This is the paper basically on the security of data in the cloud. Who to use various access policies and apply encryption and decryption on data stored in a cloud.
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Enhanced Hybrid Blowfish and ECC Encryption to Secure cloud Data Access and Storage Policies
1. Enhanced Hybrid Blowfish and ECC Encryption to
Secure Cloud Data Access and Storage Policies
Jobandeep Kaur1,Dr Vishal Bharti2 , Mr. Shamandeep Singh3
M. Tech (Scholar),Head of Department, Assistant Professor
Department of Computer Science and Engineering , Chandigarh, Gharuan
Punjab (INDIA)
Jobandeeprandhawa4@gmail.com1, hod.ibmcse@cumail.in2, shamandeep.cse@cumail.in3
Abstract – Encryption is the most important concept to
enhance the security in cloud access policies. Encryption
data in the cloud is the procedure of transforming or
encrypted data or information before it’s moved to
cloud storage. Normally, in cloud service sources give
encrypted services ranging from an encoding
connection to limited encode sensitive information and
provide encode key to decode the data as
required.Several security problems and some of their
solution are examined and are concentrating primarily
in public security problems and their solutions. In this
paper, we’ve implemented a hybrid approach, where
access policies won’t leak any privacy data and to
enhance the security and performance parameters like
decryption time, encryption time and accuracy and
compared with existing performance
parameters.Security is the main limitation while storing
data over cloud server. The introduced approach is
implemented appropriately even if the tenant could
access the information all that would appear is gabble.,
Hijacking of sessions while accessing data, insider
threats, outsider malicious attacks, data loss, loss of
control, and service disruption. Therefore enhancing
the security for multimedia data storage in a cloud
centeris of paramount importance.
Keywords – Role based access control, Encryption,
Decryption, ECC, and Blowfish.
I. INTRODUCTION
Role based access control (RBAC) is a technique for
controlling access to PC or system assets in view of
the parts of individual clients inside a venture. In this
unique circumstance, get to is the capacity of an
individual client to play out a particular assignment,
for example, see, make, or adjust a document. The
idea of RBAC started with multi-client and multi-
application on-line frameworks spearheaded in the
1970s. Clients can be effectively reassigned from one
part to another. Parts can be allowed for new
authorizations as new applications and frameworks
are joined, and authorizations can be disavowed from
parts as required [1]. Three basic principles of RBAC
are:
An individual must be allotted a specific part with
a specific end goal to lead a specific activity, called
an exchange.
A client needs a part approval to be permitted to
hold that part.
Exchange approval enables the client to play out
specific exchanges. The exchange must be
permitted to happen through the part enrolment.
Attribute based access control (ABAC) is model
which develops from RBAC to think about extra
ascribes notwithstanding parts and gatherings [2].
Managing and examining system get to is basic to
data security. Access can and ought to be allowed on
a need-to-know premise. With hundreds or thousands
of workers, security is all the more effectively kept
up by restricting pointless access to touchy data in
view of every client's built up part inside the
association [3]. Several benefits of RBAC are:
Reducing administrative work and IT support:
With RBAC, we can lessen the requirement for
printed material and secret word changes when a
representative is enlisted or changes their part.
RBAC additionally serves to all the more
effortlessly incorporate outsider clients into your
systemby giving them pre-characterized parts.
Maximizing operational efficiency: RBAC offers a
streamlined approach that is coherent in definition.
Every part can be lined up with the hierarchical
structure of the business and clients can carry out
their employments all the more effectively and
self-governing.
Improving Compliance: All associations are liable
to government, state and neighbourhood directions.
This is critical for human services and money
related foundations, which oversee bunches of
touchy information, for example, PHI and PCI
information.
Cloud encryption is an administration offered by
distributed storage suppliers whereby information, or
content,is changed utilizing encryption calculations
and is then put on a capacity cloud. Cloud encryption
2. is the change of a cloud benefit client's information
into figure content.
The cloud encryption capacities of the specialist
organization need to coordinate the level of
affectability of the information being facilitated
[4].Cloud computing depends on five traits:
Multi-tenancy (shared assets): Cloud processing
depends on a plan of action in which assets are
shared (i.e., various clients utilize a similar asset) at
the systemlevel, have level, and application level.
Massive scalability: Cloud processing gives the
capacity to scale to countless frameworks, and the
capacity to hugely scale data transfer capacity and
capacity space.
Elasticity: Users can quickly increment and
abatement their processing assets as required.
Pay as you utilized: Users pay for just the assets
they really utilize and for just the time they require
them.
Self-provisioning of resources: Users self-
arrangement assets, for example, extra frameworks
(handling capacity, programming, stockpiling) and
systemassets.
