^{1}

^{*}

^{2}

Data outsourcing through cloud storage enable s the users to share on-demand resources with cost effective IT services but several security issues arise like confidentiality, integrity and authentication. Each of them plays an important role in the successful achievement of the other. In cloud computing data integrity assurance is one of the major challenges because the user has no control over the security mechanism to protect the data. Data integrity insures that data received are the same as data stored. It is a result of data security but data integrity refers to validity and accuracy of data rather than protect the data. Data security refers to protection of data against unauthorized access, modification or corruption and it is necessary to ensure data integrity. This paper propose d a new approach using Matrix Dialing Method in block level to enhance the performance of both data integrity and data security without using Third Party Auditor (TPA). In this approach, the data are partitioned into number of blocks and each block converted into a square matrix. Determinant factor of each matrix is generated dynamically to ensure data integrity. This model also implements a combination of AES algorithm and SHA-1 algorithm for digital signature generation. Data coloring on digital signature is applied to ensure data security with better performance. The performance analysis using cloud simulator shows that the proposed scheme is highly efficient and secure as it overcomes the limitations of previous approaches of data security using encryption and decryption algorithms and data integrity assurance using TPA due to server computation time and accuracy.

Cloud computing is a modern computing paradigm in which scalable resources are shared dynamically as various services over the internet [

The proposed technique is based on the Determinant Factor (DF) approach to enhance both data integrity and security which involves the following steps:

Before transmitting the series of data, it is divided into N-matrices, where N is given by:

where (d × d) is the number of elements per matrix. The determinant factor of each matrix is computed and appended with the data. At retrieving stage, it is compared with the determinant factor of the sender’s data for data integrity assurance. But it is observed that there is one defect with this method. The DF is zero if any one of the rows is proportional to another row; the same is true for columns. Also, the DF does not change if some of the rows or some of the columns are interchanged. In addition, the DF is zero if any single row or column has zero values only. In order to alleviate this problem, a new technique is performed as given below: For each element of the matrix is reconstructed using matrix dialing method to formalize the original data matrix into a new matrix [

Then encrypted digital signature for each determinant factor is generated using the combination of SHA-1 and AES algorithms. Finally, data coloring is applied on each digital signature before transmission or storing the data on cloud to enhance data security. At the receiver side, both determinants are recomputed again and also degenerate the Message Digest then compared with the sender’s values. If there is a match, it ensures that there is no modification in the given data during the transmission otherwise particular block of data is to be violated. The results of the proposed system shows that block based matrix dialing method outperforms than other data integrity checking methods and also provides data privacy for securing the data from unauthorized users.

Steps involved in Block based determinant approach is given below:

Sender’s End

1) Data is taken as a string format. Each string is converted as bytes and the number of bytes that constitute a block is decided. Next bytes will be added and divided into number of blocks.

2) Convert each block of data into square matrix.

3) Find Determinant Factor (DF) for each matrix.

4) Construct a new matrix using Block Based Matrix Dialing Rotational method to ensure DF is not Zero.

5) Find DF for the matrix constructed in Step 4.

6) Generate Hash value is known as Message Digest using SHA-1for each DF calculated in Step 5.

7) Encrypt this Hash value using AES algorithm to generate Digital Signature.

8) Apply data coloring on each digital signature generated in the Step 7.

9) Store the colored data into cloud storage.

Receiver’s End

1) Regenerate the colors from the colored data.

2) Decrypt the Message Digest.

3) Reconstruct the new matrix.

4) Calculate DF for the matrix constructed in Step 3.

5) Reconstruct the new matrix and calculate DF.

6) Compare the results obtained in steps 1, 2, 4, 5 respectively of Receiver’s End with 8, 6, 5 and 3 of Sender’s End.

7) If the results are same in all the steps mentioned in Step 6, then this ensures data integrity otherwise integrity of data is not attained i.e., a particular block of data has been violated i.e. modified the given data by unauthorized users.

