View Full Paper

Secure Channel Establishment Algorithm For Key Management And Data Sharing In Fully Homomorphic Encryption Scheme
SECURE CHANNEL ESTABLISHMENT ALGORITHM FOR KEY
MANAGEMENT AND DATA SHARING IN FULLY HOMOMORPHIC
ENCRYPTION SCHEME
1
AMANDEEP SINGH, 2KUNTAL GAUR
1,2
M.tech computer network &info security, Assistant professor CSE Department Manipal university Jaipur, Manipal
university Jaipur
Abstract— Cloud computing has attained adoration because of its anytime anywhere available services but still it has some
enervation in security of data stored and accessed. Now-a-days people are more perturbed about the security and availability
of their data. For data storage protection various encryption schemes had come up as file system encryption (FSE) but in this
scheme user has to nurture an enormous amount of long password because of it the intricacy of system surge. Another scheme
that originate was Full Disc Encryption (FDE) scheme but on granularity basis this scheme also flounder to hedge the data
stored. Then Fully Homomorphic Encryption (FHE) show up, in this scheme the data is hoarded in encrypted format on cloud
server and the Cloud Service Provider (CSP) accord with the encrypted query and sends back the result in encrypted format.
This proposition has improved the security and privacy of data but it also has some enervation, as key management, key
sharing and performance issues. In this paper we purpose a elucidation to solve the key management, key sharing and
performance issues of FHE while perpetuate data protection at granularity level. For this we will endorse an amended Diffie
Hellman key exchange algorithm to compose an unassailable channel for data pro quo between the user and the CSP.
Index Terms— Cloud Computing, FDE, FHE, FSE
I.
competitive organizations. Outside attack-: as cloud
has a wide infrastructure so corresponding to this
cloud provide many interfaces for service to its
enormous users. This will give a radical attack surface
area to the malicious user, hackers to find the flaw in
the API and can get hands on the user private data
which will lead to threat to user as well as the CSP.
Data loss-: when the data is present in the
organization the user can put various levels of access
restrictions on the data but as soon as the data is
conveyed on the cloud the user forfeit its control on the
data and the access restrictions are not same in the
communal environment as it is in the organization,
unauthorized party may gain passage to
organization’s private data which may lead to data
loss for the firm. Multi-tenancy issue-: due to the
multi-tenant model the interfaces on the cloud are
more, due to which the attack area on cloud is broad.
As we know in cloud multiple user shares the same
application or same hardware with the help of virtual
machines (VM) and if the proper isolation is not done
on VM then VM to VM attack is possible and this will
lead to information leakage. To provide the security of
user data in the cloud environment various encryption
techniques were purposed among them one encryption
scheme that has been expound is Homomorphic
encryption, which plight that the cipher text will be
treated as the plain text, according to Homomorphic
encryption the data is stocked in encrypted format on
the cloud and when user sends some query on cloud
,then CSP without decrypting the query simply do the
evaluation on the encrypted data and query and sends
INTRODUCTION
The amelioration and adoration of cloud computing
has increased due to its convenient on demand access
to its resources like storage servers, network services
etc. that can be easily accessed and released in an
efficient way. Cloud hype is because of its easy
scalability feature. Cloud basically provides three
types of service Infrastructure as a Service (IAAS)
Software as a Service (SAAS) and Platform as a
Service (PAAS). But cloud’s prime concern is the
armament of data stored and accessed on it. Many
surveys have shown that the organization’s prime task
is the security of the data on cloud as they pass up
control on data as soon as it is hoarded on the cloud,
they do not have any physical control on data and not
even any information that how the data is fostered on
the cloud. Users on cloud are more concerned about
the security, privacy and availability of data. Various
security affair attached with clouds can be – insider
attack-: as cloud is a multi-consumer model, here
multiple users are present under the same domain,
locking up the same application or hardware. In this
locale user feel lack of transparency like how the cloud
service provider is going to hoard the data and which
encryption tactics CSP is going to use to foster the data
and how the CSP will oversee the keys in the
communal environment and if they are using third
party module (TPM) then what kind of relationship
CSP will have with the TPM. These interests provide
the loopholes for the casual hackers and the malicious
insiders that can sell user private data to some other
Proceedings of 4th SARC-IRF International Conference, New Delhi, India, 27th April. 2014, ISBN: 978-93-84209-08-7
46
Secure Channel Establishment Algorithm For Key Management And Data Sharing In Fully Homomorphic Encryption Scheme
back the encrypted result to the user , as all the
calculations are done on encrypted data so the
confidentiality and privacy of the data is fostered on
the cloud. But here key sharing and key management
issue arises, as who will hold the keys that are used to
encrypt the data on cloud if the keys is with the user
and hoarded on the local environment then the cloud
definition of communal environment is violated So in
this paper we bourn a quick fix for key management
and key sharing in FHE that will bulge to upsurge in
the efficiency, performance and reliability of FHE
scheme.