Figure 1 Cloud Strategy [4]
Encryption techniques can be applied to data on the
drive or array, at the host or in the fabric.The
fundamental segments of a cryptographic stockpiling
administration which can be actualized by utilizing
alternate systems, out of which, some were planned
particularly for distributed storage. In the start of the
Cloud Computing, normal encryption Technique like
Public Key Encryption was connected. The
progressed cryptographic strategies incorporates the
underneath encryption techniques.
ECC is an open source encryption strategy in light of
elliptic bend hypothesis that can be utilized to make
speedier, littler, and more productive cryptographic
keys. ECC creates keys through the properties of the
elliptic bend condition rather than the conventional
strategy for age as the result of vast prime numbers.
The innovation can be utilized as a part of
conjunction with most open key encryption
strategies, for example, RSA, and Diffie-Hellman.
ECC was created by Certicom, a versatile e-business
security supplier, and was as of late authorized by
Hifn, a maker of incorporated hardware (IC) and
system security items. Later several manufacturers
have included help from ECC in their items [5].
Blowfish Algorithm is a symmetric square figure,
laid out by Bruce Schneier in 1993, that can be
reasonably used for encryption and safeguarding of
data. Blowfish scrambles 64 bit obstructs with a
variable length key of 128-448 bits. As per Schneier,
Blowfish was outlined because of the followings
goals: [6]
Fast-Blowfish encryption rate on 32-bit microchips
is 26 clock cycles for each byte.
Compact-Blowfish can execute in under 5 kb
memory.
Simple-Blowfish utilizes just crude activity - s, for
example, expansion, XOR and table look into,
making its plan and execution basic.
Secure-Blowfish has a variable key length up to
most extreme of 448-piece long, making it both
secure and adaptable.
In this paper, we’ve implemented a hybrid approach,
to calculate data access policies and to enhance the
performance of framework and calculate performance
parameters like: encryption, decryption and accuracy.
In this section we’ve discussed the encryption
techniques. We also reviewed the techniques used in
our frame work to enhance the performance. In
section II, we reviewed and analyzed the existing
work done in this get better idea of field and present
and future trends in cryptographic strategies. In
section III, we have compared the feature of
encryption techniques as well as the encryption
algorithms. In Section IV, design and implementation
of proposed methodology of framework is explained.
Lastly, in section V, all results are explained.
II. RELATED WORK
Kan Yang, et al., (2017) [7]proposed a proficient
and fine-grained huge data get to control access with
protection safeguarding strategy.Step by step an
instruction to control the entrance of the tremendous
measure of huge information turns into an extremely
difficult issue, particularly when enormous
information are put away in the cloud. CP-ABE
(Cipher text-Policy Attribute based Encryption)is
promising encryption procedure that empowers end-
clients to scramble their information under the
entrance strategies characterized over a few traits of
information shoppers and just permits information
customers whose qualities fulfil the entrance
3. approaches to unscramble the information. In CP-
ABE, the entrance approach is appended to the cipher
text in plaintext shape, which may likewise release
some private data about end-clients. Existing
strategies just mostly shroud the property estimat ions
in the entrance approaches, while the characteristic
names are as yet unprotected.Particularly, they
shroud the entire trait (as opposed to just its esteems)
in the entrance arrangements. To help information
unscrambling, we likewise outline a novel Attribute
Bloom Filter to assess whether a trait is in the
entrance approach and find the correct position in the
entrance arrangement on the off chance that it is in
the entrance strategy. Security examination and
performance assessment explains that the strategy
can preserve the protection from any LSSS get to
arrangement without utilizing much overhead.
Qi Yuan, et al., (2015) [8]reviewed an issue of fine-
grained information access control in distributed
computing and proposed access control strategy to
accomplish fine grainedness and execute the task of
client denial effectively.The application
programming in Cloud Computing and databases are
moved to expansive incorporated server farms, where
the administration of the information and
administrations may not be completely reliable. This
special worldview brings numerous new security
challenges, which have not been all around fathomed.
Information get to control is a compelling method to
guarantee the huge information security in the
cloud.The investigation comes about demonstrate
that our plan guarantees the information security in
distributed computing and decreases the cost of the
information proprietor fundamentally.