Steps 6, 7 of sender side and also Step 2 of receiver side is explained in detailed as given below:

Signed and Encryption

1) Sender sends a message as DF

2) Calculate Digest

Digest = [Message]_{hash}._{ }

3) Sign the Digest

Message + [Digest]k_{pri} + k_{pub}._{ }

4) Encrypt with Symmetric key

[Message + [Digest]k_{pri} + k_{pub} + k_{sym}._{ }

5) Send signed and encrypted message to Recipient.

Here Steps 1), 2) and 3) are for Signature generation and Step 4) for encryption (AES algorithm).

Decrypt and Verifying message

1) [Message + [Digest]k_{pri} + k_{pub}_{]} + [k_{sym}].

2) Decrypt K_{sym} with receivers private key [Message + [Digest]k_{pri} + k_{pub}_{]} + k_{sym}._{ }

3) Decrypt Digest using Public key and also evaluate the Digest

Digest = [Message]_{Hash}._{ }

4) Compare these two Digests.

If two digests viz., actual and expected digests are equal then the signature is verified. Here Steps 1, 2 and 3 are for Decryption and Step 4 for Verification.

The following steps are involved to generate encrypted digital signature; it described by

Step 1. The document will be crunched into fixed few lines by using SHA-1 algorithm to generate Message digest.

Step 2. At Sender side encrypt the message digest using its public key to generate digital signature.

Step 3. At Receiver side decrypt the message using their own private key.

Step 4. Regenerate the Message Digest.

Step 5. Finally the Signature is verified using Sender’s public key.

Message digest function also called as hash function used to generate digital signature of the data which is known as message digest. SHA-1 algorithm is used to implement integrity of the message which produce message digest of size 128 bits. These are mathematical functions that process information to produce different message digest for each unique message. It processes the message and generates 128 bits message digest. The AES algorithm consists of the following steps and also it described by

Step 1: Add Padding to the end of the genuine message length is 64 bits and multiple of 512.

Step 2: Appending length. In this step the excluding length is calculated.

Step 3: Divide the input into 512-bit blocks. In this step the input is divided into 512 bit blocks.

Step 4: Initialize chaining variables. In this step chaining variables are initialized. In the proposed method 5 chaining variables are initialized each of size 32 bits giving a total of 160 bits.

Step 5: Process Blocksie., Copy the chaining variables, Divide the 512 into 16 sub blocks, Process 4 rounds of 20 steps each.

Step 6: Output Generation.

Further this algorithm is divided into 5 steps: Key Generation, Digital Signing, Encryption, Decryption and Signature Verification are discussed as below:

Step 1: Key Generation

Different combinations of key size such as 128, 192 or 256 bits are used. To perform the AES algorithm, round keys must be generated from the user provided key. The Key Schedule of this algorithm provides 33 128-bit keys to be mixed with the text blocks during the Round function of the algorithm. First create 8 32-bit pre keys using the key provided by the user. The user’s key is split every 32 bits to do this and then generate 132 intermediate keys using the following reoccurrence: for i from 0 to 131. The 33 round keys are generated from these intermediate keys by running through the S-Boxes and combining them into 128-bit blocks.

Step 2: Digital Signing

Generate message digest of the document to be send by using SHA-1 algorithm.

The digest is represented as an integer m.

Digital signature S is generated using the private key (n, d).

S = md mod n.

Sender sends this signature S to the recipient.

Step 3: Encryption

Sender represents the plain text message as a positive integer m.

It converts the message into encrypted form using the receiver’s public key (e, n).

C = me mod n

Sender sends this encrypted message to the recipient. Here, n is the modulus and e is the encryption exponent.

Step 4: Decryption

Recipient does the following operation:

Using his private key (n, d), it converts the cipher text to plain text “m”.

M = Cd mod n

where d is the secret exponent or decryption exponent.

Step 5: Signature Verification

Receiver does the followings to verify the signature:

An integer V is generated using the sender’s public key (n, e) and signature S.

V = Se mod n

It extracts the message digest M1, from the integer V using the same SHA-1 algorithm. It computes the message digest M2 from the signature S. If both the message digests are identical i.e. M1 = M2, then signature is valid.

