10 CT ← Ciphertext;

11 Execution - Encryption;

12 N ← Length(PT);

13 BPT ← Binary Formatting(PT);

14 if N < 64 then

15 PPT ← Padding(BPT);

16 EPT ← Extension(PPT);

17 KEY ← Transformation(AGK);

18 Key ← Whitening(K0);

19 while i > 9 do

20 Permutation (EPT);

21 CT ← Shifting (EPT);

22 CT ← Substitution(EPT);

23 CT ← Key - Addition(Ki);

24 CT ← Key - Subtraction(Ki);

25 i++;

26 end

27 KeyEncryption(AGK)

Algorithm 2: Algorithm-IMES Decryption

1 Declaration;

2 PT ← Plaintext;

3 CT ← Ciphertext;

4 N ← Size of CT;

5 PPT ← Padded form of PT;

6 UPCT ← Un - Padded form of CT;

7 SCT ← String form of CT;

8 CCT ← Contracted form of PT;

9 AGK ← Key Generation using logistic map;

10 Ki ← Key, i = 0, 1, ... 9;

11 PT ← Plain Text;

12 Execution - Decryption;

13 Key - Decryption (AGK);

14 KEY - Trans formation(AGK);

15 while i < 9 do

16 PT ← Permutation(EPT);

17 PT ← Shifting(EPT);

18 PT ← Substitution(EPT);

19 PT ← Key - Addition(Ki);

20 PT ← Key - Substraction(Ki);

21 PT ← i - Key - Whitening(K0);

22 i ++;

23 end

24 SPT ← String Formate(CT);

25 if PPT! = NULL then

26 UPCT ← Un - padding(SPT);

27 CCT ← Contraction(UPCT);

28 N ← Length(PT);

5. Results and Discussion

To conduct the proposed scheme's performance analysis, the following environmental factors were taken into consideration that is shown in Table 2.

Table 2. Experiments Setup.

5.1. Check for Modularity

Table 3 shows the module-based processing use of IMES with various input sizes. In addition, the IMES's module-based execution time is listed below.

Table 3. Rate of utilization processor.​​​​​​​

The elapsed time estimation for IMES encryption has been completed. In cryptography, the enciphering time measures how long it takes to convert raw data into ciphertext. The throughput of any algorithm can be estimated using the encryption time. It has an impact on encryption's speed. The greater the throughput, the lower the power consumption that will be shown in the following, different outcomes were obtained by varying the input size. Table 4 and Fig 5 and Fig 6 provides the investigation of IMES in terms of key transformation.

Fig. 5. Results of proposed IMES in terms of key transformation.

Table 4. Investigation of IMES in terms of modularity check​​​​​​​

Fig. 6. Results of proposed IMES for various trails on modular investigations

5.2. Performance on Processor Utilization

Here, the validation of CPU utilization is compared for proposed IMES with existing models in terms of various trials, which is provided in Table 5 and Fig 7 shows how MES compares to other cryptographic algorithms in terms of performance when it comes to CPU use. The existing techniques such as AES [20], Blowfish [17,24] and DES [19] are also considered for this comparison, however these techniques are all implemented with the data used in this research work.

Table 5. Experimental Analysis on Processor utilization​​​​​​​

Fig. 7. Processor Utilization of proposed model with existing models​​​​​​​

Different input sizes were used to examine the processor time for each round. MES's key transformation uses a larger percentage of CPU time than the other modules. Block cyphers like MES and HI are evaluated against the MCC environment's security in this section. Analyzing how long a CPU spends on a given computation is known as processor utilisation. It shows the processor's current workload. In general, the more CPU time spent encoding, the more work the processor must do. An investigation of how varied input sizes and platforms affect processor time estimation is carried out in these trials. Fig. 8 depicts the various key schemes and the key types requirements for different algorithms.

Fig. 8. Graphical Representation of proposed model in terms of Degree of Key varieties.​​​​​​​

Qualitative comparison is used in this study. One type of key is supported by DES, RC5, RC6, Blowfish, and IDEA, while AES provides three types of keys, and MES provides five types of keys. According to the graph below, MES has the highest level of important variances. Table 6 and Fig. 9 shows the performance analysis of key colligation rate.

Table 6. Key-data colligation rate.​​​​​​​

Fig. 9. Colligation rate of key for proposed model​​​​​​​

Each key transforms data twice with each round, except stage. Key whitening (KW) is only one of subsuming metrics, as key subtraction and key adding are also important. In the single round, the key colligation rate is 2.01 for proposed model, where the existing techniques such as AES, Blowfish, DES, RC5 and 3DES achieved 1.04, 1.03 and 1.04 rate of key colligation.

5.3. Analysis of Time Complexities

IMES is a block-size-dependent algorithm like AES, DES, 3DES, and so on. Regardless of the input size, this algorithm has a temporal complexity as(𝑂(1)). IMES has a spatial complexity of 𝑂(𝑛).Furthermore, IMES outperforms other commonly used algorithms in terms of memory and CPU use as well as key variances and data collecting rates. This makes IMES a better option because of its low memory and CPU utilisation. Fig. 10 and Table 7 shows the experimental analysis.

Table 7. Memory utilization.​​​​​​​

Fig. 10. Memory Utilization​​​​​​​

Table 8 and Table 9 provides the experimental analysis of processing time, encryption time, and decryption time for various file sizes by using different algorithms.

Table 8. Comparison in terms of processing time (s).

Table 9. The table shows the response time in seconds.

When the key size is less than 20MB, the DES, AES and Blowfish has 0.13s, 3DES has 0.09s and proposed model has only 0.06s for 1MB key size. At the same time, when the key size is 70MB, the proposed model has 64s of processing time, AES has 256s, DES has 156s, Blowfish has 256s and 3DES has 192s. When the file size is 512KB, the proposed model has 0.03s, the DES, AES and Blowfish has 0.051s. From this analysis, it is clearly proving that proposed IMES achieved better performance than existing techniques.

When the file size is 2.9MB, DES has 12.19s of encryption time, 1.13s of decryption, AES has 10.53s of encryption time, 1.64s of decryption time, where the proposed model has 23.34s for encryption, 4.37s for decryption and this is due to logistic map for key generation. The other existing techniques are randomly used the keys for further process and these effects made the proposed model has high encryption and decryption time than existing models. But, the efficiency of IMES is satisfactory than other models in terms of different parameters.

7. Conclusion

Cloud computing security has climbed to the top of cloud customers' concerns. Cryptography is the most effective of several ways and strategies. In this study, a novel, lightweight cryptographic method called IMES has been proposed to increase cloud computing security. Encryption relies on symmetric cryptography. For the purpose of benchmarking the suggested method's performance against other well-known cryptographic algorithms, we looked at parameters including block size, key length, prospective key, mathematical processes, cipher type, and security power. There is a clear development in encryption and decryption with the IMES approach, according to experimental data. This method provides great security and minimal computational costs. In terms of data collection and processing speed, cloud computing is even more effective. It is possible to further enhance the suggested work's efficiency by incorporating quantum computing in order to make it more user-friendly in terms of privacy and security issues.

Data Availability Statement

The authors would like to hereby state that, “Data sharing not applicable to this article as no datasets were generated or analysed during the current study”.