Varsha S. Bandagar, et al., (2015) [9]outlined a
cipher text-policy approach based encryption (ABE)
plot to address an issue of absence of mechanisms to
get control. In addition they proposed a safe,
productive and fine grained information access
control instrument for P2P cloud namely ACPC.In
cloud computing, P2P storage by integrating method
storage cloud is shaped to offer exceptionally
accessible capacity administrations, bringing down
the financial cost by abusing the storage room of
partaking clients. Be that as it may, since cloud
separates and clients are normally outside the put
stock in space of information proprietors, distributed
capacity cloud delivers new difficulties for
information security and access control when
information proprietors store touchy information for
partaking in the put stock in area.Characteristic based
encryption plot with effective client denial the
execution assessment processing overhead
diminishing when the look at the before client
renouncement information proprietor and server.
Mohamed Nabeel, et al., (2012) [10]discussed the
disadvantages of various methodologies on the basis
of known cryptographic systems in tending issues
and existing 2 methodologies that address those
disadvantages with various trade-offs. With
numerous practical advantages of distributed
computing, numerous associations have been
thinking about moving their data frameworks to the
cloud. In any case, a critical issue openly mists is the
means by which to specifically share information in
view of fine-grained quality based access control
approaches while in the meantime guaranteeing
secrecy of the information and protecting the security
of clients from the cloud.
Bilel Zaghdoudi, et al., (2016) [11] proposed an
approach in view of DHT toward get to control for
specially appointed MCC and Fog registering. They
depend on Chord DHTs to make a versatile,
nonexclusive and powerful access control
arrangement. They utilize reproductions to assess the
exhibitions of the proposition. They centredon an
arrangement of measurements to gauge the overhead
of the framework.They considered a variable system
estimate, a variable dependable hubs rate and
distinctive hash work as recreation parameter. They
got comes about show satisfactory overhead for
generally normal systems sizes. Re-enactments
demonstrate that every one of the measurements
increment with the hubs number and the quantity of
dependable hubs.
Ying-QianZhang, et al., (2015) [12]proposed fresh
image encryptioncalculation which depends on the
spatiotemporal non-contiguous coupled guide cross
sections. The arrangement of non-neighbouring
coupled guide cross sections has more exceptional
cryptography includes in elements than the strategic
guide or coupled guide grids does. In the proposed
picture encryption, they utilize somewhat level pixel
stage methodology which empowers bit planes of
pixels permute commonly with no additional storage
room. Recreations have been done and the outcomes
exhibit the unrivalled security and high effectiveness
of the proposed calculation.
III. OVERVIEW OF ENCRYPTION
TECHNIQUES
Encryption techniques can be applied to data on the
drive or array, at the host or in the fabric. The
fundamental segments of a cryptographic stockpiling
administration which can be actualized by utilizing
alternate systems, out of which, some were planned
particularly for distributed storage. Several
progressed encryption techniques are:
4. Table 1 Feature Comparison of Encryption Techniques [13]
Technique
Fine Grained
access control
Computation
Overhead
User
revocation
efficiency
Scalability/
efficiency
Collision
resistance
Attributes
Association
Access
Policy
Association
IDE Low Avg Avg Avg Low With Cipher With Key
ABE Low Avg Avg Avg Low With Cipher With Key
KP-ABE Avg
Mostly
Overhead
Low Avg
Above
Average
With Cipher With Key
CP-ABE Avg Avg Low Avg Good With Key With Cipher
HIBE
Comparative
Low
Mostly
Overhead
- Better Good - -
HABE High Overhead Avg Above Avg Good With Key With Cipher
MA-ABE Better Avg High High Good With Cipher With Cipher
Table 2 Comparison of various algorithms based on different parameters [14]
PARAMETERS DES 3DES AES RSA BLOWFISH
Development
In early 1970 by
IBM and published
in 1977
IBM in 1978
Vincent Rijmen,
Joan Daeman in
2001
Ron Rivest Shamir
& Leonard
Adleman in 1978
Bruce Schneier in
1993
Key length
(Bits)
64 (56 usable) 168112 128, 192, 256
Key length depends
on no. of bits in
module
Variable key
length i.e. 32 - 448
Rounds 16 48 10, 12, 14 1 16
Block Size (Bits) 64 64 18 Variable block size 64
Attacks Found
Exclusive Key
Search, Linear
cryptanalysis,
Differential analysis
Related Key
attack
Key recovery
attack, Side
channel attack
Brute force attack,
timing attack
No attack found to
be successful
against blowfish
Level of
Security
Adequate Security
Adequate
Security
Excellent
Security
Good Security Highly Secure
Encryption
Speed
Very Slow Very Slow Faster Average Very Fast
Table 3 Comparison of various algorithms based on different parameters.
