Research Article An Elliptic Curve Based Schnorr Cloud ...downloads.hindawi.com/journals/tswj/2016/4913015.pdf · An Elliptic Curve Based Schnorr Cloud Security Model in Distributed

Research ArticleAn Elliptic Curve Based Schnorr Cloud Security Model inDistributed Environment

Vinothkumar Muthurajan1 and Balaji Narayanasamy2

1Department of CSE University College of Engineering Dindigul Tamil Nadu 624622 India2Department of Information Technology KLN College of Engineering Madurai Tamil Nadu 630612 India

Correspondence should be addressed to Vinothkumar Muthurajan vinothkumarphd2015hotmailcom

Received 1 December 2015 Accepted 21 January 2016

Academic Editor Xinyi Huang

Copyright copy 2016 V Muthurajan and B Narayanasamy This is an open access article distributed under the Creative CommonsAttribution License which permits unrestricted use distribution and reproduction in any medium provided the original work isproperly cited

Cloud computing requires the security upgrade in data transmission approaches In general key-based encryptiondecryption(symmetric and asymmetric) mechanisms ensure the secure data transfer between the devices The symmetric key mechanisms(pseudorandom function) provide minimum protection level compared to asymmetric key (RSA AES and ECC) schemes Thepresence of expired content and the irrelevant resources cause unauthorized data access adversely This paper investigates howthe integrity and secure data transfer are improved based on the Elliptic Curve based Schnorr scheme This paper proposes avirtual machine based cloud model with Hybrid Cloud Security Algorithm (HCSA) to remove the expired content The HCSA-based auditing improves the malicious activity prediction during the data transferThe duplication in the cloud server degrades theperformance of EC-Schnorr based encryption schemes This paper utilizes the blooming filter concept to avoid the cloud serverduplication The combination of EC-Schnorr and blooming filter efficiently improves the security performance The comparativeanalysis between proposed HCSA and the existing Distributed Hash Table (DHT) regarding execution time computationaloverhead and auditing time with auditing requests and servers confirms the effectiveness of HCSA in the cloud security modelcreation

1 Introduction

Cloud computing intensifies the Information Technology(IT) architecture with the following advantages on-demandself-service resource elasticity and shared pool access Theobjective of cloud paradigm is to share the data computationsover the scalable network nodes namely user computerscloud services and data centers Several grades of services areavailable in the cloud architecture namely SoftwareAsA Ser-vice (SAAS) Platform As A Service (PAAS) and Infrastruc-tureAsA Service (IAAS) as shown in Figure 1 IAAS describesthe consumer ability to handle the provisional processing byusing conventional resources PAAS denotes the deploymentof consumer-created applications into the cloud structureSAAS defines the running process of providerrsquos applicationson the cloud structureThemovement of data to cloud raisedthe integrity challenges in the auditing process The cloudservices auditing assures the remote data integrity

The higher data burden consumesmore time Hence newmethods are required to reduce the burden ofmetadata in thecloud services for better security The data storage auditingsystem carries three modules namely owner auditor (ThirdParty Auditor (TPA)) and serverThe TPA audits the ownersand servers in the system model Several privacy-preservingdynamic audit service protocols govern the auditing processThe cloud services relying on the network infrastructuressuffer the various attacks such as replace forging and replyattacks that affect the security Key management schemessuch as symmetric (compact key pseudorandom functions)and asymmetric algorithms (RSA DES AES and Blowfish)are applied to a cloud computingmodel to ensure the security

The key length of the cryptographic mechanism shouldbe maintained for higher security that leads to more compu-tational workload The Elliptic Curve Cryptography (ECC)is applied to cloud service model to overcome the prob-lems of computational load and key length maintenance

Hindawi Publishing Corporatione Scientific World JournalVolume 2016 Article ID 4913015 8 pageshttpdxdoiorg10115520164913015

2 The Scientific World Journal

IAAS(network architect)

PAAS(developers)

SAAS(end users)

Visib

ility

of e

nd u

sers

Figure 1 Cloud services

The optimization of servers and the allocation of data cen-ters are achieved by a virtual machine (VM) based cloudcomputing The overloading effect of server moves the VMinto an energy model in which temperature based resourceutilization is performed to analyze the degree of overloadingeffect But the secure data transfer is an investigating processin an energy model

The blooming filter process in cloud computing improvesthe data security The system consists of three modulesnamely Aggregation and Distribution (AD) users andclouds The utilization of multiple ADs reduced the com-munication cost But the retrieval of matched files furtherimproves the reduction of cost in demand This paperaddresses the security problems in cloud computing anddiscusses the solution by ECC Initially a reconfigurationof the traditional ECC model with the new key generationmechanism to improve the security and reduce the executiontime is carried out Then blooming filter concept applica-tion in proposed ECC-based model removes the irrelevantresources from server to improve the auditing efficiency andmalicious activity prediction The proposed blooming filter-ECC-based model analyzes the performance parametersof execution time storage complexity and security whichconfirms the effectiveness

This paper is organized as follows Section 2 describes therelated works on cloud security model and auditing processSection 3 discusses the proposed Hybrid Cloud SecurityAlgorithm (HCSA) implementation Section 4 presents theperformance analysis of HCSA regarding security executiontime and storage complexity Finally Section 5 presents theconclusion

2 Related Work

This section discusses the traditional research works on theauditing process and addressed the security issues in thecloud service models Wang et al submitted the auditablecloud data storage to validate the data hosting on the networkarchitecture [1] The secure data hosting to the cloud wasaffected by the different identities of data owners and serversYang and Jia proposed an independent auditing servicefor host monitoring They suggested the auditing protocolrequirements and analyzed the existing auditing process on

the security and performance [2] The growth of cloud com-putingmodel depends upon the security challenges Kulkarniet al introduced the detailed analysis of security challengesin cloud computing system and the service delivery types[3] The outsourcing through the untrusted cloud leads toinsecure model Zhu et al constructed the dynamic auditservice based on the index hash table and fragment structuretechniques [4]The performance of services was improved bya probabilistic query and periodic verification The privacyvulnerabilities and online burden in fragmentation lead tothe security problem Wang et al proposed the secure cloudstorage system based on Privacy-Preserving Public Auditing(PPPA) [5] to reduce the vulnerabilities They extended theresults to offer simultaneous multiusers auditing Yang andJia designed an auditing framework for efficient cloud storagesystems based on PPPA [6] for dynamic operations of dataThe PPPA based cloud computing effectively reduced thecomputation cost of the audit The auditing services addressthe risk issues in data access

