Enhancing Data Security with Certificateless Signature Scheme in Cloud Computing

Transcription

1 International Journal of Computer Engineering and Applications, Special Edition ISSN Enhancing Data Security with Certificateless Signature Scheme in Cloud Computing Sonu Kumar 1, Megha Sinha 2 1 sonukkumar18@yahoo.com, 2 csemeghs@gmail.com 1,2 Department of Computer Science Engineering, RVSCET, Jamshedpur, India ABSTRACT: Evolution of cloud in the field of Information Technology gaining much popularity in today s world. With the increasing demands on services offered by cloud, security concerns in cloud computing also increased. Thus, to safeguard the data which are delivered to or by cloud we are proposing algorithm to provide security from various attacks. The idea behind to deploy certificates, signature scheme without pairing algorithm to provide an environment where data can be communicated in the secured manner in the cloud with less storage and provide better security than the previous one. This scheme also works with low bandwidth resources. Keywords: Certificateless Public Key Cryptography, Cloud Computing, Elliptic Curve Cryptography, Key Generation Centre (KGC), Digital Signature. 1. INTRODUCTION Cloud has simplified the way of managing things over the Internet. It is an Internet Technology which processes on shared network resources and provides data to computers and other devices on demand. It offers virtual data storage, which is managed by third party enterprise like Google (e.g. Google Drive), Microsoft (Sky Drive) etc. It allows users to use cloud resources without installation on their personal computers. It attracts customers due to its vast service characteristics like on-line storage, platforms, third party integration, offline Sonu Kumar and Megha Sinha 1

2 access, on-line collaboration, utility and application services. It solves the numerous problems of real-time domains like e-governance System, Scientific Research, Decision- Support Systems, Mobile Technology, Web Services and many more. Managing such a big amount of data can only be possible because of the cloud without comprising with efficiency. Since the users' data are stored in the cloud as pay per basis fashion, they got the overwhelmed facility to access data from any device irrespective of their place with the help of internet [1]. When the data are stored in clouds, there may be various security concerns are as follows: 1. Chances of unauthorized access as data are stored at multiple locations in the cloud. 2. In public cloud, chances of counterfeit of confidential data. As the resources of cloud are open to all. 3. Storage and Network sharing too many users gave the chances of access of other users' data. To secure these data various techniques are used in order to maintain data confidentiality and its integrity like encoding/decoding of the message send over the network, use of username and password for authentication purpose and preparing the authorization list who will be allowed to access those data. Even having login id and password is not sufficient to secure shared data in cloud which might be gained access by an intruder. 1.1 EXISTING TECHNOLOGY From the late 1977, DES algorithm has been implemented in cloud by the National Institute of Standards and Technology (NIST) to secure the user s data stored on distributed virtual server through the process of encryption/decryption. Till now onwards various algorithm has been proposed in order to secure the individual or user s data on cloud. To stop the vulnerabilities, hijacking, malicious insiders, etc., still the improvement is going on to secure data in cloud. Recently in 2013, Gharshi R. [2] proposed a system to implement elliptic curve cryptography (ECC) in place of RSA for encryption/decryption of data in the cloud. The idea behind to use ECC over RSA is that it provides a same level of security using smaller key size. Even encrypted data of the smaller size is achieved through ECC. In 2015, Shiralizadeh A. [3] proposed a hybrid encryption algorithm of RSA and SHA-1 hashing Sonu Kumar and Megha Sinha 2

3 techniques for cloud. However, the RSA has very slow key generation speed and combining with a SHA-1 hashing algorithm which have less computational speed make it much slower. Even SHA-1 has security vulnerabilities [4]. Thus, it can t be a fruitful algorithm for encryption of shared data in the cloud. 2. PROPOSED SYSTEM: CERTIFICATELESS SIGNATURE SCHEME WITHOUT PAIRINGS Many of the signature schemes rely on certificates of authenticity of user s identity. And use of the identity-based cryptography increases unnecessary computation, management and also increases the chances of forgery by the Key Generator Centre (KGC). To solve the keyescrow problem Al-Riyami and Paterson [6] proposed the Certificateless Signature Scheme based on elliptic curve cryptography. And we are using elliptic curve cryptography, which is based on public key encryption technique which tends to produce smaller, faster and efficient cryptographic keys. Since it is based on Certificateless Public Key Cryptography, thus there is no need to generate certificates of authenticity and thus using less storage and bandwidth in the process. In this Certificateless Public Key Cryptosystem, user s private key is not generated by the Key Generator Centre alone. It consists of combination of partial secret key generated by the KGC and some secret value generated by the user and thereby eliminates key escrow problem [7]. Another advantage of this algorithm is that its security constraints rely on the elliptic curve discrete logarithm problem to generate keys which is harder to forge rather than generating a large prime number as in the case of RSA algorithm. Algorithm: Let the elliptic curve is denoted as E over finite field F P where p stands for large prime number greater than 3, defined by the equation [8-10]: y 2 = (x 3 + ax + b) mod p and also follows the discriminant equation: Δ = 4a b 2 0. Let G be a cyclic additive group and P, Q belongs to G. Suppose a line containing P and Q and R is the point of intersection of line P and Q, then under the cyclic additive group + R = P + Q. And scalar multiplication over finite field F p can be defined as: Sonu Kumar and Megha Sinha 3