PARAMETERS TWOFISH THREEFISH RC5 ECC IDEA
Development
Bruce Schneier in
1998
Bruce Schneier,
Niels Ferguson,
Stefan Lucks in
2008
Ron Rivest in
1994
Victor Miller from
IBM and Neil
Koblitz in 1985
Xuejia Lai and
James in 1991
Key length (Bits) 128, 192, 256 256, 512, 1024
0 – 2040 bits
(128 suggested)
Smaller but
effective key
128
Rounds 16
For 256 & 512
keys = 72 and for
1024 keys = 80
1 – 255
(64 suggested)
1 8
Block Size (Bits) 128 256, 512, 1024
36, 64, 128
(64 suggested)
Stream size in
Variable
64
Attacks Found Co-relation attack Doubling attack Linear attack
Level of Security Secure Secure Secure Highly Secure Secure
IV. PROPOSED WORK
5. Security is the main limitation while storing data over
cloud server. Various security threats in cloud
computing are Data loss, Leakage of data, User‘s
authentication, Malicious users handling, Wrong
usage of Cloud computing and its services, Hijacking
of sessions while accessing data, insider threats,
outsider malicious attacks, data loss, loss of control,
and service disruption. Therefore enhancing the
security for multimedia data storage in a cloud centre
is of paramount importance. Developing such an
architecture which ensures the user that its data is
secure is the main objective. Currently used
approaches need some optimizations to increase the
security and accuracy factor for storing and accessing
the data among various users.Time consumption for
decryption is also high.Management of various roles
in the access policies is very time consuming to load
and difficult to manage while working with large
systems.
Figure 2 Proposed Flowchart
Security in access control mechanism is a challenging
task. The overall process divided into various sub
modules to find and optimize the working of storage
and access policies. In this scenario the system get
the file from use end and store in cloud repositories.
The storage of data at on this platform is followed by
encryption policies. The proposed architecture is used
to optimize the encryption scheme to eliminate the
un-authorised access of user storage. The proposed
architecture is a hybrid of two different algorithms
asymmetric and symmetric. These two algorithms
make the encryption scheme more secure and
decrease the decryption probability. In this flow the
user upload their files to store in cloud repositories
and system extract all bytes from the uploaded data.
Extracted bytes passed to the first step where the
system generates keys for user authentications. After
this process the keys passed to the encryption
algorithm. In encryption module use the already
generated keys to encrypt and make the process of
data storage more secure. Various parameters are
used to check the efficiency of the system and
accuracy of the output files as compare to the original
data.
Step1- Select master record from install message
catch.
Step2- Select any photo from the nearby drive.
Step3- After choosing expert document select
yield record to insert message.
Step4 - If the document ought to be packed at that
point tap on check box pack.
Step5- If message ought to be scrambled at that
point Click on checkbox encode message.
Step6- If the message ought to be concealed at that
point compose message in message boxand tap on
go catch, at that point discourse will be show up
with task is effective or not.
Step7- Close inserting message window by tapping
on close catch.
Step8- To recovering scrambled, covered up,
compacted message tap on recover message catch
and select the yield document.
Step9- Tap on go catch and enter the scrambled
secret word for recovering message.
V. RESULTS AND DISCUSSIONS
In this section, explained the encryption based results
and comparison show in bar graph format. In
proposed work, has implemented a hybrid approach
to enhance the security.
YES N
O
Upload File
Start
Check authorization policies
Generate key
Encrypt File n share keys
Enter shared key
Attribut
es
Decrypt
File
Un-
authorize
6. Figure 3 Encryption Time
Encryption time is used to estimate the speed of
proposed system while working with the cloud users.
The less time shows high speed communication
between the user and cloud server. Here the system
performs encryption time estimation of various
existing approaches and proposed hybrid algorithm.
The proposed architecture performs better in terms of
encryption time as compared in the above figure.
Figure 4 Decryption time
The next parameter is decryption also used to find the
speed of the system. While user want to download or
update the file, System find the file from repository
and use access keys to decrypt and generate original
format. The speed of decryption is also matter while
user requests the files. The proposed hybrid
algorithm performs better in terms of decryption time
in above figure and compared with othertechniques.
Figure 5 Encryption Time
Performance measurement is totally depends upon
the test cases. The proposed architecture and various
other algorithms performed on different file sizes for
the encryption time measurement. In all cases
proposed architecture perform better than all other
existing approaches. With stable encryption time the
systemperformance showed better in above figure.
Figure 6 Decryption Time
Again Performance measurement in terms of
decryption time is also depends upon the test cases.
The proposed architecture and various other
algorithms performed on different file sizes for the
decryption time measurement. Here in all the cases
proposed architecture perform better than all other
existing approaches. With the stable decryption time
the system performance showed better in above
figure.