Li et al performed Attributes-Based Encryption (ABE)schemes on Personal Health Record (PHR) [7] file Theyfocused cloud computing model on three aspects namelymultiple data owner scenarios a division of the multipleusers into security domain and complexity reduction inkey management policies The encrypted data suffered fromthe multikeyword search problem in multisecurity domainCao et al solved the challenging problem of MultikeywordRanked Search Encryption (MRSE) [8] that improved theprivacy requirements Ryan briefly analyzed the issues relatedto secure cloud computing model creation The data sharingbetween the service providers based on symmetric keymanagement schemes is regarded as a core scientific problem[9]The data sharing in cloud storage depended on the factorssuch as security and flexibility Chu et al presented theaggregate cryptosystem [10] for data sharing The aggregatekey released by key holder according to flexible choice andthe other keys were kept confidential

Hwang et al separated the encryptiondecryption mech-anisms by using the Customer Relationship Management(CRM) [11] service CRMprovided suggestions formultipartyService Level Agreement (SLA) The security requirementswere specified by using CRM according to privacy issuesSuo et al discussed the processing groups of cloud servicemodel encryption communication security and protectionof sensor data [12] Jager et al extended the cloud servicemodel by considering the unrestricted attacks [13] to sealedcloud The data confidentiality was poor in sealed cloudwhich was improved by new Cipher cloud Kaur and Singhensured the data confidentiality by two encryption schemes[14] The data transfer between cloud server and client isencrypted and kept confidential in cipher cloud

Key Distribution Centers (KDC) distributed keys toboth the users and the cloud servers where a single keywas replaced by the multiple keys of the owners Rujet al proposed the Distributed Access Control in Cloud(DACC) algorithm [15] for KDC They applied Attribute-Based Encryption (ABE) by a pairing of elliptic curves Theunique KDC-based cloud computing inherited the securityissues The insolubility of mathematical problems in KDC

The Scientific World Journal 3

dealt with the new cryptography scheme termed as EllipticCurve Cryptography (ECC) Chakraborty et al presentedhomomorphic encryption scheme [16] based on ECC Fastdata access was performed by using the Merkle Hash Tree(MHT) at the server The data leakage problem was notconsidered in a homomorphic scheme Lee and Chen pre-sented the cloud aided computation with elliptic curve cryp-tosystems [17] to deal with the leakage problem They alsoprevented the active and passive attacks such as guessing andmodification attacks Cloud Service Providers (CSP) requiredupdating and scaling of data on remote servers Barsoum andHasan performed the data outsourcing from owner to CSPwith mutual trust between the CSPs by using outsourcingalgorithm [18] Chen et al proposed secure outsourcingalgorithm [19] to untrusted programmodels and achieved thesecure encryptions and signatures The energy consumptionwas more in traditional cloud computing processes

Goudarzi and Pedram utilized the virtual machine [20]and server consolidation in the data center to reduce theenergy consumption The resource requirement reducedsignificantly by using virtual machine model The dynamicallocation of data centers was an important et al presentedthe virtualization based system for optimization [21] Theyalso introduced the concept of skewness to measure thedissimilar items in themultidimensional resource utilizationThe deployment of virtual machine required computingresources Shiraz et al analyzed the effect of virtual machinedeployment [22] at the execution time The migration costof virtual machine altered in accordance with configurationsand workloads Liu et al predicted the performance ofmigration and the cost of energy quantitatively by hypervisorvirtual machine model [23] The hypervisor virtual machinemodel was evaluated on representative workloads The usageof resources was efficiently enhanced by deduplication tech-nique But deduplication suffered from security weaknessBlasco et al presented the solution based on bloom filter[24] for efficient deduplicationTheyprovided the descriptionabout bloom filter and compared the solution through secu-rity analysis by using extensive benchmarking setsThe searchtime of text in encrypted documents was more Pal et alreported the novel approach for storing the data in a remoteserver and the searching process in constant time withoutdegradation [25] The cloud security model analyzed by anenhanced bloomfilter with the EC-Schnorr based encryptionscheme is presented in this paper

3 Elliptic Curve Based Schnorr Model forCloud Security Improvement Using HCSA

This section presents the detailed description of the proposedHybrid Cloud Security Algorithm (HCSA) in the cloudsecurity model The flow diagram of the HCSA implementa-tion is shown in Figure 2 The workflow comprises variousprocesses such as system model threat model auditingsignature set creationverification and duplication removalto improve the security performance Initially the cloudsecuritymodel is created in two stages namely systemmodeland threat model Then the auditing process is performed

System model

Threat model

Auditing

Hybrid Cloud Security Algorithm (HCSA)

Elliptic Curve based Schnorr

Blooming filter

Security analysis

Figure 2 Flow diagram of proposed method

Third Party

Auditor

Owners Cloud server

Data

Generation of keys (2)

Request for

key (1)

Transfer of

key (3)

User key

privileg

e (5)Request

for k

ey

and att

ributes

(4)

Figure 3 System initialization

on the created models to address the various security issuesand attacks Then an Elliptic Curve-Schnorr scheme basedencryptiondecryption performed on cloud security modeland finally the application of the enhanced bloom filterconcept to EC-Schnorr result in that enhanced the securityperformance with less overhead and execution time

