Data Partitioning In Cloud Storage Using DESD Crypto Technique

Data Partitioning In Cloud Storage Using
DESD Crypto Technique
B.Muthulakshmi1*
, M.Venkatesulu2
1*
Department of Computer Applications, Kalasalingam University, Krishnankoil, Tamil Nadu, India.
2
Department of Information Technology, Kalasalingam University, Krishnankoil, Tamil Nadu, India.
*Corresponding Author: selvamayil2010@gmail.com
Abstract
With the growth of cloud technologies, computing
resources and cloud storage have become the most
demanding online services. There are several companies
desiring to outsource their data storage and resources as
well. While storing private and sensitive data on a third
party data center, it is necessary to consider security and
privacy which become major issues. In this paper, a novel
Double Encryption with Single Decryption (DESD) crypto
technique is proposed to secure the data in cloud storage.
The proposed technique comprises of encryption and
decryption phases where in the encryption phase the data is
randomly partitioned into multiple fragments. Double
encryption is done on each fragment by prime numbers, as
well as Invertible Non-linear Function (INF). These
multiple encrypted data are stored at the multiple cloud
storages with the help of cloud service provider (CSP).
After all verification process the data user collects the key
from the data owner and decrypts the gathered data from
the cloud with the knowledge of inverse INF. The proposed
crypto technique provides more security and privacy to
cloud data and any illegitimate users cannot retrieve the
original data. The performance of the proposed DESD
technique is compared with AES and Triple DES
techniques and the experimental results are plotted which
shows the proposed technique is efficient and faster.
Key words: Cloud computing, cloud service
provider, DESD crypto technique, Invertible Non-
linear Function, AES and Triple DES.
1. Introduction
In recent years, this fast growing innovative
technology offers users with several paperless
services which are available online, for example, e-
banking, e-billing, e-mail, e-shopping and e-
transaction etc. These paperless services need data
exchange through online. This data might be any
personal or sensitive information such as credit or
debit card details, business secrete information,
banking transactions and so on. These kinds of
information need more security as disclosure of such
personal data to any illegitimate user can produce
extremely hazardous consequences. There is a high
necessity for user’s security while exchanging their
personal information through un trusted networks.
Thus, it is necessary to develop a security mechanism
for converting user’s personal or sensitive
information to some other unreadable format. While
sending such information it is essential to build it
harder for intruders to collect some observed
information. Cryptography is one of the techniques to
achieve it.
In cloud computing ,user’s data (i.e. data owner) is
stored at some untrusted third party that needs
extreme protection as data owner does not possess
any physical access on the information. Data privacy
and security of user or owner are consistently a vital
issue in cloud computing (Dai Yuefa et al (2009),
Mohit Marwahe and Rajeev Bedi (2013)). There are
several advantages such as low cost and easy access
on data provided by the cloud but privacy and
security problems is of concern while storing user’s
personal and sensitive data to cloud storage (M.
Mohamed et al (2013)). Data in cloud storage might
be attacked in two manners such as inside or outside
attack (L. Arockiam and S. Monikandan (2013)). If
an attacker attempts to access the cloud data while in
transition or at rest which is not legitimized, then it is
known as outside attack. An attack from the cloud
administrator side is defined as inside attack. When
compared to the outside attack, the inside attack is
International Journal of Computer Science and Information Security (IJCSIS),
Vol. 16, No. 1, January 2018
21 https://sites.google.com/site/ijcsis/
ISSN 1947-5500