0
0.1
0.2
0.3
0.4
0.5
Ms Encryption Time
encryption
time
0
0.01
0.02
0.03
0.04
0.05
ms
Decryption Time
decryption
time
0
0.2
0.4
0.6
2kb
10kb
100kb
1000kb
2000kb
ms
File Size
Encryption Time
ECC
Blowfish
0
0.02
0.04
0.06
2kb
10kb
100kb
1000kb
2000kb
ms
file size
Decryption Time
ECC
Blowfish
7. Figure 7Accuracy
The accuracy factor is used to check the originality
ofdecrypted content. While decrypting the encrypted
file into original content, the error probability will be
high if the algorithm is not efficient. Here in this
system as compared with the existing system is
performing well in all the cases.
VI. CONCLUSION AND FUTURE SCOPE
In this research work, conclusions have proposed an
effective and efficient data access policies method for
big data. Where the access the policies would not
leak any privacy information. The access control
choices are very significant for any shared network or
system. However for a huge division system likes as
a cloud network, access decision requires being more
flexible and scalable. Wehave also implemented a
hybrid approach (Blowfish and ECC encryption)
method to calculate whether the data access policies.
In order to enhance the efficiency, a new methods
(Hybrid approach i.e, ECC and Blowfish) method has
been implemented to discover the accurate the
number of attributes in the matrix access.In this
proposed work implemented new approach to show
that scheme could preserve the privacy from any
cloud access policies or services without employing
high overhead.In future scope, it will focus on how to
deal with the offline attributes /variables guessing
intruders that identify the guessing string attributes
by continually querying the ABF. It will implement a
novel approach, to reduce the decryption time and
probability factors to provide an improve and highly
security in cloud storage.
REFERENCES
1. Sandhu, R. S., Coyne, E. J., Feinstein, H. L.,
&Youman, C. E. (1996). Role-based access
control models. Computer, 29(2), 38-47.
2. Kuhn, D. R., Coyne, E. J., & Weil, T. R. (2010).
Adding attributes to role-based access
control. Computer, 43(6), 79-81.
3. Müller, H., Michoux, N., Bandon, D.,
&Geissbuhler, A. (2004). A review of content-
based image retrieval systems in medical
applications—clinical benefits and future
directions. International journal of medical
informatics, 73(1), 1-23.
4. El-etriby, S., Mohamed, E. M., & Abdul-kader,
H. S. (2012). Modern encryption techniques for
cloud computing. In ICCIT(pp. 800-805).
5. Kumar, R., & Anil, A. (2011). Implementation
of elliptical curve cryptography. IJCSI
International Journal of Computer Science
Issues, 8(4).
6. Arora, R., Parashar, A., & Transforming, C. C. I.
(2013). Secure user data in cloud computing
using encryption algorithms. International
journal of engineering research and
applications,3(4), 1922-1926.
7. Yang, K., Han, Q., Li, H., Zheng, K., Su, Z.,
&Shen, X. (2017). An efficient and fine-grained
big data access control scheme with privacy-
preserving policy. IEEE Internet of Things
Journal,4(2), 563-571.
8. Yuan, Q., Ma, C., & Lin, J. (2015, January).
Fine-grained access control for big data based on
CP-ABE in cloud computing. In International
Conference of Young Computer Scientists,
Engineers and Educators (pp. 344-352).
Springer, Berlin, Heidelberg.
9. Bandagar, V. S., &Kumbhar, H. V. (2015,
December). Review Paper on Secure efficient
data access control mechanism P2P storage
cloud.
10. Nabeel, M., &Bertino, E. (2012). Privacy-
Preserving Fine-Grained Access Control in
Public Clouds. IEEE Data Eng. Bull., 35(4), 21-
30.
11. Zaghdoudi, B., Ayed, H. K. B., &Harizi, W.
(2016, November). Generic Access Control
System for Ad Hoc MCC and Fog Computing.
In International Conference on Cryptology and
Network Security (pp. 400-415). Springer, Cham.
12. Zhang, Y. Q., & Wang, X. Y. (2015). A new
image encryption algorithm based on non-
adjacent coupled map lattices. Applied Soft
Computing,26, 10-20.
13. Shabir, Muhammad Yasir, AsifIqbal,
ZahidMahmood, and AtaUllahGhafoor.
"Analysis of classical encryption techniques in
cloud computing." Tsinghua Science and
Technology 21, no. 1 (2016): 102-113. (15)
14. Bhanot, R., & Hans, R. (2015). A review and
comparative analysis of various encryption
algorithms. International Journal of Security and
Its Applications, 9(4), 289-306
70
80
90
100
2kb
10kb
100kb
1000kb
2000kb
%
File size
Accuracy
BASE(ABE)
Hybrid
ECC-
Blowfish