31 System Model The cloud security model contains threemodules namely data owners (cloudusers) cloud server andThird Party Auditors as shown in Figure 3 The cloud usersstore large amount of data in the cloud Initially the dataowners computes metadata of user data without consideringcryptographic keys Cloud server is monitored by CloudService Provider (CSP) which provides the data storage spaceand computation resources The capability of Third PartyAuditor (TPA) is to improve the reliability of cloud data


Owners Cloud server

Data

Generationof keys (2)

Request for

key (1)

Transfer of

key (3)

User key

privileg

e (5)Request

for k

ey

and att

ributes

(4)

Attacks

Third Party

Auditor

Figure 4 Threat model

storage The users dynamically interact with cloud server foraccessing and updating stored data in various applicationsThe computation resources and burden are reduced by ensur-ing the integrity of outsourced dataThe attacks introduced incloud server significantly affect the integrity

32 Threat Model The system model creation is based onthe consideration of the Third Party Auditor (TPA) to begenuine and mysterious Hence the privacy requirement forauditing protocol is necessary to create mysterious TPA Theassumption for creation of TPA is that none of the dataare leaked out during the auditing process But the attacksin threat model cause the data leakage The threat modelanalyzes the attacks in server as shown in Figure 4

The server in the cloud system model handles the threetypes of attacks namely replace reply and forge attacks

Replace AttackThe replacement of original metadata (119898119894 119905119894)

with the uncorrupted pair of data (119898119896 119905119896) denotes the replace

attack

Replay Attack The new proof generation from the existingwithout referring data originality introduces an attack calledreplay attack

Forge AttackThe enabling ofmetadata of user datamisguidesthe auditor leads to forge attack

33 Auditing The Third Party Auditor (TPA) monitors theintegrity and status of outsourced data The assumptions forauditing process are as follows

(1) TPA is reliable and independent(2) TPA evaluates and monitors the integrity and avail-

ability of delegated data on regular intervals(3) TPA supports the dynamic data operationsAuditing process is grouped into three processes namely

tag generation periodic sampling audit and dynamic oper-ations Initially tag generation process groups the 119899 blocksto generate the verification parameters and index hash valuesconstituted secret key 119878

119896 Random sampling audit process

accepts the retrieval proof in response to broadcast ofchallenges in random sampling as shown in Figure 5

Challenge

Proof

Cloud server

Third Party

Auditor

Figure 5 Auditing process

User application contained secret key 119878119896derived from

index hash table (IHT) update and outsourced file 119865

manipulations An outsource file consists of 119899 blocks of mes-sages 119898

1 1198982 119898

119899 and each block of 119898

119894grouped into 119904

sectors like 1198981198941 1198981198942 1198981198943 119898

119894119904 The tag pair of messages

119898119894contains signatures 120590

119894and secrets 119878 = 120591

1 1205912 120591

119904 The

convergence of 119904 blocks is estimated with the help of EllipticCurve-Schnorr algorithm

34 Hybrid Cloud Security Algorithm The auditing processin this paper is based on the Hybrid Cloud Security Algo-rithm (HCSA) and comprises two phases namely EllipticCurve based Schnorr Algorithm for signature proof cre-ationvalidation and blooming filter to avoid the duplicationentry Initially the message field and domain parametersare applied to Elliptic Curve based cloud security model tocreate Schnorr signature set Then generation and verifica-tion of proof carried were out based on Distributed HashTable (DHT) entries Finally blooming filter was applied toeliminate the multiple entries in DHT The outsourced file 119865

is represented by Weierstrassrsquos equation given as follows

1199102= 1199093+ 119886119909 + 119887 119886 119887 isin 119865 (1)

The EC- Schnorr based cryptography domain consists ofvarious parameters listed in Table 1 The proposed HCSA forcloud auditing process is as in Algorithm 1

The algorithm accepts public and private keys anddomain parameters (119901 119886 119887 119871 119899 ℎ) for key generation pro-cess The client in cloud security model generates public 119875

119896

and private keys 119878119896 The base point 119871 corresponding to the

field 119865 is chosen on elliptic curve 119864(119865) The pseudorandom


Input Outsource field (119865)Output Response of TPA (TRUE or FALSE) (119877)(1) Initialize domain parameters (119901 119886 119887 119871 119899 ℎ)(2) Begin(3) Choose a point in elliptic curve 119864(119865)(4) Select pseudorandom number as a secret key 119878

119896

(5) Public key 119875119896= 119878119896sdot 119871 Key pair generation

(6) Select the random number119870 within the range (1 le 119870 le 119899 minus 1)(7) Hash value of message blocks 119890

119894= 119867(119898

119894)

(8) Random point 119870119871 = (1199091 1199101)

(9) Calculate 120590 = 1199091(mod 119899)

(10) Calculate 120591 = 119870minus1(119890119894+ 119878119896120590) (mod 119899)

Signature set creation(17) Generate block tag for each block 119879

119894= (119890 sdot 119870119898119894 )

119878119896

(18) Client generates Index Hash Table (IHT) with server oriented parameters 119879119872 and AAI (Ω119894)

(19) Generate hash table IHT(20) Unique hash value119867(119898

119894) = record in index Hash Table (120594)

(21) 119878 = difference between existing and new entries in IHT(22) If (119878 = 0)(23) Update the hash value in table(24) Else(25) Goto step (20)(26) end Proof 119875(119879119872119867(119898

119894) Ω119894) generation

(27) Check 120590 isin 0 2119897 minus 1 and 120591 isin 1 2 119899 minus 1

(28) if (check = TRUE)(29) terminate the process(30) else(31) 119871new = [120591]119871 + [120590]119875

119896

(32) If (119871new = 0)(33) output = error(34) else(35) temp = OS2I(119867

119897(119898119894) FE2OS(119875

119896))

(36) if (temp == 120590)(37) 119903 = TRUE(38) else(39) 119903 = FALSE(40) end Proof verification(41) if (119903 = TRUE)(42) 119877 = blooming(message integer hash value)(43) else(44) Goto step (6)(45) end