text. Cloud has matured but it is still not able to
provide armament to the data hoarded on cloud
effectively. To provide storage security various
encryption strategies were used such as file system
encryption (FSE)-: in this encryption scheme the
concept of both the symmetric and public key
cryptography algorithm is used. Firstly the data file is
encrypted using symmetric key encryption then the
public key encryption is used to encrypt the symmetric
key after this the fused result is captured on the storage
server in encrypted format. This encryption schema is
somewhat efficient but in this expedient the
complexity of the system upsurge as the user has to
maintain large number of pass keys to encrypt/decrypt
the data. Also in this scheme the content of file is
encrypted but not the file name and this will lead to
some serious security breaches as file name may leak
some sensitive information about the organization.
Another encryption scheme that was used is FDE in
this the whole disc drive is encrypted according to the
predefined sectors of the disc automatically under the
same key. Only the authorized user has the key and is
able to decrypt the disc drive and get the data in
original form. But this scheme fails to provide the
security in depth, as, if the user want to access some
data, it need the key but as the whole disc is encrypted
under the same key than the user would be able to
access all the data, he might be a malicious user that
has its hand on user private data which can harm the
organization. This tactics is useful on individual bases
as in case of stolen laptops or hard drives but in the
shared locale this proposal fails to provide the security
of data as expected. With this expedient the
confidentiality of the data can be breached due to
multiple user environments. Then FHE scheme was
proposed which plight that we need some functions
that would be able to do the evaluation or computation
on the encrypted data without first decrypting it, the
aim of this tactics was to treat the cipher text as the
plain text and to shade the information about the data
stored and data requested from the storage servers,
this scheme was firstly proposed by the inventors of
RSA (Rivest, Adleman and Dertouzos), they called
these scheme as privacy homomorphism. The basis of
this scheme is granularity meaning as the user will
increase the depth the level of security to the data
increases. In the public key encryption scheme there
are 3 basic parameters key generator (keygen) ,
encryption (Enc) ,decryption(Dec) and this scheme
can be called as fully homomorphic if another
parameter - evaluation function algorithm is
introduced in it as given Eq.1 . In this equation $
defines the set of cipher text and the CKT is a valid
evaluation function and C* is the output in encrypted
format.
Fig. 1.1 General flow chart of FHE
This paper is organized as follows section 2 will give
the background theory of this proposal section 3 will
define the motivation behind this proposal and section
4 will describe the conclusion and future scope.
II.
BACKGROUND
To provide the confidentiality and privacy to the user’s
personal information populous encryption schemes
had come up to harbour the user data from illegitimate
approach. These encryption schemes can be
symmetric key based or public key cryptography
based, which would convert the plain text into cipher
C* Eval ( Pk; $; Ckt) then Dec(Sk;C*)Ckt
(M1;…Mi) Eq.1
Proceedings of 4th SARC-IRF International Conference, New Delhi, India, 27th April. 2014, ISBN: 978-93-84209-08-7
47
Secure Channel Establishment Algorithm For Key Management And Data Sharing In Fully Homomorphic Encryption Scheme
Main problems in FHE scheme are key management,
key storage, data aggregation and access control list
maintaining. To solve the problem of key
management and Key sharing various schemes have
been proposed in recent years. Various security attacks
are possible in these schemes. The third party auditor
is the scheme for key management and key sharing.
The main advantage of this scheme is the CSP may
offer the functions which were provided by the
traditional third party auditor and make it more
trustful. So it indeed reduces the computational
complexity in cloud computing. The third party
auditing scheme fails, if the third party’s security is
compromised or if the third party is malicious. To
solve this problem, we propose a new model for key
sharing and key management in FHE scheme using
amended Diffie Hellman key exchange algorithm.
Fig 1.2: Homomorphic Encryption Scheme
But this scheme also has some loopholes like key
management, key sharing, and performance. It
provides the security but the issue arises that who will
hoard the keys , if these keys are with the user only on
a local server then this will violate the cloud’s basic
concept , then how the keys will be shared efficiently
in the shared cloud environment and even the
performance of FHE is not still up to the mark as
compared to the FDE, as according to Gentry
evaluation if FHE was implemented on something like
Google search then it will take 1 trillion time more
computation as compared to FDE .
III.
IV.
PROOSAL
This proposal is primarily focused on to develop a
model for FHE scheme. The new scheme will provide
reliable key storage and key management services.