really hard to identify and the data owner or user
must be very careful while storing and retrieving
their personal data to or from the cloud storage.
Moreover the retrieved data by the authorized user
from the cloud should not be in actual format as there
is high possibility of outside attack. Therefore all the
data must be converted into unreadable format by
encrypting before storing it in cloud; then its actual
format is revert back by decryption. This should be
possible with the aid of cryptography.
Cryptography is classified into two techniques
namely “code making” and “code breaking”. The
code making involves to covert a message or data
into other incomprehensible/unreadable format to
secure it from any malicious activity of malicious
users whereas the code breaking provides the solution
known as cryptanalysis (Chris Christensen (2006)).
The major objective of cryptography is preventing
intruders from obtaining the actual data and permits
only legitimate users to obtain the correct information
without any modification. Utilization of
cryptographic strategies guarantees the user’s
personal information remains secure from any
changes and illegitimate users. These illegitimate
users cannot break encrypted code of original
information while legitimate users only have the
authority to revert back the translated information
into actual format (Sinkov A (1996)). The entire
process of conversion of original data and reversing
back the exact data is called as encryption and
decryption respectively.
This paper proposed a novel Double Encryption with
Single Decryption (DESD) crypto technique to
protect cloud data. Data of large volume is split into
number of small fragments by data partitioning
process. Then each partition is subjected to
encryption and here double encryption is done. The
first encryption is accomplished with prime numbers.
For that the prime numbers are generated randomly
and the number of generated prime numbers equal to
twice the number of partitioned data when the data
owner wants to produce four encrypted forms. Based
on the interest of data owner he/she can produce 8 or
16 or 32 encrypted forms for a single data part. Then
complements of all primes are computed. So each
partition is encrypted with a prime and its
complement. After the first encryption a large integer
is generated and is divided into number of small
integers which is equal to the number of data
partitions. Each small integer is added with each
encrypted data. Each resultant cipher is then
subjected to another encryption using invertible non-
linear function (INF) which has two random integers.
The second encryption is achieved by multiplying
each data partition with the first integer and added
with the second integer. At user end a single
decryption is enough to decrypt the data and the key
is subtracted to retrieve original data where the key is
a large integer value. An important thing is that the
data user must have the knowledge of the inverse
invertible non-linear function for decryption.
The rest of the paper is organized as follows: Section
2 presents the related works on cryptographic
techniques and section 3 presents the problem
definition. In section 4, the proposed method is
presented in detail. Section 5 deals with the
experimental results and in section 6 the paper is
concluded with scope for future work.
2. Related work
V.Masthanamma, G.Lakshmi Preya (2015) examine
about the usage of cryptography schemes, to enhance
the security of encrypted data that is sent by the cloud
users to cloud server. The fundamental goal is to
perform encryption and decryption of data in a
secured way with consumption of very less time and
low cost for both encoding and decoding process.
Various amounts of keys are produced and repeated
attacks are observed. Thus by repeating the strategy it
assists the data to remain safe against the attacks to
extend the security of decoded data that is sent by the
cloud users to cloud server.
H.Y. Lin and W.G. Tzeng (2012) presented a
threshold proxy re-encryption scheme in which data
security is accomplished using decentralized erasure
code. This makes the system stronger and privacy
issues of cloud service provider (CSP) are solved.
Here the data is stored in a cloud storage server in
encrypted format and when a user requests the data,
the data holder sends the re-encryption key to the
server that again encrypt the same data for requested
user. The authors consider that the cloud storage
comprises of storage and key servers where in
ISSN 1947-5500

storage server the data storing operation are
performed. In order to decrypt the encoded and
encrypted data with n codeword symbols, each key
server has to independently perform partial
decryption alone.
Pancholi et al (2016) have presented the method of
using diverse parts by the ciphers and its converse for
all purposes eliminates the keys in AES that is the
drawback of DES. In AES, the likelihood of
proportionate keys is taken out for nonlinearity of the
key extension for all purposes. For several
microcontrollers an implementation correlation
among AES, DES and Triple DES exhibits that AES
and Triple DES require a PC expense of the same
request. Another execution evaluation reveals that
AES has great status over estimations 3DES, DES
and RC2 to the extent of execution time with
different package size and throughput for encoding
and furthermore decoding. Similarly changing data
order, for instance, image instead of content, it has
been discovered that AES possess a benefit over
Blowfish, RC2 and RC6 with respect to time usage.
K. Nasrin, et. al. (2014) dealt with cloud storage
framework which is the most important research area
in cloud computing in which security is considered as
one of the vital concerns. The authors combined the
asymmetric and symmetric key approaches utilizing
AES and RSA algorithms and derived a novel
mechanism. AES is useful for key sharing and less
overhead cryptographic technique and complex
phenomena is created by RSA to provide security
from attackers. The main attention of the attackers
was on demonstrating secure data communication
from defenseless or vulnerable networks.
Jayant, D. et al. (2015) presented a novel mechanism
called role base access control by applying AES and
RSA algorithm for providing a secure
communication environment for open cloud
environments. The authors used RSA and AES
algorithms for the purpose of encryption and
decryption where access control is achieved using
RBAC mechanism. According to the model of RBAC
the uploading rights and several rights to several
users were given.
In this paper, a novel DESD crypto technique is
proposed to provide privacy and security for
confidential and sensitive data stored in cloud server.
It requires less computation time with low cost. It
also provides better protection against intruders and
malicious activities with faster operations.
3. Objective and issues
The main objective of this paper is to design an
efficient cryptographic technique which is simple and
consumes less time to perform encryption and
decryption operations on data stored in cloud. The
encrypted data should require limited space for
storage. Some of the following privacy and security
issues are rectified.
Access control: Failure of CSP may happen
at some situation on cloud environment that
leads the chances of intruders and malicious
activities.
Lack of user control: In cloud user data is
stored at some remote location and its
complete control is taken by CSP i.e. the
user has no control on its data.
Control policy: The CSP may have self-
interest on user’s data at some network
conditions. Thus it is necessary to
implement security mechanism for CSP to
provide control policy in the cloud
environment.
4. Proposed Methodology
4.1. System Model
The proposed system model comprises of
four entities such as data owner, cloud
service provider (CSP), cloud storage and
data user. Figure 1 illustrates the system
model of the proposed work and its flow of
operation is also explained.
ISSN 1947-5500