Algorithm 1 Hybrid Cloud Security Algorithm

Table 1 ParametersParameters Description119901 Prime number119886 First coefficient in Weierstrassrsquos equation119887 Second coefficient in Weierstrassrsquos equation119871 Base point119899 Order of 119871ℎ Cofactor of 119871

number 119878119896within the range (1 le 119878

119896le 119899) is selected The

public key 119875119896is calculated from pseudorandom number 119878

119896

and base point 119871 by using the following equation

119875119896= 119878119896sdot 119871 (2)

Finally the key pair (119875119896 119878119896)were generated and they were

regarded as an output Then HCSA accepts public (119875119896) and

private key 119878119896 file block 119865 and selected point 119871 Random

number 119870 is generated within the ranges of (1 le 119870 le 119899 minus 1)The hash value for message blocks is generated by using thefollowing equation

119890119894= 119867 (119898

119894) (3)

The new point (1199091 1199101) with reference to base point (119909 119910)

and pseudorandom number (119870) is computed by using thefollowing equation

119870119871 = (1199091 1199101) (4)


The signature set (120590 120591) is calculated by using the followingequations

120590 = 1199091

120591 = 119870minus1

(119890119894+ 119878119896120590) (mod 119899)

(5)

The process of extracting the signature was iterativelydone until all the messages in outsourcing field were takenout

The algorithm generates the proof that contains a tagAuxiliary Authentication Information (AAI) and index hashtable coefficients 119867(119898

119894) as a proof The hash value is calcu-

lated by dividing the new entry by the length of the tableTheremainder is the required position to insert the new itemThehash value from the distributed table is utilized to generatethe proof The HCSA verifies the generated proof with theBoolean values of TRUE and FALSE The authenticatedmessage hash value authenticated public key and domainparameters are arranged as proof and then verify whetherthe generated signature is valid or notThe algorithm acceptsthe signature outputs (120590 120591) from SignGen Then the status(TRUE or FALSE) of signature set is identified by using thecondition 120590 isin 0 2

119897 minus 1 and 120591 isin 1 2 119899 minus 1The false report of validation terminates the process

Otherwise the new point is calculated according to followingequation

119871new = [120591] 119871 + [120590] 119875119896 (6)The process continued on the basis of 119871new The termina-

tion occurs for zero values of 119871new and the process continuedfor nonzero values of 119871newThen two processes such as OctetString to Integer (OS2I) and Finite Field Element to OctetSeries (FE2OS) are involved in the verification process TheOS2I and FE2OS of hash value and public key (119875

119896) are stored

in the temporary variable 119905119890119898119901 Finally the comparisonbetween 119905119890119898119901 and signature 120590 provides the status (TRUE orFALSE) of proof

35 Blooming Filter The probabilistic data structure to pre-dict the member in a set with minimum false positive ratesis referred to as blooming filter The use of large bit array inblooming filter concept efficiently reduced the false positiveprobability The bloom filter contains the positions of bitcorresponding to existing entries The logger generates the119870number of bit positions for each entry by hashing of 119899 timesand updates the data entry with new Accumulator Entry(AE) The outsourced message field 119865 = 119898

1 1198982 119898

119899

contained 119899 set of entries arranged into a membershipfunction (119872) of bit vector 119861 length 119899 The hash functions119867 = ℎ

1 ℎ2 ℎ

119899 with ℎ

119894 119909 rarr 1 119899 were computed

initially Then the filter coefficients are computed by allo-cation of 119899 bits to zero The algorithm for filter coefficientsprediction is shown in Algorithm 2

The testing of an element in the membership functionreturns the TRUE for the presence of an element and FALSEfor absence of element in membership The number ofhashing functions applied to determine the status of filter intesting phase significantly reduces the storage complexity andexecution time

InputMessage Field 119865 integer 119899 Hash function119867(119898119894)

Output TPA response(1) 119891 = allocate 119899 bits to zero(2) for each119898

119894in119872

(3) calculate hash value ℎ119894

(4) for each ℎ119894

(5) Compute 119891(ℎ119894(119898119894))

(6) if (119891(ℎ119894(119898119894)) = 1)

(7) response from TPA = FALSE(8) else(9) response from TPA = TRUE

Algorithm 2 Filter coefficient prediction

4 Performance Analysis

This section presents the performance analysis of the pro-posed Hybrid Cloud Security Algorithm (HCSA) regardingexecution time storage complexity and security The EllipticCurve based Schnorr signature generation and blooming fil-ter prediction enhanced the security performance comparedto Distributed Hash Table (DHT)

41 Storage Complexity The storage complexity of CloudService Provider (CSP) depends on outsourced data file 119865

and hash value CSP contains the outsourced data file 119865 =

1198981 1198982 119898

119899 data block tags119879 and random chosen point

119870 which are used to compute the digital signature denotedas hash value119867(119898

119894) The cost of storage 119862CSP and the storage

complexity 119878CSP are calculated by

119862CSP = |119865| + |119879| + |119870| +1003816100381610038161003816119867 (119898

119894)1003816100381610038161003816

119878CSP = 119878CSP (119899) (7)

Figure 6 depicts the auditing time variation with thenumber of auditing requests The total number of auditingrequests in our proposed model is 100 The DHT andproposed HCSA consume 1156 and 1090ms for minimumauditing requests handling Also they consume 958 and850ms for maximum auditing requests The comparisonshows the proposed HCSA algorithm offer 571 and 1127reduction forminimum andmaximum requests compared toexisting DHT due to the duplication elimination

42 Execution Time The execution time is the time requiredfrom challenge creation to proof verification The executiontime 119905exec of TPA depends upon various parameters namelytime for challenge creation (119905chall) 119870 pseudorandom permu-tations (119870times119905PSP)119870 pseudorandom functions (119870times119905PSF) timefor proof creation (119905pr) time for signature verification (119905very)and comparison time of proof (119905comp) in cloud server definedby

119905exec = 119905chall + 119870 times 119905PSP + 119870 times 119905PSF + 119905pr + 119905very + 119905comp (8)