The block diagram for generating color coding is shown in

Each user is specified by a color that helps to protect and also avoids the manipulation of original data.

to cope with the colored drops and revert Ex, En, and He, as illustrated in Algorithm 2.

Algorithm 1: Forward cloud generator

Step 1: Generate a normally distributed random number

Step 2: Generate a normally distributed random number

Step 3:

Step 4:

Step 5: Repeat Steps 1 to 4, and generate drops.

Algorithm 2: Reverse cloud generator

Step 1: Calculate mean

Step 2:

Step 3:

Step 4:

Ex is provided by data owner; En and He are produced by negotiation of data owner and service provider. Each cloud user is provided with a value called expected value which is known only to the user. The negotiated values with the CSPs are Entropy which is unique for all users in the particular group sharing the data in the cloud. Hyperentropy is the value which is common to all the group users of the data. Then, a lot of cloud drops will be formed by forward cloud generator (see Algorithm 1) and are used to color the user data. When the data are used, the cloud drops are extracted from colored data Ex0, En0, and He0 will be produced by reverse cloud generator (see Algorithm 2). Final color matching which indicates data is not modified by others. Data owner and storage service provider negotiate together to select En and He, just like the key. Ex, En, and He are three mathematical characters. En and He can be used to transform a certain print to uncertain print drops.

Data size (KB) | Time (Sec) |
---|---|

10 | 2 |

25 | 3 |

30 | 4 |

40 | 5 |

50 | 6 |

60 | 7 |

70 | 8 |

80 | 9 |

Data size (KB) | Time (Sec) |
---|---|

10 | 3 |

20 | 4 |

30 | 4.5 |

40 | 5 |

50 | 5.5 |

60 | 6 |

70 | 6.5 |

80 | 7 |

Data size (KB) | Time (Sec) |
---|---|

5 | 2 |

13 | 7 |

18 | 8.3 |

24 | 10.1 |

30 | 13.3 |

Data size (KB) | Start time (Sec) | Finish time (Sec) | Execution time (Sec) = (finish time − start time) |
---|---|---|---|

5 | 5 | 7 | 2 |

10 | 5 | 7 | 2 |

15 | 10 | 13 | 3 |

20 | 15 | 18 | 3 |

25 | 20 | 23 | 3 |

30 | 20 | 23 | 3 |

35 | 24 | 27 | 3 |

40 | 25 | 28 | 3 |

45 | 30 | 33 | 3 |

50 | 30 | 34 | 4 |

Data size (MB) | Time (Sec) | CPU (MIPS) | RAM (MB) |
---|---|---|---|

10 | 5 | 52 | 8 |

20 | 10 | 54 | 7 |

30 | 15 | 60 | 6 |

40 | 20 | 62 | 8 |

50 | 25 | 64 | 8 |

60 | 30 | 69 | 8 |

70 | 35 | 72 | 7 |

80 | 40 | 75 | 8 |

90 | 45 | 77 | 7 |

100 | 50 | 79 | 8 |

Data size (bytes) | Actual No. of blocks of errors | No. of blocks of errors detected by the proposed method | Accuracy of proposed method (%) |
---|---|---|---|

10000 | 08 | 08 | 100 |

15000 | 10 | 09 | 99.91 |

20000 | 12 | 12 | 100 |

22000 | 14 | 13 | 99.91 |

30000 | 17 | 15 | 99.66 |

33000 | 19 | 19 | 100 |

Data size (KB) | Time (Sec) | Encrypted size (KB) | Throughput |
---|---|---|---|

