Outsourcing of data storage and data processing to cloud-based service providers promises several advantages such as reduced maintenance overhead, elastic performance, high availability, and security. Cloud services offer a variety of functionalities for performing different operations on the data. However, during the processing of data in cloud, security and privacy may be compromised because of inadequate cryptographic implementation. Conventional encryption methods guarantee security during transport (data-in-transit) and storage (data-at-rest), but cannot prevent data leak during an operation on the data (data-in-use). Modern homomorphic encryption methods promise to solve this problem by applying different operations on encrypted data without knowing or deciphering the data. Cloud-based implementation of homomorphic cryptography has
seen significant development in the recent past. However, data security, even with implemented homomorphic cryptography, is still dependant on the users and the application owners. This exposes the risk of introducing new attack surfaces. In this paper, we introduce a novel and one of the early attempts to model such new attack surfaces on the implementation of homomorphic encryption and map them to STRIDE threat model [1] which is proliferously used in the industry.
ARTIFICIAL NEURAL CRYPTOGRAPHY DATAGRAM HIDING TECHNIQUES FOR COMPUTER SECURI...IAEME Publication
Cryptography is the scientific study of mathematical and algorithmic techniques relating to information security. Cryptographic techniques will help to protect information in cases where an attacker can have physical access to the bits representing the information, ex. When the information has to be sent over a communication channel that can be eaves dropped on by an attacker. Cryptographic primitives are the basic building blocks for constructing cryptographic solutions to information protection problems. A cryptographic primitive consists of one or more algorithms that achieve a number of protection goals. There is no well-agreed upon complete list of cryptographic primitives, nor are all cryptographic primitives independent, it is often possible to realize one primitive using a combination of other primitives.
ENHANCED INTEGRITY AUDITING FOR DYNAMIC AND SECURE GROUP SHARING IN PUBLIC CLOUDIAEME Publication
The challenge faced in public cloud computing is to provide privacy and security to the data shared among the group members. In this paper, an enhanced secure group sharing framework has been proposed. As the cloud has a semi-trust relationship it is in need of a security model so that no classified information is being presented to cloud suppliers and aggressors. Another critical variable in giving protection and security is a periodical evacuation of undesirable records which if not done consistently then, might turn into a piece of enthusiasm for assailants and can be abused. By applying the proxy signature procedure, the grouping pioneer can adequately concede the benefit of grouping administration to one or more grouped individuals.
Homomorphic encryption algorithms and schemes for secure computations in the ...MajedahAlkharji
This article provides:
1. A detailed survey of homomorphic encryption (HE) using public key algorithms such as RSA, El-Gamal, and Paillier algorithms.
2. Fully homomorphic encryption (FHE) schemes.
This work can be helpful as a guide to principles, properties of FHE as researchers believe in the possibility of advancement in the FHE area.
An extensive research survey on data integrity and deduplication towards priv...IJECEIAES
Owing to the highly distributed nature of the cloud storage system, it is one of the challenging tasks to incorporate a higher degree of security towards the vulnerable data. Apart from various security concerns, data privacy is still one of the unsolved problems in this regards. The prime reason is that existing approaches of data privacy doesn't offer data integrity and secure data deduplication process at the same time, which is highly essential to ensure a higher degree of resistance against all form of dynamic threats over cloud and internet systems. Therefore, data integrity, as well as data deduplication is such associated phenomena which influence data privacy. Therefore, this manuscript discusses the explicit research contribution toward data integrity, data privacy, and data deduplication. The manuscript also contributes towards highlighting the potential open research issues followed by a discussion of the possible future direction of work towards addressing the existing problems.
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONIJNSA Journal
In this paper, we take a distributed architecture called Semantic Room (SR) which is capable of correlating events coming from several organizations participating in the SR, developed in the context of the EU Project COMIFIN, and we add privacy capability to the SR.. The SR architecture consists of Edge Gateways deployed at each financial institution and a set of private clouds that form the SR collaborative processing system (CSP). Edge Gateways perform data pre-processing and anonymize data items, as prescribed by the SR contract, using Shamir secret sharing scheme. Anonymous data are sent to the CPS that aggregates information through MapReduce-based computations. The anonymous data resulting from the collaborative computation are revealed to the financial institutions only if suspicious cyber threat activities are detected. In this paper we show how this SR can be leveraged for detecting Man-In-TheBrowser attacks.
ARTIFICIAL NEURAL CRYPTOGRAPHY DATAGRAM HIDING TECHNIQUES FOR COMPUTER SECURI...IAEME Publication
Cryptography is the scientific study of mathematical and algorithmic techniques relating to information security. Cryptographic techniques will help to protect information in cases where an attacker can have physical access to the bits representing the information, ex. When the information has to be sent over a communication channel that can be eaves dropped on by an attacker. Cryptographic primitives are the basic building blocks for constructing cryptographic solutions to information protection problems. A cryptographic primitive consists of one or more algorithms that achieve a number of protection goals. There is no well-agreed upon complete list of cryptographic primitives, nor are all cryptographic primitives independent, it is often possible to realize one primitive using a combination of other primitives.
ENHANCED INTEGRITY AUDITING FOR DYNAMIC AND SECURE GROUP SHARING IN PUBLIC CLOUDIAEME Publication
The challenge faced in public cloud computing is to provide privacy and security to the data shared among the group members. In this paper, an enhanced secure group sharing framework has been proposed. As the cloud has a semi-trust relationship it is in need of a security model so that no classified information is being presented to cloud suppliers and aggressors. Another critical variable in giving protection and security is a periodical evacuation of undesirable records which if not done consistently then, might turn into a piece of enthusiasm for assailants and can be abused. By applying the proxy signature procedure, the grouping pioneer can adequately concede the benefit of grouping administration to one or more grouped individuals.
Homomorphic encryption algorithms and schemes for secure computations in the ...MajedahAlkharji
This article provides:
1. A detailed survey of homomorphic encryption (HE) using public key algorithms such as RSA, El-Gamal, and Paillier algorithms.
2. Fully homomorphic encryption (FHE) schemes.
This work can be helpful as a guide to principles, properties of FHE as researchers believe in the possibility of advancement in the FHE area.
An extensive research survey on data integrity and deduplication towards priv...IJECEIAES
Owing to the highly distributed nature of the cloud storage system, it is one of the challenging tasks to incorporate a higher degree of security towards the vulnerable data. Apart from various security concerns, data privacy is still one of the unsolved problems in this regards. The prime reason is that existing approaches of data privacy doesn't offer data integrity and secure data deduplication process at the same time, which is highly essential to ensure a higher degree of resistance against all form of dynamic threats over cloud and internet systems. Therefore, data integrity, as well as data deduplication is such associated phenomena which influence data privacy. Therefore, this manuscript discusses the explicit research contribution toward data integrity, data privacy, and data deduplication. The manuscript also contributes towards highlighting the potential open research issues followed by a discussion of the possible future direction of work towards addressing the existing problems.
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONIJNSA Journal
In this paper, we take a distributed architecture called Semantic Room (SR) which is capable of correlating events coming from several organizations participating in the SR, developed in the context of the EU Project COMIFIN, and we add privacy capability to the SR.. The SR architecture consists of Edge Gateways deployed at each financial institution and a set of private clouds that form the SR collaborative processing system (CSP). Edge Gateways perform data pre-processing and anonymize data items, as prescribed by the SR contract, using Shamir secret sharing scheme. Anonymous data are sent to the CPS that aggregates information through MapReduce-based computations. The anonymous data resulting from the collaborative computation are revealed to the financial institutions only if suspicious cyber threat activities are detected. In this paper we show how this SR can be leveraged for detecting Man-In-TheBrowser attacks.