Figure 1: Proposed system model
The operation of data owner is to collect data in any
form like image, text, audio and video which will
then be building a document index which is
partitioned into several numbers of small fragments.
Each fragment is encrypted multiple times and
outsourced to the cloud storage. The cloud service
provider (CSP) is responsible to allocate available
space for outsourced data at different storage location
of a single cloud or different clouds. The CSP has the
complete control on the cloud storage i.e. once the
data is stored in the cloud its complete control is
taken by the CSP. Here ‘N’ number of clouds is taken
to store the user’s data. In cloud storage, the ciphers
are stored in allocated storage space. If the data user
wants to access data in cloud he/she must be verified
by the CSP to verify his/her authorization. If he/she is
an authorized user then it allows sending data access
request to the data owner. The data owner responds
the request by sending authentication certificate with
a decryption key. By verifying the gathered
authentication certificate the CSP command the
storage to provide data. Finally the decryption is done
by the collected key from the data owner.
4.2. Detailed contribution
The detailed contribution of the proposed work is
explained through the block diagram demonstrated in
Figure 2. This block diagram comprises of three
major blocks such as data owner, CSP and data user.
Each of its operations is explained below in a detailed
manner.
Figure 2: Block diagram
The data owner comprises the data in the form of
plaintext which is large size. So it is partitioned into
multiple small fragments. There are several
advantages in data partitioning such as: 1) Processing
of large volume of data makes the operation complex.
2) Uploading and downloading of these small
fragments requires relatively very less time. 3) These
are very easy to access. Then each partitioned
fragment is encrypted with prime numbers and its
complements for multiple times. With the help of
Inverse Non-linear Function (INF) second encryption
is accomplished which produces ciphers with
unreadable format. These are outsourced to the
different locations at same cloud storage and different
Data Owner
Create partitioning of data &
Encrypt using Double-encrypt
Cloud Service Provider
(CSP)
Assign available space for
each cipher
Cloud Storage
Store the given ciphers in
different locations
End Users
Perform Decryption using
obtained key
1. Send Encrypted data
2. Store Encrypted data in
cloud
3. Send Data Access Request
4. Provide key & Certificate
5. Send Access Request &
Certificate
6. Command to provide
Encrypted data
Cloud Storage
M
Plaintext
Data partitioning
First encryption
with primes and
complements
Second encryption
with INF
Cloud 1
Cloud 2
Cloud 3
Cloud N
Merge all
encrypted data
Perform inverse
INF
Subtract the
obtained Key
Plaintext
Data Owner Cloud Service Provider Data User
ISSN 1947-5500