4 tp = P + P + P P (t times) where P belongs to group G. The Certificateless Signature Scheme without pairings consists of seven steps as follows: (I) Setup: The KGC follows certain steps to generate master key and security parameters are as follows: (1) Choose a random generator P over group G having elliptic curve equation, E. (2) KGC selects master private key x and calculates its public key as P pub = x P. (3) KGC chooses two secure hash functions as: H 1 : {0, 1} * G G Zn * and H 2 : {0, 1} * G G G Zn *. (4) KGC publishes public parameters = {E, F p, G, P pub, H 1, H 2 } (II) Set-Secret Value: The user selects its secret key based on identity ID as x ID and computes its public key as P ID =x ID P (III) Partial-Private-Key Generation: In this part, the KGC will create a user s private key for the users from master key and user secret key as follows: (1) KGC chooses r ID ϵ Z * n and determines R ID = r ID P and h ID = H 1 (R ID, P ID, ID). (2) KGC finds the value of s ID = r ID + h ID x mod n and transfers (s ID, R ID ) to the users via secure channel. This partial-private key is only valid, if it satisfies the following conditions: s ID P = R ID + h ID P (IV) Set-Private Key: The user with identical ID will have the pair (x ID, s ID ) as a private key. (V) Set-Public Key: The user with identical ID will have the pair (P ID,R ID ) as a public key. Sonu Kumar and Megha Sinha 4

5 (VI) Sign: On receiving the message m, user s private key pair (x ID, s ID ) and system parameters, it returns the signature of message m by following several steps as follows: (1) Choose the value of l ϵ Z * n at random and finds the value of R = l P. (2) Calculate h = H 2 (m, P ID, R ID, R). (3) Determine whether the equation gcd(l + h, n) == 1. Then go to step 4 otherwise go to step 1. (4) Determine s = (l + h) -1 (x ID + s ID ) mod n. (5) Resulting signature formed is (R, s). (VII) Verify: To verify the correctness of signature for message m, the verifier computes h ID = H 1 (P ID, R ID, ID), h = H 2 (m, ID, R, P ID, R ID ) and then verifies whether, s (R + h P) = P ID + R ID + h ID P pub If it is equal, accept the signature, otherwise reject it. Because Because R = l P, s ID = r ID + h ID x mod n and s = (l + h) -1 (x ID + s ID ) mod n, we have, S (R + h P) = (l + h) -1 (x ID + s ID ) (l P + h P) = (l + h) -1 (x ID + s ID ) (l + h) P = (x ID + s ID ) P = x ID P + s ID P = P ID + R ID + h ID P pub. Thus, the correctness of this scheme is proved. 3. Conclusion: Use of the Certificateless Elliptic Curve Cryptography is the need of today s technology in order to reduce the consumption of power bandwidth, minimum cost, less storage and higher security with the use of smaller key size. This scheme eliminates the need of certificates in key distribution. The Key Escrow problem that occurs in Identity-based cryptography has been solved due to the usage of Partial-Private-Key distribution. Due to use of Partial Private Key concept, no breaching of Private Key is possible and thus increased efficiency and reduces the overall cost in transferring data. For the long term session and low power requirements, Certificateless Signature Scheme would be proved much fruitful and can be deployed with much sustainable security. Sonu Kumar and Megha Sinha 5

6 REFERENCES [1] Srinivasan A., Quadir Mohammad A., Kumar V. (2015), Era of Cloud Computing: A New Insight to Hybrid Cloud, 2 nd Int. Symposium on Big Data and Cloud Computing, pp [2] Gharshi R., Suresha (2013), Enhancing Security in Cloud Storage using ECC Algorithm, Int. J. of Science and Research, Volume 2 Issue 7, pp [3] Shiralizadeh Aysan, Hatamlou Abdulreza, Masdari Md. (2015), Presenting a new data security solution in Cloud Computing, Journal of Scientific Research and Development, pp [4] Boyles Tim, Hashing Algorithms. In: Text Book of CCNA Security. Indiana: Wiley Publishers; 2010, pp [5] Groves M. (2012), Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption, Internet Engineering Task Force. [6] Al-Riyami, Paterson KG (2003), Certificateless public key cryptography, Int. J. of Communication Systems, pp [7] Debiao H., Jianhua C., Rui Z.(2011), Efficient and provable secure certificateless signature scheme without bilinear pairings, Int. J. of Communication Systems. [8] He D., Chen J., Zhang R.(2012), An efficient and provable-secure certificateless signature scheme without pairings, Int. J. of Communication Systems, pp [9] Tian M., Huang L. (2012), Cryptanalysis of a certficateless signature scheme without pairings, Int. J. of Communication Systems. [10] Gong P., Li P. (2012), Further improvement of a Certificateless signature scheme without pairing, Int. J. of Communication Systems. Sonu Kumar and Megha Sinha 6

7 Sonu Kumar and Megha Sinha 7