Figure 7 depicts the execution time variation with num-ber of servers The total number of servers in our proposed


DHTHCSA

0

200

400

600

800

1000

1200

1400

Audi

ting

time (

ms)

40 60 80 10020Number of auditing requests

Figure 6 Auditing time versus number of auditing requests

DHTHCSA

0

500

1000

1500

2000

2500

Exec

utio

n tim

e (m

s)

10 20 30 405Number of servers

Figure 7 Execution time versus number of servers

model is 40 The DHT and proposed HCSA consume 1245and 1100ms for minimum servers Also they consume 2014and 1814ms formaximum serversThe comparison shows theproposed HCSA algorithm offers 1165 and 993 reductionfor minimum and maximum requests compared to existingDHT due to the ECC-based signature creation with theoptimized steps

43 Computational Overhead The computation overhead islesser than the DHT models Figure 8 depicts the computa-tion overhead with respect to the number of serversThe totalnumber of servers used in our proposedmodel is 40 For eachserver the computation overhead with HCSA is lower thanthe DHT model

The increase in number of servers gradually increasesthe computational overhead generally But the optimizationand duplication removal by using the proposed algorithmprovide lesser computational overhead for minimum (475)and maximum servers (2369) compared to existing DHT

0

01

02

03

04

05

06

07

08

Com

puta

tiona

l ove

rhea

d

DHTHCSA


Figure 8 Computational overhead versus number of servers

5 Conclusion

The proposed Hybrid Cloud Security Algorithm (HCSA)presented the solution to the problems in secure clouddata storage system modelling based on the combinationof Elliptic Curve based Schnorr (EC-Schnorr) scheme andblooming filter The efficiency of the system improved andthe storage complexity is reduced by removal of nonrelatedcontents and duplication The malicious activity predictionwas improved by using the proposed trust evaluation modelMoreover blooming filter concept applied to the securitymodel to avoid the cloud server The optimization in thecomputational steps by ECC signature set and the duplicationremoval by blooming filter in the proposed Hybrid CloudSecurity Algorithm (HCSA) effectively reduced the executiontime computational overhead and auditing time with thenumber of auditing requests and servers The comparativeanalysis between the HCSA-based model and DistributedHash Table (DHT) model confirmed the effectiveness ofproposed hybrid method of encryption schemes in cloudsecurity model creation

Conflict of Interests

The authors proclaim that there is no conflict of interestsconcerning the publication of this paper

References

[1] C Wang K Ren W Lou and J Li ldquoToward publicly auditablesecure cloud data storage servicesrdquo IEEE Network vol 24 no 4pp 19ndash24 2010

[2] K Yang and X Jia ldquoData storage auditing service in cloudcomputing challenges methods and opportunitiesrdquo WorldWide Web vol 15 no 4 pp 409ndash428 2012

[3] G Kulkarni J Gambhir T Patil and A Dongare ldquoA securityaspects in cloud computingrdquo in Proceedings of the 3rd Interna-tional Conference on Software Engineering and Service Science(ICSESS rsquo12) pp 547ndash550 IEEE Beijing China June 2012

[4] Y Zhu G-J Ahn H Hu S S Yau H G An and C-J HuldquoDynamic audit services for outsourced storages in cloudsrdquo


IEEE Transactions on Services Computing vol 6 no 2 pp 227ndash238 2013

[5] C Wang S S Chow Q Wang K Ren and W Lou ldquoPrivacy-preserving public auditing for secure cloud storagerdquo IEEETransactions on Computers vol 62 no 2 pp 362ndash375 2013

[6] K Yang and X Jia ldquoAn efficient and secure dynamic auditingprotocol for data storage in cloud computingrdquo IEEE Transac-tions on Parallel and Distributed Systems vol 24 no 9 pp 1717ndash1726 2013

[7] M Li S Yu Y Zheng K Ren andW Lou ldquoScalable and securesharing of personal health records in cloud computing usingattribute-based encryptionrdquo IEEE Transactions on Parallel andDistributed Systems vol 24 no 1 pp 131ndash143 2013

[8] N Cao C Wang M Li K Ren and W Lou ldquoPrivacy-preserving multi-keyword ranked search over encrypted clouddatardquo IEEETransactions onParallel andDistributed Systems vol25 pp 222ndash233 2014

[9] MD Ryan ldquoCloud computing security the scientific challengeand a survey of solutionsrdquo Journal of Systems and Software vol86 no 9 pp 2263ndash2268 2013

[10] C-K Chu S SM ChowW-G Tzeng J Zhou andRHDengldquoKey-aggregate cryptosystem for scalable data sharing in cloudstoragerdquo IEEE Transactions on Parallel and Distributed Systemsvol 25 no 2 pp 468ndash477 2014

[11] J-J Hwang H-K Chuang C-H Wu and Y-C Hsu ldquoA busi-nessmodel for cloud computing based on a separate encryptionand decryption servicerdquo in Proceedings of the InternationalConference on Information Science and Applications (ICISA rsquo11)pp 1ndash7 IEEE Jeju Island South Korean April 2011

[12] H Suo J Wan C Zou and J Liu ldquoSecurity in the internet ofthings a reviewrdquo in Proceedings of the International Conferenceon Computer Science and Electronics Engineering (ICCSEE rsquo12)pp 648ndash651 Hangzhou China March 2012

[13] H A Jager A Monitzer R Rieken E Ernst and K D NguyenldquoSealed cloudmdasha novel approach to safeguard against insiderattacksrdquo in Trusted Cloud Computing pp 15ndash34 SpringerInternational 2014

[14] M Kaur and R Singh ldquoImplementing encryption algorithmsto enhance data security of cloud in cloud computingrdquo Interna-tional Journal of Computer Applications vol 70 no 18 pp 16ndash212013