cloud storage. For that the CSP has to process these
data to allocate available space for storage. After all
verification process the CSP command the cloud to
provide the data stored at different locations. The
data user merges all the collected encrypted data and
performs inverse INF. Finally to get the plaintext the
key is subtracted from the previous results.
Symbol Description
iX Plaintext
i Number of split or partitioned data
ni ,,2,1 L=
NP Number of generated primes
ii QP, Set of prime numbers
c
i
c
i QP , Prime complements
p Bit of the prime. Here 32=p
iD Random Integer
nd Number of split of random integer
if Generated ciphers
iS Sum of encrypted form
4.3. Encryption
The large volume of data is to be stored in the
cloud effectively. So the large volume of data is
partitioned into number of small partitions or
fragments at the first step of encryption. Here
double encryption algorithm is proposed to encrypt
each partition. The first encryption is done with the
prime numbers and its complements. The pseudo
plaintexts or cipher texts are obtained by the
second encryption with Invertible Non-linear
Function (INF) and its general form is given
as,
baxxg +=)(
where a and b are integers and y denotes
cipher texts obtained through the first
encryption. Each cipher part is multiplied with
a and then added with b. These ciphers are
stored at different locations of a single cloud
or multiple clouds.
a. Double Encryption Algorithm
Input : iX
Method:
i. Random partitioning
},,{ 321 ni xxxxX L=
ii. Generate NP and iN XP 2=
iii. Take ii QP,
iv. Compute c
i
c
i QP ,
]2[ 1
i
pc
i KK −= +
Q
v. Generate iD and split it into
small integers
ni dddD ,,, 21 L=
vi. nn xd = (Here, we take 4=n )
vii. First encrypted data
111 )**( dQPxy +=
212 )**( dQPxy c
+=
313 )**( dQPxy c
+=
414 )**( dQPxy cc
+=
viii. Second encrypted with INF
bayyg += 11)(
bayyg += 22 )(
bayyg += 33 )(
bayyg += 44 )(
ix. Apply the above steps on each
data part (up to nx ) and store the
obtained multiple ciphers in
different locations of a single
cloud storage or different cloud
storages.
ISSN 1947-5500

Partitioning
First data
part
Encrypt
with primes
QP*
Encrypt
with prime
&
Complement
c
QP*
Encrypt
with
Complement
& prime
QPc
*
Encrypt
with primes
QP*
Add 1d Add 2d Add 3d Add 4d
First encrypted data
111 )**( dQPxy +=
Second Encrypted
with INF
bayyg += 11)(
Second Encrypted
with INF
bayyg += 22 )(
Second Encrypted
with INF
bayyg += 33 )(
Second Encrypted
with INF
bayyg += 44 )(
Cloud A Cloud B Cloud C Cloud D
212 )**( dQPxy c
+=
313 )**( dQPxy c
+=
414 )**( dQPxy cc
+=
Plaintext
)( iX
Data
Parts
ISSN 1947-5500

Figure 3: Flow diagram of encryption
algorithm
4.4. Decryption
In most of the cryptographic techniques,
decryption keys are included in the encrypted
data stored in cloud storage. But in our proposed
crypto technique the data owner has the
decryption keys which are given to the
requesting authorized data users by the data
owner with an authentication certificate. After
verifying this certificate the CSP command the
storage to provide cipher text or encrypted data.
With the knowledge of inverse INF and using
decryption key the user decrypt the encrypted
data. The general form of inverse INF is as
follows,
a
bx
xg
−
=−
)(1
where a and b are integers and x is the cipher
text.
a. Decryption Algorithm
Step 1: Apply inverse form of INF
a
by
ygG i
ii
−
== −
)(1
Step 2: Add all first encrypted ciphers
4321 ffffSi +++= ∑
Step 3: Subtract large integer
iii DSZ −= ( iZ with padded zeros )
Step 3: Delete the padded zeros
Step 4: Perform the above steps on all the four
encrypted data parts(up to nx ) and sum all of
them.
∑=
=
n
i
ii xR
1
Step 4: Convert into byte array
Step 5: Merge all Byte arrays
Step 6: Get original plaintext )( iX
Figure 4: Flow diagram of decryption
algorithm
5. Performance Analysis
In this section, the performance of the proposed
DESD crypto technique is analyzed and
compared with existing techniques in a detailed
manner. As we know that the privacy and
security are the most important concerns in
cloud computing. All existing cryptographic
techniques tried to provide privacy and security
to the cloud storage at its level best. There are
thousands of cryptographic techniques proposed
previously and we cannot take all of them for
comparison. So we take two standard
Cloud A
ygf == 11 )(
Cloud B
ygf == 22 )(
Cloud C
ygf == 33 )(
Cloud D
ygf == 44 )(
Apply
ygG ii = −
)(1
Perform
∑=
=
n
i
ii xR
1