Modified RSA-based algorithm: a double secure approachTELKOMNIKA JOURNAL
Security algorithms like RSA are becoming increasingly important for communications to provide companies, organizations, and users around the world, secure applications who rely heavily on them in their daily work. Security algorithms use different acquaintances among companies which might belong to various countries or even cities. Such data should essentially be encrypted to make sure that there is security in transportation. Thus, the current research paper leads to the novel system of security for the safe transfer of data. This paper examines the general principles of encryption and focuses on the development of RSA and the complexity of the encryption key so that it becomes more secure in the applications used. In this project, we will work on the RSA algorithm by adding some complexity to the 3keys (3k). This addition will increase the security and complexity of the algorithm's speed while maintaining encryption and decryption time. The paper also presents an approach by means of public key encryption to enhance cryptographic security. Moreover, double security is provided by the algorithm of RSA. This novel RSA algorithm was investigated in MATLAB. Numerical results for the various parameters such as Mean Square Error (MSE), correlation and Bit Error Ratio (BER) were implemented for the encryption of the message. The experimental results demonstrated that the proposed algorithm for 3 keys has small error rate in the retrieval of the encoded text
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONIJNSA Journal
In this paper, we present the design of a specific distributed architecture called Semantic Room (SR) which
is capable of correlating events coming from several organizations participating in the SR while preserving
the privacy of sensitive data items. The SR architecture consists of Edge Gateways deployed at each
financial institution and a set of private clouds that form the SR collaborative processing system (CSP).
Edge Gateways perform data pre-processing and anonymize data items, as prescribed by the SR contract,
using Shamir secret sharing scheme. Anonymous data are sent to the CPS that aggregates information
through MapReduce-based computations. The anonymous data resulting from the collaborative
computation are revealed to the financial institutions only if suspicious cyber threat activities are detected.
In this paper we show how this SR can be leveraged for detecting Man-In-The-Browser attacks.
A comprehensive study of fhe schemes ijact journalMajedahAlkharji
This article provides a comprehensive survey of:
1. Homomorphic encryption schemes using public key algorithms.
2. Fully homomorphic encryption (FHE) schemes.
This work can be helpful as a guide to principles, properties of FHE
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTIONacijjournal
ith the rapid development of cloud computing, the privacy security incidents occur frequently, especially
data security issues. Cloud users would like to upload their sensitive information to cloud service providers
in encrypted form rather than the raw data, and to prevent the misuse of data. The main challenge is to
securely process or analyze these encrypted data without disclosing any useful information, and to achieve
the rights management efficiently. In this paper, we propose the encrypted data processing protocols for
cloud computing by utilizing additively homomorphic encryption and proxy cryptography. For the traditional
homomorphic encryption schemes with many limitations, which are not suitable for cloud computing
applications. We simulate a cloud computing scenario with flexible access control and extend the original
homomorphic cryptosystem to suit our scenario by supporting various arithmetical calculations. We also
prove the correctness and security of our protocols, and analyze the advantages and performance by comparing
with some latest works.
International Journal of Computational Engineering Research(IJCER) ijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
Bio-Cryptography Based Secured Data Replication Management in Cloud StorageIJERA Editor
Cloud computing is new way of economical and efficient storage. The single data mart storage system is a less
secure because data remain under a single data mart. This can lead to data loss due to different causes like
hacking, server failure etc. If an attacker chooses to attack a specific client, then he can aim at a fixed cloud
provider, try to have access to the client’s information. This makes an easy job of the attackers, both inside and
outside attackers get the benefit of using data mining to a great extent. Inside attackers refer to malicious
employees at a cloud provider. Thus single data mart storage architecture is the biggest security threat
concerning data mining on cloud, so in this paper present the secure replication approach that encrypt based on
biocrypt and replicate the data in distributed data mart storage system. This approach involves the encryption,
replication and storage of data
Cloud computing has become an integral part of most of the private and public organizations and being used for data storage and retrieval. There are many usage of cloud computing and widely used in highly confidential national services like military and treasury for storing confidential information. The cloud computing for example Google drive, Amazon Web Service and Microsoft Azure are beneficial for organizations and end-users. Using Cloud computing and its services, organisation/end-users can store their data. There are multiple challenges while saving organisations highly confidential documents in servers. Hence, the objective of this paper is to provide a high level design for a storage system maximising security and personal privacy. Though servers are highly protected against unauthorized access, there are incidents where confidential files stored on servers are accessed by the maintenance staffs. Hence this research paper provides introductory structure for fully protection of files stored in the server by using Hybrid Cryptosystem.
A PPLICATION OF C LASSICAL E NCRYPTION T ECHNIQUES FOR S ECURING D ATA -...IJCI JOURNAL
The process of protecting information by transformi
ng (encrypting) it into an unreadable format is cal
led
cryptography. Only those who possess secret key can
decipher (decrypt) the message into plain text.
Encrypted messages can sometimes be broken by crypt
analysis, also called code breaking, so there is a
need for strong and fast cryptographic methods for
securing the data from attackers. Although modern
cryptography techniques are virtually unbreakable,
sometimes they also tend to attack.
As the Internet, big data, cloud data storage and
other forms of electronic communication become more
prevalent, electronic security is becoming increasi
ngly important. Cryptography is used to protect e-m
ail
messages, credit card information, corporate data,
cloud data and big data so on... So there is a need
for
best and fast cryptographic methods for protecting
the data. In this paper a method is proposed to pro
tect
the data in faster way by using classical cryptogra
phy. The encryption and decryption are done in par
allel
using threads with the help of underlying hardware.
The time taken by sequential and parallel method i
s
analysed
This research analysis will go over the various encryption methods and summarize the previous research in encryption that has been done to this point. The advantages of Symmetric and Asymmetric Encryption will be discussed in terms of security and efficiency. As encryption becomes more advanced, so the need for proper key management increases as well. This paper will conclude with a look at what could be the future of cloud encryption, Homomorphic Encryption.
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...AJASTJournal
The cloud can be created, monitored, and disseminated with slight disruption or service provider involvement. Among the most rapidly evolving phenomenon, cloud computing provides users with a variety of low-cost solutions. By putting the ideas of confidentiality, authentication, encryption techniques, non-repudiation, intrusion prevention, and effectiveness into practice, the challenge of cloud information security for computers and cloud storage security has been resolved in its totality. As cloud security has become a growing problem, cloud technology is prominent throughout many emerging disciplines of study in which a significant amount of research is conducted in this field. Each of these efforts uses a cryptography approach. Current solutions to these issues have certain important drawbacks. To protect sensitive information stored in the cloud, one needs to design programs that implement hybrid cryptographic mechanisms using challenging encryption algorithms. This research elaborates on an examination of using cryptographic techniques to mitigate the integrity problems in cloud computing.
Modified RSA-based algorithm: a double secure approachTELKOMNIKA JOURNAL
Security algorithms like RSA are becoming increasingly important for communications to provide companies, organizations, and users around the world, secure applications who rely heavily on them in their daily work. Security algorithms use different acquaintances among companies which might belong to various countries or even cities. Such data should essentially be encrypted to make sure that there is security in transportation. Thus, the current research paper leads to the novel system of security for the safe transfer of data. This paper examines the general principles of encryption and focuses on the development of RSA and the complexity of the encryption key so that it becomes more secure in the applications used. In this project, we will work on the RSA algorithm by adding some complexity to the 3keys (3k). This addition will increase the security and complexity of the algorithm's speed while maintaining encryption and decryption time. The paper also presents an approach by means of public key encryption to enhance cryptographic security. Moreover, double security is provided by the algorithm of RSA. This novel RSA algorithm was investigated in MATLAB. Numerical results for the various parameters such as Mean Square Error (MSE), correlation and Bit Error Ratio (BER) were implemented for the encryption of the message. The experimental results demonstrated that the proposed algorithm for 3 keys has small error rate in the retrieval of the encoded text
SECURE COLLABORATIVE PROCESSING ARCHITECTURE FOR MITB ATTACK DETECTIONIJNSA Journal
In this paper, we present the design of a specific distributed architecture called Semantic Room (SR) which
is capable of correlating events coming from several organizations participating in the SR while preserving
the privacy of sensitive data items. The SR architecture consists of Edge Gateways deployed at each
financial institution and a set of private clouds that form the SR collaborative processing system (CSP).