[15] S Ruj A Nayak and I Stojmenovic ldquoDACC distributed accesscontrol in cloudsrdquo in Proceedings of the IEEE 10th InternationalConference on Trust Security and Privacy in Computing andCommunications (TrustCom rsquo11) pp 91ndash98 Changsha ChinaNovember 2011

[16] T K Chakraborty A Dhami P Bansal and T Singh ldquoEnha-nced public auditability amp secure data storage in cloud com-putingrdquo in Proceedings of the 3rd IEEE International AdvanceComputing Conference (IACC rsquo13) pp 101ndash105 IEEE Ghazi-abad India February 2013

[17] N-Y Lee and Z-L Chen ldquoCloud server aided computation forelgamal elliptic curve cryptosystemrdquo in Proceedings of the IEEE37th Annual Computer Software and Applications ConferenceWorkshops (COMPSACW rsquo13) pp 11ndash15 Tokyo Japan July 2013

[18] A F Barsoum and A Hasan ldquoEnabling dynamic data andindirect mutual trust for cloud computing storage systemsrdquoIEEE Transactions on Parallel and Distributed Systems vol 24no 12 pp 2375ndash2385 2013

[19] X Chen J Li J Ma Q Tang and W Lou ldquoNew algorithmsfor secure outsourcing of modular exponentiationsrdquo IEEE

Transactions on Parallel and Distributed Systems vol 25 no 9pp 2386ndash2396 2014

[20] H Goudarzi andM Pedram ldquoEnergy-efficient virtual machinereplication and placement in a cloud computing systemrdquo inProceedings of the IEEE 5th International Conference on CloudComputing (CLOUD rsquo12) pp 750ndash757 IEEE Honolulu HawaiiUSA June 2012

[21] Z Xiao W Song and Q Chen ldquoDynamic resource allocationusing virtual machines for cloud computing environmentrdquoIEEE Transactions on Parallel and Distributed Systems vol 24no 6 pp 1107ndash1117 2013

[22] M Shiraz S Abolfazli Z Sanaei and A Gani ldquoA study onvirtual machine deployment for application outsourcing inmobile cloud computingrdquo The Journal of Supercomputing vol63 no 3 pp 946ndash964 2013

[23] H Liu H Jin C-Z Xu and X Liao ldquoPerformance andenergymodeling for livemigration of virtual machinesrdquoClusterComputing vol 16 no 2 pp 249ndash264 2013

[24] J Blasco R Di Pietro A Orfila and A Sorniotti ldquoA tunableproof of ownership scheme for deduplication using bloom fil-tersrdquo in Proceedings of the IEEE Conference on Communicationsand Network Security (CNS rsquo14) pp 481ndash489 San FranciscoCalif USA October 2014

[25] S K Pal P Sardana and A Sardana ldquoEfficient search onencrypted data using bloom filterrdquo in Proceedings of theInternational Conference on Computing for Sustainable GlobalDevelopment (INDIACom rsquo14) pp 412ndash416 IEEE New DelhiIndia March 2014

Submit your manuscripts athttpwwwhindawicom

Computer Games Technology

International Journal of

Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Distributed Sensor Networks


Advances in

FuzzySystems

Hindawi Publishing Corporationhttpwwwhindawicom

Volume 2014


ReconfigurableComputing

Hindawi Publishing Corporation httpwwwhindawicom Volume 2014


Applied Computational Intelligence and Soft Computing

thinspAdvancesthinspinthinsp

Artificial Intelligence

HindawithinspPublishingthinspCorporationhttpwwwhindawicom Volumethinsp2014

Advances inSoftware EngineeringHindawi Publishing Corporationhttpwwwhindawicom Volume 2014


Electrical and Computer Engineering

Journal of

Journal of

Computer Networks and Communications


Hindawi Publishing Corporation

httpwwwhindawicom Volume 2014

Advances in

Multimedia


Biomedical Imaging


ArtificialNeural Systems

Advances in


RoboticsJournal of



Computational Intelligence and Neuroscience

Industrial EngineeringJournal of


Modelling amp Simulation in EngineeringHindawi Publishing Corporation httpwwwhindawicom Volume 2014

The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014


Human-ComputerInteraction

Advances in

Computer EngineeringAdvances in



IAAS(network architect)

PAAS(developers)

SAAS(end users)

Visib

ility

of e

nd u

sers

Figure 1 Cloud services

The optimization of servers and the allocation of data cen-ters are achieved by a virtual machine (VM) based cloudcomputing The overloading effect of server moves the VMinto an energy model in which temperature based resourceutilization is performed to analyze the degree of overloadingeffect But the secure data transfer is an investigating processin an energy model

The blooming filter process in cloud computing improvesthe data security The system consists of three modulesnamely Aggregation and Distribution (AD) users andclouds The utilization of multiple ADs reduced the com-munication cost But the retrieval of matched files furtherimproves the reduction of cost in demand This paperaddresses the security problems in cloud computing anddiscusses the solution by ECC Initially a reconfigurationof the traditional ECC model with the new key generationmechanism to improve the security and reduce the executiontime is carried out Then blooming filter concept applica-tion in proposed ECC-based model removes the irrelevantresources from server to improve the auditing efficiency andmalicious activity prediction The proposed blooming filter-ECC-based model analyzes the performance parametersof execution time storage complexity and security whichconfirms the effectiveness

This paper is organized as follows Section 2 describes therelated works on cloud security model and auditing processSection 3 discusses the proposed Hybrid Cloud SecurityAlgorithm (HCSA) implementation Section 4 presents theperformance analysis of HCSA regarding security executiontime and storage complexity Finally Section 5 presents theconclusion