Convert into byte
array
Merge all Byte
arraysPlain Text )( iX
Data Merge
43
21
ff
ffSi
++
+= ∑
Subtract large
integer
iii DSZ −=
ISSN 1947-5500

cryptographic techniques among them for
comparison such as AES and Triple DES.
Consider a situation that an intruder gathers data
from cloud by breaking protection mechanism of
CSP. We compare the performance of existing
and proposed techniques at this situation.
First we take existing AES and Triple DES
techniques which provide complete control on
data to CSP. So the intruder can easily break the
gathered encrypted files since they are encrypted
with decryption keys. Moreover the existing
techniques cannot give cent percentage privacy
assurance where the data encryption is done by
the CSP. If the CSP is self-interested on its data
it can misuse the data without knowing the data
owner.
In our proposed technique, the data owner has
the complete control on data by keeping the
decryption key with him/her and they store
encrypted file only at the cloud storage. Without
the knowledge of inverse INF and decryption
key the intruder cannot decrypt the file and
retrieve the data. Therefore it provides complete
access control on user data. The self-interest of
CSP on data comes under the control policy
which is the most significant issue in cloud
environment. Here the only task of CSP is to
allocate storage space for data and it never
involves in data partitioning and encryption.
Thus this self-interest cannot affect the cloud
data. From this we can summarize that the
proposed DESD crypto technique is much
secure and provide better privacy to cloud users.
6. Result and Discussion
The experiment is conducted using Intel(R)
Core(TM)2 Duo CPU processor with 4 GB
RAM and on Windows 7 platform. The
experiment was implemented using Java
programming. In order to prove the efficiency of
the proposed crypto technique it is compared
with some other existing cryptographic
techniques. The proposed DESD technique is
compared with AES and Triple DES techniques.
In our implementation we employed same size
of input files and examined the performance of
all three techniques. Here the encryption time
and decryption time is compared against file
size.
Figure 5: File size (MB) vs. Encryption Time (sec)
In Figure 5, the encryption time of each file size
is plotted for AES, Triple DES and proposed
DESD technique. Generally the complex
operations required more time to process the
data. But the operations of both encryption
techniques in our proposed crypto technique are
simple and easy to process the data. So the time
to encrypt different file size is reduced when
compared to other techniques. From the graph it
is clearly shows that the proposed DESD
technique possesses less encryption time than
AES and Triple DES.
0
10
20
30
40
50
60
70
2 5 8 10 12 20
EncryptionTime(sec)
File Size (MB)
AES
Triple DES
Proposed DESD
Technique
ISSN 1947-5500