Edge Gateways perform data pre-processing and anonymize data items, as prescribed by the SR contract,
using Shamir secret sharing scheme. Anonymous data are sent to the CPS that aggregates information
through MapReduce-based computations. The anonymous data resulting from the collaborative
computation are revealed to the financial institutions only if suspicious cyber threat activities are detected.
In this paper we show how this SR can be leveraged for detecting Man-In-The-Browser attacks.
A comprehensive study of fhe schemes ijact journalMajedahAlkharji
This article provides a comprehensive survey of:
1. Homomorphic encryption schemes using public key algorithms.
2. Fully homomorphic encryption (FHE) schemes.
This work can be helpful as a guide to principles, properties of FHE
SECURE OUTSOURCED CALCULATIONS WITH HOMOMORPHIC ENCRYPTIONacijjournal
ith the rapid development of cloud computing, the privacy security incidents occur frequently, especially
data security issues. Cloud users would like to upload their sensitive information to cloud service providers
in encrypted form rather than the raw data, and to prevent the misuse of data. The main challenge is to
securely process or analyze these encrypted data without disclosing any useful information, and to achieve
the rights management efficiently. In this paper, we propose the encrypted data processing protocols for
cloud computing by utilizing additively homomorphic encryption and proxy cryptography. For the traditional
homomorphic encryption schemes with many limitations, which are not suitable for cloud computing
applications. We simulate a cloud computing scenario with flexible access control and extend the original
homomorphic cryptosystem to suit our scenario by supporting various arithmetical calculations. We also
prove the correctness and security of our protocols, and analyze the advantages and performance by comparing
with some latest works.
International Journal of Computational Engineering Research(IJCER) ijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
Bio-Cryptography Based Secured Data Replication Management in Cloud StorageIJERA Editor
Cloud computing is new way of economical and efficient storage. The single data mart storage system is a less
secure because data remain under a single data mart. This can lead to data loss due to different causes like
hacking, server failure etc. If an attacker chooses to attack a specific client, then he can aim at a fixed cloud
provider, try to have access to the client’s information. This makes an easy job of the attackers, both inside and
outside attackers get the benefit of using data mining to a great extent. Inside attackers refer to malicious
employees at a cloud provider. Thus single data mart storage architecture is the biggest security threat
concerning data mining on cloud, so in this paper present the secure replication approach that encrypt based on
biocrypt and replicate the data in distributed data mart storage system. This approach involves the encryption,
replication and storage of data
Cloud computing has become an integral part of most of the private and public organizations and being used for data storage and retrieval. There are many usage of cloud computing and widely used in highly confidential national services like military and treasury for storing confidential information. The cloud computing for example Google drive, Amazon Web Service and Microsoft Azure are beneficial for organizations and end-users. Using Cloud computing and its services, organisation/end-users can store their data. There are multiple challenges while saving organisations highly confidential documents in servers. Hence, the objective of this paper is to provide a high level design for a storage system maximising security and personal privacy. Though servers are highly protected against unauthorized access, there are incidents where confidential files stored on servers are accessed by the maintenance staffs. Hence this research paper provides introductory structure for fully protection of files stored in the server by using Hybrid Cryptosystem.
A PPLICATION OF C LASSICAL E NCRYPTION T ECHNIQUES FOR S ECURING D ATA -...IJCI JOURNAL
The process of protecting information by transformi
ng (encrypting) it into an unreadable format is cal
led
cryptography. Only those who possess secret key can
decipher (decrypt) the message into plain text.
Encrypted messages can sometimes be broken by crypt
analysis, also called code breaking, so there is a
need for strong and fast cryptographic methods for
securing the data from attackers. Although modern
cryptography techniques are virtually unbreakable,
sometimes they also tend to attack.
As the Internet, big data, cloud data storage and
other forms of electronic communication become more
prevalent, electronic security is becoming increasi
ngly important. Cryptography is used to protect e-m
ail
messages, credit card information, corporate data,
cloud data and big data so on... So there is a need
for
best and fast cryptographic methods for protecting
the data. In this paper a method is proposed to pro
tect
the data in faster way by using classical cryptogra
phy. The encryption and decryption are done in par
allel
using threads with the help of underlying hardware.
The time taken by sequential and parallel method i
s
analysed
This research analysis will go over the various encryption methods and summarize the previous research in encryption that has been done to this point. The advantages of Symmetric and Asymmetric Encryption will be discussed in terms of security and efficiency. As encryption becomes more advanced, so the need for proper key management increases as well. This paper will conclude with a look at what could be the future of cloud encryption, Homomorphic Encryption.
Mitigating the Integrity Issues in Cloud Computing Utilizing Cryptography Alg...AJASTJournal
The cloud can be created, monitored, and disseminated with slight disruption or service provider involvement. Among the most rapidly evolving phenomenon, cloud computing provides users with a variety of low-cost solutions. By putting the ideas of confidentiality, authentication, encryption techniques, non-repudiation, intrusion prevention, and effectiveness into practice, the challenge of cloud information security for computers and cloud storage security has been resolved in its totality. As cloud security has become a growing problem, cloud technology is prominent throughout many emerging disciplines of study in which a significant amount of research is conducted in this field. Each of these efforts uses a cryptography approach. Current solutions to these issues have certain important drawbacks. To protect sensitive information stored in the cloud, one needs to design programs that implement hybrid cryptographic mechanisms using challenging encryption algorithms. This research elaborates on an examination of using cryptographic techniques to mitigate the integrity problems in cloud computing.
EFFECTIVE METHOD FOR MANAGING AUTOMATION AND MONITORING IN MULTI-CLOUD COMPUT...IJNSA Journal
Multi-cloud is an advanced version of cloud computing that allows its users to utilize different cloud systems from several Cloud Service Providers (CSPs) remotely. Although it is a very efficient computing
facility, threat detection, data protection, and vendor lock-in are the major security drawbacks of this infrastructure. These factors act as a catalyst in promoting serious cyber-crimes of the virtual world. Privacy and safety issues of a multi-cloud environment have been overviewed in this research paper. The
objective of this research is to analyze some logical automation and monitoring provisions, such as monitoring Cyber-physical Systems (CPS), home automation, automation in Big Data Infrastructure (BDI), Disaster Recovery (DR), and secret protection. The Results of this research investigation indicate that it is possible to avoid security snags of a multi-cloud interface by adopting these scientific solutions methodically.
In the past decade, big technical advances have appeared which can bring more comfort not only in the corporate sector but at the personal level of everyday life activities. The growth and deployment of cloud computing technologies by either private or public sectors were important. Recently it became apparent to many organizations and businesses that their workloads were moved to the cloud. However, protection for cloud providers focused on Internet connectivity is a major problem, leaving it vulnerable to numerous attacks. Although cloud storage protection mechanisms are being introduced in recent years. However, cloud protection remains a major concern. This survey paper tackles this problem by recent technology that enables confidentiality conscious outsourcing of the data to public cloud storage and analysis of sensitive data. In specific, as an advancement, we explore outsourced data strategies focused on data splitting, anonymization and cryptographic methods. We then compare these approaches for operations assisted by accuracy, overheads, masked outsourced data and data processing implications. Finally, we recognize excellent solutions to these cloud security issues.