10 | 2 | 7.5 | 3.75 |

20 | 3 | 15 | 5 |

30 | 4 | 22.5 | 5.62 |

40 | 5 | 30 | 6 |

50 | 6 | 37.5 | 6.25 |

60 | 7 | 45 | 6.42 |

70 | 8 | 52.5 | 6.56 |

80 | 9 | 60 | 6.66 |

Data size (KB) | AES (Sec) | Two Fish (Sec) | Serpent (Sec) |
---|---|---|---|

50 | 5.5 | 5 | 5.9 |

100 | 9.5 | 10 | 10.5 |

500 | 15 | 15.4 | 16 |

1024 | 21.5 | 22.3 | 23 |

5120 | 27 | 26.5 | 28 |

Data size (KB) | AES (Sec) | Two Fish (Sec) | Serpent (Sec) |
---|---|---|---|

50 | 6 | 7 | 6.2 |

100 | 8 | 9 | 8.5 |

500 | 14 | 14.5 | 14.3 |

1024 | 19 | 22 | 21.5 |

5120 | 25 | 26 | 25.5 |

Data size (KB) | AES (Sec) | Two Fish (Sec) | Serpent (Sec) |
---|---|---|---|

50 | 4 | 6 | 7 |

100 | 4.5 | 7 | 7.2 |

500 | 6.5 | 8 | 8.3 |

1024 | 10 | 11.5 | 11.9 |

5120 | 13 | 14.3 | 15 |

Data size (KB) | AES (output bytes) | Two Fish (output bytes) | Serpent (output bytes) |
---|---|---|---|

70 | 132,082 | 146,022 | 160,030 |

80 | 132,082 | 146,022 | 160,030 |

95 | 132,082 | 146,022 | 160,030 |

105 | 132,082 | 146,022 | 160,030 |

115 | 132,082 | 146,022 | 160,030 |

120 | 132,082 | 146,022 | 160,030 |

130 | 132,082 | 146,022 | 160,030 |

decryption time and execution time. The two main characteristics of a good encryption algorithm are: Security and Speed. In this paper, analyze security V/s performance of three algorithms Two Fish, Serpent and AES based on the experimental results using cloud simulator.

The performance are evaluated based on the parameters viz., Execution Time, Incryp- tion Time, Decryption Time and Output Bytes. The encryption time is also used to calculate the throughput of an encryption scheme, calculated as the total plaintext in byes encrypted divided by the encryption time. Comparison, analysis of the results of various algorithms are performed. The Experimental result for Encryption, Decryption and Execution algorithm AES, Two fish and Serpent are shown in Tables 8-10 which shows the comparison of three algorithm AES, Two fish and Serpent using same text file for five experiment, output byte for AES, Two fish and Serpent is same for different sizes of files. By analyzing

This paper presents a new technique for enhancing data security through improving data integrity violation checking over the cloud storage without using TPA. In the proposed technique, the data are divided into blocks, where each block is arranged into square matrix. An element in this matrix is arranged into a new form using Matrix Dialing method which leads to memory saving through bits reduction and also to enhance accuracy of data. Also digital signature is applied on each determinant factor to enhance data integrity assurance. This model also uses data coloring on encrypted digital signature to enhance the data security which helps the user to verify and examine the data from unauthorized people who manipulate the data in the cloud storage. In this method accuracy is maintained at satisfied level by rearranging the data two times via original matrix and its corresponding Dialing method Rotational matrix. Though it requires more computation time it provides good level of accuracy and security of data. Thus, here it tries to provide a new insight to improve the cloud storage security through detection of data integrity violations in block level during storing or transmission. Encryption algorithm plays an important role in data security where encryption time, memory usages and output byte are the major issue of concern. The selected encryption AES, Two Fish and Serpent algorithms are used for performance evaluation. Based on the text files used and the experimental result it was concluded that AES algorithm consumes least encryption time and least memory usage. Serpent algorithm consumes longest encryption time and memory usage is also very high but output byte is least. The simulation results show that the new method gives better results compared to the Two Fish and Serpent algorithms and has resolved all of their deficiencies that go along with data integrity assurance methods towards data security. The performance measures viz., better encryption/decryption time and also computation time, memory utilization, and quicker detection of violation are considered. In future work this proposed model can be implemented for conducting more experiments using various algorithms and methods in cloud computing on other types of data like image, sound and multimedia data and test the performance of the proposed approach. The focus will improve encryption time and less memory usage.

Premkumar, P. and Shanthi, D. (2016) Block Level Data Integrity Assurance Using Matrix Dialing Method towards High Performance Data Security on Cloud Storage. Circuits and Systems, 7, 3626- 3644. http://dx.doi.org/10.4236/cs.2016.711307