Figure 6: File size (MB) vs. Decryption Time (sec)
Figure 6 demonstrates the comparison plot of file size
(MB) and decryption time (sec) for proposed and
existing techniques. This uses the same file size that
of encryption. The time required to decrypt the
encrypted data is known as decryption time. As we
mentioned above the proposed technique is simple
i.e. it required simple mathematical operations to
encrypt data files. From that we can know that the
decryption is also a simple process. Moreover a
single decryption is enough to decrypt the encrypted
data which is encrypted for a couple of time. Thus the
decryption requires very less time. From figure 6, it
can be observed that the proposed decryption requires
very less time compared to AES and Triple DES
techniques.
From the above two comparisons it is proved that our
proposed DESD technique is efficient and faster by
its simple operation and it is much secure because it
never enclose the decryption key with the encrypted
data. Also the data user has to possess knowledge on
inverse INF and he/she must communicate to the data
owner to get the decryption key. Hence the data is
protected against intruders, unauthorized users and
self-interest of CSP.
7. Conclusion
Data privacy and security are considered as the most
important issues in cloud data storage. Though cloud
can provide easy and flexible data storage, but there
are possibilities for intruders and malicious activities.
In cloud, the stored data may be confidential which
requires more security concerns. In this paper, we
proposed a novel Double Encryption with Single
Decryption (DESD) crypto technique for secure data
storage in cloud. Data partitioning is done to make
the storage easy and effective which also provides
flexible data access with less storage cost. Then
double encryption is performed on each partitioned
data which includes two encryptions namely
encryption with prime numbers, as well as its
complements and then with an INF encryption. Using
the proposed decryption algorithm the obtained data
can be decrypted by the user. The major benefit of
this proposed technique is, the encryption is done by
the data owner and the encrypted data is only stored
at the cloud storage with the help of CSP. The
authorized users have knowledge on inverse INF
which is another important factor for decryption.
Thus the intruders and third parties aren’t able to
retrieve and misuse the cloud data without knowledge
on inverse INF and decryption key. In experimental
section the proposed technique is compared with
AES and Triple DES techniques. The performance
analysis is done using some parameters such
encryption time and decryption time against file size.
From the Figure 5 & 6, it is clearly observed that our
proposed crypto technique is efficient and faster in
terms of reduced encryption and decryption time
compared to other techniques. In future the proposed
DESD crypto technique will be used to encrypt video
files.
References
[1] Dai Yuefa, Wu Bo, et al. "Data security model for cloud
computing."Proceedings of the 2009 International Workshop on
Information Security and Application (IWISA 2009) Qingdao,
China. 2009., pp 141-144.
[2] Mohit Marwahe, Rajeev Bedi, “Applying Encryption
Algorithm for Data Security and Privacy in Cloud Computing”,
International Journal of Computer Science Issues. Vol 10, Issue 1,
January 2013, pp. 367-370
[3] Eman M.Mohamed, Hatem S.Abdelkar and Sherif El-Etriby,
“Data Security Model for Cloud Computing”, the twelfth
International Conference on Networks, 2013, pp. 66-74
[4] L. Arockiam, S. Monikandan “Data Security and Privacy in
Cloud Storage using Hybrid Symmetirc Encryption Algorithm”,
International Journal of Advanced Research in Computer and
Communication Engineering, Vol. 2, Issue 8, August 2013, pp
3064-3070.
[5] http://www.nku.edu (Fall 2006 Chris Christensen)
0
10
20
30
40
50
60
70
2 5 8 10 12 20
DecryptionTime(sec)
File Size (MB)
AES
Triple
Propo
Techn
ISSN 1947-5500

[6] Sinkov A., “Elementary Cryptanalysis – A Mathematical
Approach”, Mathematical Association of America, 1996.
[7] V. Masthanamma, G. Lakshmi Preya,” An Efficient Data
Security in Cloud Computing Using the RSA Encryption Process
Algorithm”, International Journal of Innovative Research in
Science, Engineering and Technology,Vol.4,pp.1441- 1445,2015.
[8] Hsiao-Ying Lin, Member, IEEE, and Wen-Guey Tzeng,
Member, IEEE"A Secure Erasure Code Based Cloud Storage
System With Secure Data Forwarding” IEEE Transactions On
Parallel And Distributed Systems, Vol. 23, No. 6, June 2012.
[9] Pancholi, Vishal R., and Bhadresh P. Patel. "Enhancement of
Cloud Computing Security with Secure Data Storage using AES."
International Journal for Innovative Research in Science and
Technology 2.9 (2016):18-21.
[10] Nasrin Khanezaei, Zurina Mohd Hanapi “A Framework Based
on RSA and AES Encryption Algorithms for Cloud Computing
Services” IEEE Conference on Systems, Process and Control
(ICSPC 2014), 12 - 14 December 2014, Kuala Lumpur, Malaysia.
[11] Bokefode Jayant D, Ubale Swapnaja A, Pingale Subhash V,
Karande Kailash J., Apate Sulabha S., “Developing Secure Cloud
Storage System by Applying AES and RSA Cryptography
Algorithms with Role based Access Control Model” International
Journal of Computer Applications (0975 – 8887) Volume 118–
No.12, May 2015.

ISSN 1947-5500

Data Partitioning In Cloud Storage Using DESD Crypto Technique

Recommended

Recommended

More Related Content

What's hot

What's hot (18)

Similar to Data Partitioning In Cloud Storage Using DESD Crypto Technique

Similar to Data Partitioning In Cloud Storage Using DESD Crypto Technique (20)

Recently uploaded

Recently uploaded (20)

Data Partitioning In Cloud Storage Using DESD Crypto Technique