2 Related Work

This section discusses the traditional research works on theauditing process and addressed the security issues in thecloud service models Wang et al submitted the auditablecloud data storage to validate the data hosting on the networkarchitecture [1] The secure data hosting to the cloud wasaffected by the different identities of data owners and serversYang and Jia proposed an independent auditing servicefor host monitoring They suggested the auditing protocolrequirements and analyzed the existing auditing process on

the security and performance [2] The growth of cloud com-putingmodel depends upon the security challenges Kulkarniet al introduced the detailed analysis of security challengesin cloud computing system and the service delivery types[3] The outsourcing through the untrusted cloud leads toinsecure model Zhu et al constructed the dynamic auditservice based on the index hash table and fragment structuretechniques [4]The performance of services was improved bya probabilistic query and periodic verification The privacyvulnerabilities and online burden in fragmentation lead tothe security problem Wang et al proposed the secure cloudstorage system based on Privacy-Preserving Public Auditing(PPPA) [5] to reduce the vulnerabilities They extended theresults to offer simultaneous multiusers auditing Yang andJia designed an auditing framework for efficient cloud storagesystems based on PPPA [6] for dynamic operations of dataThe PPPA based cloud computing effectively reduced thecomputation cost of the audit The auditing services addressthe risk issues in data access

Li et al performed Attributes-Based Encryption (ABE)schemes on Personal Health Record (PHR) [7] file Theyfocused cloud computing model on three aspects namelymultiple data owner scenarios a division of the multipleusers into security domain and complexity reduction inkey management policies The encrypted data suffered fromthe multikeyword search problem in multisecurity domainCao et al solved the challenging problem of MultikeywordRanked Search Encryption (MRSE) [8] that improved theprivacy requirements Ryan briefly analyzed the issues relatedto secure cloud computing model creation The data sharingbetween the service providers based on symmetric keymanagement schemes is regarded as a core scientific problem[9]The data sharing in cloud storage depended on the factorssuch as security and flexibility Chu et al presented theaggregate cryptosystem [10] for data sharing The aggregatekey released by key holder according to flexible choice andthe other keys were kept confidential

Hwang et al separated the encryptiondecryption mech-anisms by using the Customer Relationship Management(CRM) [11] service CRMprovided suggestions formultipartyService Level Agreement (SLA) The security requirementswere specified by using CRM according to privacy issuesSuo et al discussed the processing groups of cloud servicemodel encryption communication security and protectionof sensor data [12] Jager et al extended the cloud servicemodel by considering the unrestricted attacks [13] to sealedcloud The data confidentiality was poor in sealed cloudwhich was improved by new Cipher cloud Kaur and Singhensured the data confidentiality by two encryption schemes[14] The data transfer between cloud server and client isencrypted and kept confidential in cipher cloud

Key Distribution Centers (KDC) distributed keys toboth the users and the cloud servers where a single keywas replaced by the multiple keys of the owners Rujet al proposed the Distributed Access Control in Cloud(DACC) algorithm [15] for KDC They applied Attribute-Based Encryption (ABE) by a pairing of elliptic curves Theunique KDC-based cloud computing inherited the securityissues The insolubility of mathematical problems in KDC






System model

Threat model

Auditing



Blooming filter

Security analysis


Third Party

Auditor

Owners Cloud server

Data


Request for

key (1)

Transfer of

key (3)

User key

privileg

e (5)Request

for k

ey

and att

ributes

(4)





Owners Cloud server

Data


Request for

key (1)

Transfer of

key (3)

User key

privileg

e (5)Request

for k

ey

and att

ributes

(4)

Attacks

Third Party

Auditor







attack









Challenge

Proof

Cloud server

Third Party

Auditor





1 1198982 119898



sectors like 1198981198941 1198981198942 1198981198943 119898



119894and secrets 119878 = 120591

1 1205912 120591

119904 The




1199102= 1199093+ 119886119909 + 119887 119886 119887 isin 119865 (1)



119896





119896



119894= 119867(119898

119894)

(8) Random point 119870119871 = (1199091 1199101)

(9) Calculate 120590 = 1199091(mod 119899)



119894= (119890 sdot 119870119898119894 )

119878119896








119896


119897(119898119894) FE2OS(119875

119896))







119896


119875119896= 119878119896sdot 119871 (2)





119890119894= 119867 (119898

119894) (3)



119870119871 = (1199091 1199101) (4)



120590 = 1199091

120591 = 119870minus1

(119890119894+ 119878119896120590) (mod 119899)

(5)









119896) are stored



1 1198982 119898

119899


1 ℎ2 ℎ

119899 with ℎ






119894in119872



(5) Compute 119891(ℎ119894(119898119894))

(6) if (119891(ℎ119894(119898119894)) = 1)







1198981 1198982 119898





119862CSP = |119865| + |119879| + |119870| +1003816100381610038161003816119867 (119898

119894)1003816100381610038161003816

119878CSP = 119878CSP (119899) (7)






DHTHCSA

0

200

400

600

800

1000

1200

1400

Audi

ting

time (

ms)



DHTHCSA

0

500

1000

1500

2000

2500

Exec

utio

n tim

e (m

s)






0

01

02

03

04

05

06

07

08

Com

puta

tiona

l ove

rhea

d

DHTHCSA



5 Conclusion




References




































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in








System model

Threat model

Auditing



Blooming filter

Security analysis


Third Party

Auditor

Owners Cloud server

Data


Request for

key (1)

Transfer of

key (3)

User key

privileg

e (5)Request

for k

ey

and att

ributes

(4)





Owners Cloud server

Data


Request for

key (1)

Transfer of

key (3)

User key

privileg

e (5)Request

for k

ey

and att

ributes

(4)

Attacks

Third Party

Auditor







attack









Challenge

Proof

Cloud server

Third Party

Auditor





1 1198982 119898



sectors like 1198981198941 1198981198942 1198981198943 119898



119894and secrets 119878 = 120591

1 1205912 120591

119904 The




1199102= 1199093+ 119886119909 + 119887 119886 119887 isin 119865 (1)



119896





119896



119894= 119867(119898

119894)

(8) Random point 119870119871 = (1199091 1199101)

(9) Calculate 120590 = 1199091(mod 119899)



119894= (119890 sdot 119870119898119894 )

119878119896








119896


119897(119898119894) FE2OS(119875

119896))







119896


119875119896= 119878119896sdot 119871 (2)