Accessing secured data in cloud computing environmentIJNSA Journal
Number of businesses using cloud computing has increased dramatically over the last few years due to the attractive features such as scalability, flexibility, fast start-up and low costs. Services provided over the web are ranging from using provider’s software and hardware to managing security and other issues. Some of the biggest challenges at this point are providing privacy and data security to subscribers of public cloud servers. An efficient encryption technique presented in this paper can be used for secure access to and storage of data on public cloud server, moving and searching encrypted data through communication channels while protecting data confidentiality. This method ensures data protection against both external and internal intruders. Data can be decrypted only with the provided by the data owner key, while public cloud server is unable to read encrypted data or queries. Answering a query does not depend on it size and done in a constant time. Data access is managed by the data owner. The proposed schema allows unauthorized modifications detection
ACCESSING SECURED DATA IN CLOUD COMPUTING ENVIRONMENTIJNSA Journal
Number of businesses using cloud computing has increased dramatically over the last few years due to the attractive features such as scalability, flexibility, fast start-up and low costs. Services provided over the web are ranging from using provider’s software and hardware to managing security and other issues. Some of the biggest challenges at this point are providing privacy and data security to subscribers of public cloud servers. An efficient encryption technique presented in this paper can be used for secure access to and storage of data on public cloud server, moving and searching encrypted data through communication channels while protecting data confidentiality. This method ensures data protection against both external and internal intruders. Data can be decrypted only with the provided by the data owner key, while public cloud server is unable to read encrypted data or queries. Answering a query does not depend on it size and done in a constant time. Data access is managed by the data owner. The proposed schema allows unauthorized modifications detection.
Abstract: Cloud computing model are obtaining ubiquitous authorization due to the heterogeneous convenience they provide. Although, the
security & privacy problems are the main considerable encumbrance holding back the universal adoption of this new emerging technology.
Various researches are concentrated on enhancing the security on Software as well as Hardware levels on the cloud. But these interpretations do
not mainly furnish the complete security way and therefore the data security compute (measure) are still kept under the access control of service
provider. Trusted Computing is another research concept. In actuality, these furnish a set of tools controlled by the third party technologies to
secure the Virtual Machines from the cloud computing providers. These approaches provides the tools to its consumers to assess and monitor the
aspects of security their data, they don’t allocate the cloud consumers with high control capability. While as the new emerging DCS approach
aims to provide the security of data owners of their data. But the DCS approach concept is elucidate in many ways and there is not a
standardized framework of cloud computing environment model for applying this approach.
Methodologies for Resolving Data Security and Privacy Protection Issues in Cl...AJASTJournal
Because of its accessibility and flexibility, cloud technology is among the most notable innovations in today's world. Having many service platforms, such as GoogleApps by Google, Amazon, Apple, and so on, is well accepted by large enterprises. Distributed cloud computing is a concept for enabling every-time, convenient, on-demand network access to processing resources including servers, storage devices, networks, and services that may be mutually configured. The major security risks for cloud computing as identified by the Cloud security alliance (CSA) have been examined in this study. Also, methods for resolving issues with cloud computing technology's data security and privacy protection were systematically examined
Because of its accessibility and flexibility, cloud technology is among the most notable innovations in today's world. Having many service platforms, such as GoogleApps by Google, Amazon, Apple, and so on, is well accepted by large enterprises. Distributed cloud computing is a concept for enabling every-time, convenient, on-demand network access to processing resources including servers, storage devices, networks, and services that may be mutually configured. The major security risks for cloud computing as identified by the Cloud security alliance (CSA) have been examined in this study. Also, methods for resolving issues with cloud computing technology's data security and privacy protection were systematically examined.
DESIGN AND IMPLEMENT A NEW CLOUD SECURITY METHOD BASED ON MULTI CLOUDS ON OPE...cscpconf
Deployment of using cloud services as a new approach to keep people's platforms, Infrastructure and applications has become an important issue in the world of communications technology. This is a very useful paradigm for humans to obtain their essential needs simpler, faster ,more flexible, and safer than before. But there are many concerns about this system challenge. Security is the most important challenge for cloud systems. In this paper we design and explain the procedure of implementation of a new method for cloud services based on multi clouds on our platform which supplies security and privacy more than other clouds. We introduce some confidentiality and security methods in each layer to have a secure access to requirements. The architecture of our method and the implementation of method on our selected platform for each layer are introduced in this paper.
Design and implement a new cloud security method based on multi clouds on ope...csandit
Deployment of using cloud services as a new approach to keep people's platforms,
Infrastructure and applications has become an important issue in the world of communications
technology. This is a very useful paradigm for humans to obtain their essential needs simpler,
faster ,more flexible, and safer than before. But there are many concerns about this system
challenge. Security is the most important challenge for cloud systems. In this paper we design
and explain the procedure of implementation of a new method for cloud services based on multi
clouds on our platform which supplies security and privacy more than other clouds. We
introduce some confidentiality and security methods in each layer to have a secure access to
requirements. The architecture of our method and the implementation of method on our selected
platform for each layer are introduced in this paper.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
E-Mail Systems In Cloud Computing Environment Privacy,Trust And Security Chal...IJERA Editor
In this paper, SMCSaaS is proposed to secure email system based on Web Service and Cloud Computing
Model. The model offers end-to-end security, privacy, and non-repudiation of PKI without the associated
infrastructure complexity. The Proposed Model control risks in Cloud Computing like Insecure Application
Programming Interfaces, Malicious Insiders, Data Loss Shared Technology Vulnerabilities, or Leakage,
Account, Service, Traffic Hijacking and Unknown Risk Profile
ISSN 2395-650X
IJLBPS provides an inclusive environment for researchers to share original research, reviews, case studies, and technical notes across a broad spectrum of life sciences, biotechnology, and pharmaceutical sciences.
Secure Data Sharing In an Untrusted CloudIJERA Editor
Cloud computing is a huge area which basically provides many services on the basis of pay as you go. One of the fundamental services provided by cloud is data storage. Cloud provides cost efficiency and an efficient solution for sharing resource among cloud users. A secure and efficient data sharing scheme for groups in cloud is not an easy task. On one hand customers are not ready to share their identity but on other hand want to enjoy the cost efficiency provided by the cloud. It needs to provide identity privacy, multiple owner and dynamic data sharing without getting effected by the number of cloud users revoked. In this paper, any member of a group can completely enjoy the data storing and sharing services by the cloud. A secure data sharing scheme for dynamic cloud users is proposed in this paper. For which it uses group signature and dynamic broadcast encryption techniques such that any user in a group can share the information in a secured manner. Additionally the permission option is proposed for the security reasons. This means the file access permissions are generated by the admin and given to the user using Role Based Access Control (RBA) algorithm. The file access permissions are read, write and delete. In this, owner can provide files with options and accepts the users using that option. The revocation of cloud user is a function generated by the Admin for security purpose. The encryption computational cost and storage overhead is not dependent on the number of users revoked. We analyze the security by proofs and produce the cloud efficiency report using cloudsim.