This will enhance the reliability and security of the
existing FHE scheme. In this new model, secure
channel establishment algorithm will be used for key
management and key sharing. The secure channel
establishment algorithms are Diffie- Hellman and
RSA. The Diffie- Hellman algorithm is most secure
and reliable algorithm. In the Diffie-Hellman
algorithm if two parties, say, Master and Slave wishes
to exchange data. Before starting the communication,
secure channel is established. Both parties select their
own random number. On the basis of the selected
random numbers, secure channel and shared key is
established.
MOTIVATION
Cloud can provide services to the users at lower cost
and services are available anytime and anywhere
.Data security is the key challenge in cloud computing.
The data encryption is the best way for providing data
security in cloud computing. The two encryption
schemes that came into existence are: Full-Disk
Encryption (FDE) and Fully Homomorphism
Encryption (FHE). FDE encrypts entire physical disks
with a symmetric key, often in disk firmware, for
simplicity and speed. Although FDE is effective in
protecting private data in certain scenarios such as
stolen laptops and backup tapes, the concern is that it
cannot fulfil data protection goals in the cloud, where
physical theft is not the main threat. FHE offers the
promise of general computation on cipher text.
Basically, any function in plaintext can be
transformed into an equivalent function in cipher text:
the server does the real work, but it doesn’t know the
data it’s computing on. Naturally, this property gives
strong privacy guarantees when computing on private
data, but the question about its practicality for general
cloud applications still remains. The comparison was
made between the two data security schemes on basis
of certain factors. These factors were: key
management and trust, sharing, aggregation,
performance, ease of development and maintenance.
It was concluded that FHE scheme is more reliable and
provide more security as compared to FDE scheme.
The Diffie Hellman key exchange algorithm is
embedded in the FHE procedure and source node and
destination node is defined. To establish secure
channel both parties select a random prime number g
and n these two numbers are public. Both parties,
Master and Slave now need to select their private
numbers, these numbers are ‘a’ and ‘b’ respectively.
Both devices calculate the two numbers M and S from
the public and private selected random numbers.
After, calculating M and S both parties exchange M
and S through the intermediate node in the network.
When Slave receives M and Master receives S both
parties will calculate mode inverse. If both parties
have same mode inverse values, secure channel is
established between Master and Slave. The Diffie
Hellman algorithm will establish secure channel
between source and destination. The encrypted data is
exchanged between two parties with the public key
cryptography. The man in middle attack problem of
Diffie will be solved with hashing
Proceedings of 4th SARC-IRF International Conference, New Delhi, India, 27th April. 2014, ISBN: 978-93-84209-08-7
48
Secure Channel Establishment Algorithm For Key Management And Data Sharing In Fully Homomorphic Encryption Scheme
By comparing both the techniques through survey we
conclude that FHE is better than FDE. But there are
some issues in FHE like key management, key
Storage, Data Aggregation, ACL maintaining.
In future, we are going implement this novel
technique, using secure channel establishment
algorithm for key management and data sharing that
is enhancement in FHE. The secure channel
establishment algorithms are Diffie- Hellman and
RSA. By using this algorithm key management and
key sharing scheme become more efficient. This
scheme also enhanced the efficiency of FHE.
REFERENCES
Figure 1.3 Proposed algorithm flowchart
[1]
Goluch Sigrun “The development of homomorphic
cryptography” Vienna University of Technology, 2009
[2]
Jun Li, Huiping Yu “Trusted Full Disk Encryption Model Based
on TPM” IEEE Computer Society, 2010
[3]
Gentry Craig and Halevi Shai “Fully Homomorphic Encryption
without Squashing Using Depth-3 Arithmetic Circuits” IEEE
Computer Society, 2011
[4]
Bhel Akhil “Emerging Security Challenges in Cloud
Computing” IEEE Computer Society, 2011
[5]
Han Shuai, Xing Jianchuan “Ensuring Data Storage Security
Through A Novel Third Party Auditor Scheme In Cloud
Computing” IEEE Computer Society, 2011
[6]
Song Dawn, Shi Elaine “Cloud Data Protection for the Masses”
IEEE Computer Society, 2012
[7]
Chen Deyan, Zhao Hong “Data Security and Privacy Protection
Issues in Cloud Computing” International Conference on
Computer Science and Electronics Engineering., 2012
CONCLUSION & FUTURE WORK
Grid computing is one of the important computing
techniques which are used for the storage of the large
data. There are two important techniques i.e. Fully
Disc Encryption and Fully homomorphic Encryption
to provide cloud data security. But there are some
security issues in FDE like data loss, aggregation etc.

Proceedings of 4th SARC-IRF International Conference, New Delhi, India, 27th April. 2014, ISBN: 978-93-84209-08-7
49

Download Report