119890119894= 119867 (119898

119894) (3)



119870119871 = (1199091 1199101) (4)



120590 = 1199091

120591 = 119870minus1

(119890119894+ 119878119896120590) (mod 119899)

(5)









119896) are stored



1 1198982 119898

119899


1 ℎ2 ℎ

119899 with ℎ






119894in119872



(5) Compute 119891(ℎ119894(119898119894))

(6) if (119891(ℎ119894(119898119894)) = 1)







1198981 1198982 119898





119862CSP = |119865| + |119879| + |119870| +1003816100381610038161003816119867 (119898

119894)1003816100381610038161003816

119878CSP = 119878CSP (119899) (7)






DHTHCSA

0

200

400

600

800

1000

1200

1400

Audi

ting

time (

ms)



DHTHCSA

0

500

1000

1500

2000

2500

Exec

utio

n tim

e (m

s)






0

01

02

03

04

05

06

07

08

Com

puta

tiona

l ove

rhea

d

DHTHCSA



5 Conclusion




References




































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in




Owners Cloud server

Data


Request for

key (1)

Transfer of

key (3)

User key

privileg

e (5)Request

for k

ey

and att

ributes

(4)

Attacks

Third Party

Auditor







attack









Challenge

Proof

Cloud server

Third Party

Auditor





1 1198982 119898



sectors like 1198981198941 1198981198942 1198981198943 119898



119894and secrets 119878 = 120591

1 1205912 120591

119904 The




1199102= 1199093+ 119886119909 + 119887 119886 119887 isin 119865 (1)



119896





119896



119894= 119867(119898

119894)

(8) Random point 119870119871 = (1199091 1199101)

(9) Calculate 120590 = 1199091(mod 119899)



119894= (119890 sdot 119870119898119894 )

119878119896








119896


119897(119898119894) FE2OS(119875

119896))







119896


119875119896= 119878119896sdot 119871 (2)





119890119894= 119867 (119898

119894) (3)



119870119871 = (1199091 1199101) (4)



120590 = 1199091

120591 = 119870minus1

(119890119894+ 119878119896120590) (mod 119899)

(5)









119896) are stored



1 1198982 119898

119899


1 ℎ2 ℎ

119899 with ℎ






119894in119872



(5) Compute 119891(ℎ119894(119898119894))

(6) if (119891(ℎ119894(119898119894)) = 1)







1198981 1198982 119898





119862CSP = |119865| + |119879| + |119870| +1003816100381610038161003816119867 (119898

119894)1003816100381610038161003816

119878CSP = 119878CSP (119899) (7)






DHTHCSA

0

200

400

600

800

1000

1200

1400

Audi

ting

time (

ms)



DHTHCSA

0

500

1000

1500

2000

2500

Exec

utio

n tim

e (m

s)






0

01

02

03

04

05

06

07

08

Com

puta

tiona

l ove

rhea

d

DHTHCSA



5 Conclusion




References




































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in





119896



119894= 119867(119898

119894)

(8) Random point 119870119871 = (1199091 1199101)

(9) Calculate 120590 = 1199091(mod 119899)



119894= (119890 sdot 119870119898119894 )

119878119896








119896


119897(119898119894) FE2OS(119875

119896))







119896


119875119896= 119878119896sdot 119871 (2)





119890119894= 119867 (119898

119894) (3)



119870119871 = (1199091 1199101) (4)



120590 = 1199091

120591 = 119870minus1

(119890119894+ 119878119896120590) (mod 119899)

(5)









119896) are stored



1 1198982 119898

119899


1 ℎ2 ℎ

119899 with ℎ






119894in119872



(5) Compute 119891(ℎ119894(119898119894))

(6) if (119891(ℎ119894(119898119894)) = 1)







1198981 1198982 119898





119862CSP = |119865| + |119879| + |119870| +1003816100381610038161003816119867 (119898

119894)1003816100381610038161003816

119878CSP = 119878CSP (119899) (7)






DHTHCSA

0

200

400

600

800

1000

1200

1400

Audi

ting

time (

ms)



DHTHCSA

0

500

1000

1500

2000

2500

Exec

utio

n tim

e (m

s)






0

01

02

03

04

05

06

07

08

Com

puta

tiona

l ove

rhea

d

DHTHCSA



5 Conclusion




References




































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in





120590 = 1199091

120591 = 119870minus1

(119890119894+ 119878119896120590) (mod 119899)

(5)









119896) are stored



1 1198982 119898

119899


1 ℎ2 ℎ

119899 with ℎ






119894in119872



(5) Compute 119891(ℎ119894(119898119894))

(6) if (119891(ℎ119894(119898119894)) = 1)







1198981 1198982 119898





119862CSP = |119865| + |119879| + |119870| +1003816100381610038161003816119867 (119898

119894)1003816100381610038161003816

119878CSP = 119878CSP (119899) (7)






DHTHCSA

0

200

400

600

800

1000

1200

1400

Audi

ting

time (

ms)



DHTHCSA

0

500

1000

1500

2000

2500

Exec

utio

n tim

e (m

s)






0

01

02

03

04

05

06

07

08

Com

puta

tiona

l ove

rhea

d

DHTHCSA



5 Conclusion




References




































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in




DHTHCSA

0

200

400

600

800

1000

1200

1400

Audi

ting

time (

ms)



DHTHCSA

0

500

1000

1500

2000

2500

Exec

utio

n tim

e (m

s)






0

01

02

03

04

05

06

07

08

Com

puta

tiona

l ove

rhea

d

DHTHCSA



5 Conclusion




References




































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in


































Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in










Advances in

FuzzySystems


Volume 2014












Journal of

Journal of





Advances in

Multimedia


Biomedical Imaging



Advances in


RoboticsJournal of










Advances in



Documents

Research Article An Elliptic Curve Based Schnorr Cloud ...downloads.hindawi.com/journals/tswj/2016/4913015.pdf · An Elliptic Curve Based Schnorr Cloud Security Model in Distributed