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
In the IoT scenario, things at the edge can create significantly large amounts of data. Fog Computing has recently emerged as the paradigm to address the needs of edge computing in the Internet of Things (IoT) and Industrial Internet of Things (IIoT) applications. In a Fog Computing environment, much of the processing would take place closer to the edge in a router device, rather than having to be transmitted to the Fog. Authentication is an important issue for the security of fog computing since services are offered to massive-scale end users by front fog nodes.Fog computing faces new security and privacy challenges besides those inherited from cloud computing. Authentication helps to ensure and confirms a user's identity. The existing traditional password authentication does not provide enough security for the data and there have been instances when the password-based authentication has been manipulated to gain access into the data. Since the conventional methods such as passwords do not serve the purpose of data security, research worksare focused on biometric user authentication in fog computing environment. In this paper, we present biometric smartcard authentication to protect the fog computing environment.
Similar to Threat Modeling of Cloud based Implementation of Homomorphic Encryption (20)
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
COLLEGE BUS MANAGEMENT SYSTEM PROJECT REPORT.pdfKamal Acharya
The College Bus Management system is completely developed by Visual Basic .NET Version. The application is connect with most secured database language MS SQL Server. The application is develop by using best combination of front-end and back-end languages. The application is totally design like flat user interface. This flat user interface is more attractive user interface in 2017. The application is gives more important to the system functionality. The application is to manage the student’s details, driver’s details, bus details, bus route details, bus fees details and more. The application has only one unit for admin. The admin can manage the entire application. The admin can login into the application by using username and password of the admin. The application is develop for big and small colleges. It is more user friendly for non-computer person. Even they can easily learn how to manage the application within hours. The application is more secure by the admin. The system will give an effective output for the VB.Net and SQL Server given as input to the system. The compiled java program given as input to the system, after scanning the program will generate different reports. The application generates the report for users. The admin can view and download the report of the data. The application deliver the excel format reports. Because, excel formatted reports is very easy to understand the income and expense of the college bus. This application is mainly develop for windows operating system users. In 2017, 73% of people enterprises are using windows operating system. So the application will easily install for all the windows operating system users. The application-developed size is very low. The application consumes very low space in disk. Therefore, the user can allocate very minimum local disk space for this application.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Courier management system project report.pdfKamal Acharya
It is now-a-days very important for the people to send or receive articles like imported furniture, electronic items, gifts, business goods and the like. People depend vastly on different transport systems which mostly use the manual way of receiving and delivering the articles. There is no way to track the articles till they are received and there is no way to let the customer know what happened in transit, once he booked some articles. In such a situation, we need a system which completely computerizes the cargo activities including time to time tracking of the articles sent. This need is fulfilled by Courier Management System software which is online software for the cargo management people that enables them to receive the goods from a source and send them to a required destination and track their status from time to time.
Event Management System Vb Net Project Report.pdfKamal Acharya
In present era, the scopes of information technology growing with a very fast .We do not see any are untouched from this industry. The scope of information technology has become wider includes: Business and industry. Household Business, Communication, Education, Entertainment, Science, Medicine, Engineering, Distance Learning, Weather Forecasting. Carrier Searching and so on.
My project named “Event Management System” is software that store and maintained all events coordinated in college. It also helpful to print related reports. My project will help to record the events coordinated by faculties with their Name, Event subject, date & details in an efficient & effective ways.
In my system we have to make a system by which a user can record all events coordinated by a particular faculty. In our proposed system some more featured are added which differs it from the existing system such as security.
Threat Modeling of Cloud based Implementation of Homomorphic Encryption
1. Threat Modeling of Cloud based Implementation
of Homomorphic Encryption
Satish K Sreenivasaiah & Soumya Maity
REVA University, Bangalore KA 560064, India,
satish.cs01@reva.edu.in
soumya.maity@race.reva.edu.in
September 29, 2020
Abstract
Outsourcing of data storage and data processing to cloud-based ser-
vice providers promises several advantages such as reduced maintenance
overhead, elastic performance, high availability, and security. Cloud ser-
vices offer a variety of functionalities for performing different operations
on the data. However, during the processing of data in cloud, security and
privacy may be compromised because of inadequate cryptographic imple-
mentation. Conventional encryption methods guarantee security during
transport (data-in-transit) and storage (data-at-rest), but cannot prevent
data leak during an operation on the data (data-in-use). Modern homo-
morphic encryption methods promise to solve this problem by applying
different operations on encrypted data without knowing or deciphering
the data. Cloud-based implementation of homomorphic cryptography has
seen significant development in the recent past. However, data security,
even with implemented homomorphic cryptography, is still dependant on
the users and the application owners. This exposes the risk of introducing
new attack surfaces. In this paper, we introduce a novel and one of the
early attempts to model such new attack surfaces on the implementation
of homomorphic encryption and map them to STRIDE threat model [1]
which is proliferously used in the industry.
1 Introduction
Modern cloud services enable efficient computations on various data sets in the
form of Platform or Software-as-a-Service. Data processing and Data analysis
become easy and reliable due to elastic high-performance hardware used by
cloud service providers (CSP). Recent data trends suggest [2] that there is an
exponential increase in the growth rate of data creation. Often, this data is
1DOI:10.5121/ijcis.2020.10302 19
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
21
2. shared with multiple parties, such as a CSP or a third-party organization, to
store and process.
Alarmingly, users do not have control over their data and are naturally con-
cerned about data privacy. Furthermore, data is often exposed to breaches,
where sensitive customer information is accessed in an unauthorized manner.
Customers often risk the privacy of their data in exchange for services from
CSPs. Although these CSPs are considered as trusted business partners and are
deterrent from stealing data by service level agreements, non-disclosure agree-
ments, etc., there is a need for proven technology to prevent data to be disclosed
to the cloud operators.
The CSPs can be restricted to access the user data using symmetric key
cryptography like AES or 3-DES, while the data is stored (or, data-at-rest)
in a secure datastore in the cloud [3]. The data-in-transit is secured during
communication using public-key cryptography [4]. However, there is no well-
known technology that can prevent data theft when under process (data-in-use).
While users can encrypt data and store it on the cloud for confidentiality, this
limits any kind of data processing. Therefore, the usual encryption is limited to
data storage alone and does not allow for any meaningful computation. While
doing different operations on the data, the cloud service provider can access the
data and can technically store, share, or replay it. This security issue is very
much predominant in the case of public clouds that are owned and operated by
a third party.
To enable computations while guaranteeing data privacy, researchers are
focusing on privacy-enabled computations or confidential computations. Homo-
morphic encryption (HE) is a promising solution towards that technical prob-
lem without compromising the robustness, scalability, and security [5][6]. As
the name suggests, this is a special type of cryptosystem that has homomor-
phic property[7]. That means, it allows calculations to be performed on the
encrypted data itself, thus the data is never decrypted even while in use.
Encrypted data is stored in a cloud. There they can be searched or processed
without decrypting them. The result is sent back encrypted. The cloud provider
does not know the data or the results. Though HE promises a big gain in data
protection, efficiency and performance are still a major concern, at least for the
early cloud-based implementations of homomorphic encryption (HE) [8] .
Homomorphic encryption, in a simple language, is a normal encryption
scheme (two functions enc and dec to encrypt and decrypt) with one additional
function, eval, such that, eval(enc(m)) = enc(f(m)), and, dec(eval(enc(m))) =
f(m)
where, m is a plaintext data, and user wants to compute f(m).
Diagram 1 explains the operation.
Example: A Search engine is a commonly used Software-as-a-service. When a
user types a string in the text-box, the service provider finds relevant webpages
from a highly dynamic data-store and responds with that list. The request and
response are encrypted using RSA public-key cryptography. So, it is secured
from any eavesdropper. However, the service provider can see the search string
in plaintext. Homomorphic encryption ensures that the service provider receives
2
20
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
22
3. Figure 1: Homomorphic Encryption
an encrypted string, finds an encrypted list of relevant pages without even know-
ing the actual search string, and response. User can decrypt the response and
see the list. The service provider can never know the actual search-string and
the responses, but it still can provide the service seamlessly. Detail explanation
of homomorphic encryption (HE) is discussed in the subsequent sections.
Microsoft’s Azure Confidential Computing introduced in 2019 [9], followed
by Google’s confidential cloud [10], launched as a beta release in July, 2020, are
the first commercial implementations of homomorphic encryption. Other cloud
providers including are also extensively researching the technology to make their
cloud resilient to data-breaches.
HE has been called the ”Swiss Army knife of cryptography” as it is a one-stop
shop solution that can be applied consistently across variety of cryptographic
implementations. It is often believed to be a silver bullet for most of the prob-
lems plaguing the industry today, in terms of protection of Sensitive Personal
Data or Information (SPDI) from third-party cloud providers [11]. However,
challenges persist wherein the insecure implementation and inadequate security
controls around HE could compromise the data and negate the whole purpose of
using HE as a solution to protect SPDI from cloud vendors or third party data
processors. HE, as a cryptosystem, is resilient to data breaches and attacks on
privacy. But, the success of protecting the confidentiality, integrity, and avail-
ability (CIA) depends largely on the implementation and design of the system.
Threat modeling is a well-accepted formal approach to find relevant threats
or attack surfaces of the designed system. To identify these potential threats
and possible attacks early in the life cycle of software product development,
we could employ STRIDE based threat modeling [1] as an effective tool dur-
ing the product design phase. Although thorough cryptanalysis would uncover
these attacks or threats, it is a long drawn process and requires a high level of
expertise. Hence, as a quick alternative for a rigorous cryptanalysis approach,
a threat modeling methodology and tools can be adopted to identify threats
and address them through appropriate mitigation techniques for a secure HE
implementation.
3
21
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
23
4. Research Objective
As mentioned in the abstract, cloud-based implementation of homomorphic
cryptography has seen significant development in the recent past. However,
data security, even with implemented homomorphic cryptography, is still de-
pendent on the users and the application owners. This exposes the risk of
introducing new attack surfaces. In this paper, we introduce a novel and one of
the early attempts to model such new attack surfaces on the implementation of
homomorphic encryption and map them to Microsoft STRIDE threat model [1]
which is proliferously used in the industry
Scope
The scope of the research is to identify threats using Microsoft STRIDE model
in a cloud based homomorphic encryption implementation early in the product
design phase and to plan the adoption of mitigations stated in the paper for the
identified threats.
Limitations:
The limitation of the paper is that it does not delve deep into cryptanalysis
although that is one of the right approaches to find weaknesses in cryptographic
algorithms. As cryptanalysis is a time consuming activity, Threat Modeling
of a HE system is suggested as a quicker alternative to identify threats and
mitigations.
Organization of the Paper
In this paper, we model threats for Cloud-based implementation of HE using
STRIDE. As per our best knowledge and literature survey, this is one of the ear-
liest attempts for mapping attack surfaces of HE implementation with STRIDE.
We have organized this paper into three major sections. In the beginning, in
section 2, we introduce the background of HE along with detail cryptanalysis.
After that, we explain different attack surfaces on the implementation of cloud-
based HE in section 3. How we can map the attack surfaces with the STRIDE
model is explained in section 4. We conclude the paper by pointing on the merit
and future scope of this work.
2 Background
HE is very different from other forms of cryptographic algorithms such as regular
symmetric and asymmetric algorithms in a way that it can do computing on
encrypted data and provide result of the computation as an encrypted output.
This capability of HE is a game changer as it can now preserve the privacy or
confidential data of an individual or corporates by not using plaintext data for
processing.
4
22
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
24
5. 2.1 Homomorphic encryption
CPA security does not prevent an attacker from tampering with the encrypted
message, changing for example an encryption of the message x into an encryption
of x with its last bit flipped. Homomorphic encryption takes this to an extreme
and actually requires that it is possible to tamper with the encryption in an
arbitrary way (while still maintaining CPA security!). The question if this is
possible was first raised in 1978 by Rivest, Adleman, and Dertouzos, and over
the years many conjectured that this is in fact impossible. Last year Gentry
gave very strong evidence that such encryptions exist, by constructing such a
scheme that is secure under relatively reasonable computational assumptions.
[Definition] A CPA-secure public key encryption scheme (G, E, D) with one
bit messages is fully homomorphic if,
there exists an algorithm HEnc such that for every (e, d) ← G(1n
), a, b ∈ {0, 1},
and ˆa ← Ee(a), ˆb ← Ee(b),
HEnce(ˆa,ˆb) ≈ Ee(aHEncb)
where ≈ denotes statistical indistinguishability (i.e., n−ω(1)
statistical distance),
and aHEncb denotes ¬(a ∧ b).
We stress that the algorithm HEnc does not get the secret key as input. Oth-
erwise it would be trivial: just decrypt ˆa,ˆb, compute aHEncb and re-encrypt.
[Universality of HEnc] It’s straightforward to show that every log gate can
be expressed using few HEncs, and so obtain the following claim (left as ex-
ercise): If (G, E, D) is a homomorphic encryption then there is an algorithm
EV AL that for every (e, d) ← G(1n
), x1, . . . , xm ∈ {0, 1}, if ˆxi = Ee(xi) and C
is a Boolean circuit mapping {0, 1}m
to {0, 1}, then
EV ALe(C, ˆx1, . . . , ˆxm) ≈|C|µ(n) Ee(C(x1, . . . , xn))
where we say that D ≈ D if their statistical distance is at most , µ is some
negligible function, and |C| denotes the number of gates of C. In particular if C
is polynomial size then these two distributions are statistically indistinguishable.
2.2 Usefulness of homomorphic encryption
Canonical application is “cloud computing”: Alice wants to store her file x ∈
{0, 1}m
on Bob’s server. So she sends Bob Ee(x1) · · · Ee(xm). Then she wants
to do computation on this file. For example, if the file is a database of people
she may want to find out how many of them bought something in the last
month. One way to do so would be for Alice to retrieve the entire file and
do the computation on her own, but if she was able to handle this amount
of communication and computation, perhaps she wouldn’t have needed to use
cloud computing in the first place.
Instead, Alice will ask Bob to perform this operation on the encrypted data,
giving her an encryption of the answer, which she can of course decrypt. There
is an issue of how Alice maintains integrity in this case, this is left as an exercise.
5
23
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
25
6. 2.3 Zero Knowledge from Homomorphic Encryption
We’ve seen zero knowledge protocols for specific statements, but now we’ll see
such an encryption scheme for any statement, specifically for a public input
circuit C : {0, 1}m
→ {0, 1}, we’ll show a zero knowledge proof system (in fact
even proof of knowledge) for the statement ”there exists x such that C(x) = 1”.
Note that this in some sense a tremendous overkill, since zero knowledge
proofs for every statement can be based on just one-way functions, and the con-
struction is not even terribly complicated, given basic NP-completeness results.
But this protocol will give some intuition on homomorphic encryption, and will
also be more communication efficient than the standard protocols.
cryptanalysis
We’ll describe the protocol in steps, starting with a simplified version that is
not secure and tweaking it as we go along to ensure security.
Public Input: Boolean circuit C : {0, 1}n
→ {0, 1}.
Prover’s private input: x ∈ {0, 1}n
such that C(x) = 1.
Step 1 Prover runs (e, d) ← G(1n
), sends e to verifier.
Step 2 Prover sends ˆx = Ee(x1) · · · Ee(xn) to verifier.
Step 3 Verifier computes ˆc = EV AL(C, ˆx), sends ˆc to prover.
Step 4 Prover sends d = Dd(ˆc) to verifier. Verifier accepts if d = 1.
Security
This protocol is obviously not sound. We change it by having the verifier toss
a coin b ←R {0, 1} in Step 3. If b = 1 then the verifier proceeds as before. If
b = 0 then the verifier sends Ee(b) to the prover. The verifier checks in Step 4
that b = d.
Soundness
We can now prove soundness of the new protocol though we will need a strength-
ening of the homomorphic encryption scheme, we require that it is possible to
efficiently test that a public key e is in the range of the generation algorithm
and a ciphertext ˆa is in the range of the encryption algorithm. This can be
fixed by adding another check by the verifier, though we’ll defer details to the
exercise.
Step 4 The prover only sends a commitment to d (for example f(x), r, x, r ⊕d,
where f is a one-way permutation).
Step 5 Verifier sends all randomness it used in producing the ciphertext of Step
3. The prover verifies this is indeed the case, and otherwise aborts.
6
24
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
26
7. Step 6 The prover sends d and also the randomness used in producing the
commitment.
This can be shown to preserve soundness, since soundness held even for
computationally unbounded provers, and the commitment scheme is perfectly
binding.
Constructing homomorphic encryption
Homomorphic encryptions can be used to do wonderful things, but the same
holds for perpetual motion machines, cold fusion, unicorns, etc.
So, the question whether we can actually construct such schemes. Since the
question was raised in 1978 by Rivest et al. [12], there have been no significant
candidate for a homomorphic encryption scheme. Almost after 30 years of that
work, Gentry gave the first such construction [5][13]. The construction relies
on somewhat non-standard, but still rather reasonable assumptions. Also, as
mentioned, it is still not practical, requiring at least k8
operation to achieve 2k
security. Hopefully, with time we will see improved constructions, using more
standard assumptions and more efficient. We will see a close variant of Gentry’s
scheme now. We remark that all the applications we saw (zero knowledge, multi-
party computation, private information retrieval) have alternative constructions
that utilize much more standard assumptions.
2.4 Need of HE
In the new age of regulatory compliances and the paramount importance placed
on privacy of individuals across and within nations, it is an imperative need to
protect SPDI from everyone except the data owner. The only person who needs
to have access to the data should be the data owner and not even to the data
processor or any third party processing or administering unit or individuals.
This is a paradox as protecting SPDI from a data processor, be it cloud or
third party on premise vendor, is hard as data needs to be decrypted prior to
processing and decrypted data in the memory is accessible for the cloud provider,
if he wishes to see. Hence, HE is a perfect solution to address the mentioned
paradox and a timely technological intervention without which the only way to
address the case was through legal and contractual obligations between the data
owner and the data processor.
2.5 Types of HE
Now having seen the what and why of HE, we explain different types of HE
in vogue today. The categories of HE are based on the number of mathemat-
ical computations that can be performed on the encrypted text. The major
differences in terms of capability, is tabulated in table 1.
7
25
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
27
8. 2.5.1 Partially Homomorphic Encryption (PHE):
It supports computations of mathematical operations such as addition or mul-
tiplication on the encrypted data for unlimited number of times. It allows only
one type of operation to be performed. PHE allows any number of computa-
tions to be performed for only a single type of mathematical operation, be it
addition or multiplication on encrypted data. Ex., it only allows computation
of either additions, such as enc(x + y) for a given enc(x) and enc(y). Similarly
computation for multiplication operation alone such as enc(x ∗ y) for a given
enc(x) and enc(y)
2.5.2 Somewhat Homomorphic Encryption (SHE):
SHE allows a limited number of computations to be performed for both types
of mathematical operations, addition and multiplication on encrypted data.
Ex., it allows computation of additions, such as enc(x + y) and computation of
multiplications operation enc(x ∗ y), for a given enc(x) and enc(y).
2.5.3 Fully Homomorphic Encryption (FHE):
FHE allows any number of computations to be performed for both types of
mathematical operations, addition and multiplication on encrypted data. FHE
allows unlimited additions and multiplications.
Partially homomorphic encryption is fairly easy; eg. RSA has a multiplica-
tive homomorphism: encrypt(x) = Xe
, encrypt(y) = ye
,
So, encrypt(x) ∗ encrypt(y) = (xy)e
= encrypt(xy)
Elliptic curves can offer similar properties with addition. Allowing both
addition and multiplication is, it turns out, significantly harder.
Table 1: Categorization summary of Homomorphic Encryption
HE Types/Operations PHE SHE FHE
Operations Supported Addition
OR
Multiplication
Addition
AND
Multiplication
Addition
AND
Multiplication
Frequency of opera-
tions
Unlimited Limited Unlimited
3 Attacks on a HE implementation
After introducing the conceptual background of HE we introduce different types
of threats or attacks that could be possible on Cloud based or non-cloud based
HE implementations [14].
8
26
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
28
9. 3.1 Chosen Cipher-Text Attack
In this kind of attack, the attacker might get decryptions of chosen cipher texts
with restrictions [15]. CCA has all the capabilities of a CPA as detailed in the
above section and also obtain decryptions of the selected encrypted message.
3.2 Encoder Attack
There are different Homomorphic Encryption libraries available today such as
Microsoft SEAL [16] (Simple Encrypted Arithmetic Library), Palisade, HELib,
NFLlib and so on. A few of the encoding methods used in SEAL to convert
integers and floating point numbers are IntegerEncoder () and Batch Encoder
() [17]. IntegerEncoder method is known to leak information and is suggested
not to be used in real applications whereas BatchEncoder () does not seem to
have this vulnerability.
3.3 Side Channel Attack
In this kind of attack, a malicious user does a run time monitoring of encryption
operation to obtain environment details like power consumption for the encryp-
tion process and alternatively the elapsed time for key generation. It provides
sufficient details about the key leading to potential attacks.
3.4 Active Attacks
Active attacks are wherein the adversary plants himself in between the data
sender and the receiver and starts monitoring the data in transit, modifies the
data in motion or at the target environment and also can inflict non availability
for the target server. Active attacks include DoS, DDoS, Session Hijacking and
so on.
3.5 Key Recovery Attack
In this kind of attack, given multiple plaintext/cipher text pairs an attacker can
obtain the secret key from the provided pairs of plaintext/cipher text.
3.6 Network Traffic Interception
Attackers can intrude the network if not secured with the right security controls
for data in transit. There are multiple OSS and COTS tools that can be used for
network sniffing and interception that can impact confidentiality and potential
integrity of the data.
9
27
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
29
10. 4 Mapping of Attacks to STRIDE Threat Model
4.1 STRIDE Threat Model
Microsoft STRIDE methodology [1] stands for Spoofing, Tampering, Repudi-
ation, Information Disclosure, Denial of Service and Elevation of Privileges.
There are different kinds of threat modeling approaches such as Attacker cen-
tric, Asset centric and Software or System centric. STRIDE is a system centric
approach where it focuses on the threats that could potentially impact a soft-
ware system.
STRIDE, should be applied during the software design phase of the SDLC
life cycle in order to ensure the identified threats are mitigated upfront during
the product development life cycle.
The table 2 provides definition for each of the STRIDE threat methodol-
ogy along with examples. The last column in the table maps to the impacted
Security Quality Sub Characteristics (QSC) of CIA triad, Authentication, Au-
thorization and Non-repudiation.
Now having understood the STRIDE methodology and the quality sub char-
acteristics it is impacting in a software system, let’s map the potential attacks
to threats and subsequently detail the mitigation for each of these threats or
potential attacks.
4.2 Mapping of potential HE implementation attacks to
STRIDE
As detailed in the table 3, a CCA in HE implementation, can potentially lead to
Information Disclosure and Tampering threats. With this, the idea of computing
on cipher text in HE that is assumed to be protected from a cloud provider takes
a beating as the adversary has obtained knowledge of some part of plain-text
based on CCA.
The countermeasure or mitigation for this attack is to adopt Authenticated
Encryption (AE) as it withstands the CCA attacks. AE provides Confidentiality
and Authentication at the same time as against a plain encryption implementa-
tion. The product team needs to ensure that they implement AE-Secure solution
during the design phase to avoid threats from CCA attacks.
Encoder Vulnerability in HE library - Integer, Floating number encoding
vulnerabilities in well-known HE libraries as discussed earlier, leads to Informa-
tion Disclosure. The mitigation for these kind of threats is to use Safe libraries
during coding such as BatchEncoder () method as compared to IntegerEncoder
() method. As shown in the table 3, it impacts Confidentiality of the data and
hence needs to be addressed early in the SDLC phase.
Side Channel Attack – could potentially obtain sensitive information through
various parameters discussed in section 2 impacting Confidentiality of the sys-
tem. The mitigation for such attacks are varied and techniques comprise of
jamming the emission channel, inducing random delay in the timing, random-
ization of cipher text and so on.
10
28
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
30
11. Table 2: STRIDE Methodology
Threat Definition Examples Security
Quality Sub-
Characteristic
Spoofing Claiming to be
someone else or
somebody else’s
identity
To take an identity of the
sender of a packet and
claim to be the packet
sender to the receiver
Authentication
Tampering Change the data
or code in transit,
while at use or at
rest
Modify data that is stored
in a database or a file
while data is at rest. And
while data is in transit,
modify the contents on the
wire
Integrity
Repudiation Deny performing
an action or a
transaction
”I never did that transac-
tion” or ”I never updated
that database or file”
Non Repudia-
tion
Information Disclosure Unau-
thorized disclosure
of data
Leakage of sensitive data
like SPDI or business con-
fidential data due to vul-
nerabilities in the system
or unauthorized access
Confidentiality
Denial of
Service
Make system un-
available for busi-
ness or make it slow
to impact the users
Bombard the server with
huge HTTP/TCP or any
other requests so that
server shuts down
Availability
Elevation of
Privilege
Unauthorized privi-
leges
A database user having
privileges of a database
administrator
Authorization
Active Attacks – The potential attacks of DoS, DDoS, Session Hijacking
could lead to all the threats of STRIDE as shown in the table 3. And mitigations
for active attacks need to be handled at infra, code and configuration levels.
Key recovery attack – As in table 3, this could happen due to availability of
plain text/cipher text cipher and is a threat to Confidentiality. The mitigation
of this kind of a threat is to ensure strong encryption algorithms such as AES
256. AES 128 and 256 both are known to withstand key recovery attacks
Network Sniffing Attack – This is a potential threat to Confidentiality, In-
tegrity and Availability of a system. Mitigation is to ensure data in transit is
secure with strong TLS encryption and also ensure Mutual TLS is enabled for
intra server communication.
So, with the proposed mapping of potential attacks, threats and security
quality sub characteristics along with mitigation following a STRIDE method-
ology is a sure way of ensuring security of HE implementation on Cloud.
11
29
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
31
12. Table 3: Categorization summary of Homomorphic Encryption
Attacks S T R I D E Impacted Secu-
rity QSC
Chosen Ciphertext At-
tack
D D Confidentiality
Integrity
Encoder Attack D Confidentiality
Side Channel Attack D Confidentiality
Active Attacks D D D D D CIA,
Authorization
Authentication
Key Recovery Attack D Confidentiality
Network Sniffing At-
tack
D D D CIA
5 Conclusion
In this paper, we introduced a novel approach for doing threat modeling for
cloud-based implementation of homomorphic encryption. We translate the
cryptanalysis based attack models into STRIDE threat model which is easy
to understand by the practitioners. The present state of art in the domain is
still very immature. We are in process of building a framework based on this
approach, which is included as our future scope of work. This work should help
the developers ar architects to build in-depth security implementation of homo-
morphic security in an effective and efficient way and without understanding
the detail mathematical background of this cryptanalysis.
References
[1] A. Shostack, “Experiences threat modeling at microsoft.” MODSEC MoD-
ELS, vol. 2008, 2008.
[2] S. He, G. Manns, J. Saunders, W. Wang, L. Pollock, and M. L. Soffa, “A
statistics-based performance testing methodology for cloud applications,”
in Proceedings of the 2019 27th ACM Joint Meeting on European Software
Engineering Conference and Symposium on the Foundations of Software
Engineering, 2019, pp. 188–199.
[3] C. Wang, K. Ren, W. Lou, and J. Li, “Toward publicly auditable secure
cloud data storage services,” IEEE network, vol. 24, no. 4, pp. 19–24, 2010.
[4] M. E. Hellman, “An overview of public key cryptography,” IEEE Commu-
nications Magazine, vol. 40, no. 5, pp. 42–49, 2002.
[5] C. Gentry, “A fully homomorphic encryption scheme,” Ph.D. dissertation,
Sanford Univeristy, 2009.
12
30
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
32
13. [6] M. Naehrig, K. Lauter, and V. Vaikuntanathan, “Can homomorphic en-
cryption be practical?” in Proceedings of the 3rd ACM workshop on Cloud
computing security workshop, 2011, pp. 113–124.
[7] B. Rossman, “Homomorphism preservation theorems,” Journal of the ACM
(JACM), vol. 55, no. 3, pp. 1–53, 2008.
[8] B. Barak, “Computer science 433 - cryptography, spring 2010,” Accessed
on 10-August-2020. [Online]. Available: https://www.cs.princeton.edu/
courses/archive/spring10/cos433/
[9] Microsoft, “Confidential computing on azure,” Accessed on 10-
August-2020. [Online]. Available: https://docs.microsoft.com/en-us/
azure/confidential-computing/overview
[10] Google, “Google confidential computing,” Accessed on 10-August-2020.
[Online]. Available: https://cloud.google.com/confidential-computing
[11] I. ˇZliobait˙e and B. Custers, “Using sensitive personal data may be neces-
sary for avoiding discrimination in data-driven decision models,” Artificial
Intelligence and Law, vol. 24, no. 2, pp. 183–201, 2016.
[12] R. L. Rivest, L. Adleman, M. L. Dertouzos et al., “On data banks and pri-
vacy homomorphisms,” Foundations of secure computation, vol. 4, no. 11,
pp. 169–180, 1978.
[13] C. Gentry, “Fully homomorphic encryption using ideal lattices,” in Pro-
ceedings of the forty-first annual ACM symposium on Theory of computing,
2009, pp. 169–178.
[14] M. Chase, H. Chen, J. Ding, S. Goldwasser, S. Gorbunov, J. Hoffstein,
K. Lauter, S. Lokam, D. Moody, T. Morrison et al., “Security of homo-
morphic encryption,” HomomorphicEncryption. org, Redmond WA, Tech.
Rep, 2017.
[15] D. Boneh and V. Shoup, “A graduate course in applied cryptography,”
Draft V0.5, 2020.
[16] Microsoft, “Microsoft seal,” Accessed on 10-August-2020. [Online].
Available: https://github.com/Microsoft/SEAL
[17] Z. Peng, “Danger of using fully homomorphic encryption: A look at mi-
crosoft seal,” arXiv preprint arXiv:1906.07127, 2019.
13
31
International Journal on Cryptography and Information Security (IJCIS), Vol. 10, No.3, September 2020
33