Keywords

1 Introduction

Presently, cloud computing is the latest trend in IT sector. The Internet has been graphically derived by cloud symbol since many years. Cloud shows that the data are transferred over the Internet in a computer network. Computing is processed to utilize computer network to perform our task, and it can be done by hardware device–software device. Computing is done by people every day in the life like to perform calculation automatically, transfer a data, sending a mail, swapping credit card, etc. Cloud computing allows us to access online software application, data storage, and processing power of system at anytime and anywhere. Thus, the name cloud computing is inspired by the symbol of the cloud where the computing will happen over the Internet.

The US National Institute of Standards and Technology (NIST) [1] defines cloud computing as follows: ‘cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction’ [2]. Cloud computing supports the organization to increase their capacity remotely without creating own infrastructure, platform, purchasing new licensed software that is required for automation of various processes [3].

Cloud is a platform where the user can store the data and use the resources virtually. Cloud allows the user to pay for whatever resources they use, and the user can expand and scale down the resources according to needs. Cloud allows client to access different services using different service delivery model: infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS) [4], and deployment model—private cloud, public cloud, and hybrid cloud [5].

Cloud support several essential characteristics like on-demand self-service, broad network access, rapid elasticity, resource pooling, and measured services to the user. One of the biggest challenges in cloud computing is data security because data transfer process and data storage process are happening through the Internet. So, it is difficult to secure our data and resource against an unauthorized person, masquerade, and eavesdropper. There are several security issues that occur in cloud computing like physical security lost because we do not know where the resource runs. Data integrity is lost because common standard to ensure data integrity does not exist [6]. There are several security algorithm available to prevent the data security while accessing Web in cloud computing. Detail description of preventing techniques is mentioned below.

2 Literature Review

Dimitrios et al. study cloud security in depth in 2012 [7]. The authors proposed security solution by using trusted third party. The solution is based on single sign-on (SSO) mechanisms and the lightweight directory access protocol (LDAP) [8] that is cryptography specifically in public-key infrastructure. This is to make sure the security proposed solution consists of using cryptography to ensure confidentiality and integrity of involved data. However, it does not recognize which encryption algorithms used. But, this solution does not recognize the encryption algorithm to be used.

Cunsolo et al. in 2009 [9] came up with mechanism that protected data in distributed systems such as grid, cloud, and autonomic. In this paper, author implements the techniques using symmetric and asymmetric algorithm. The limitation of this technique is that the concept of sharing resources is contradicted because data access was done by owner only in the cloud environment.

Hashizume et al. [10] classified different cloud service models (SaaS, PaaS, and IaaS) to solve security issues. The relation between cloud layers and the common threats shows the main vulnerabilities in cloud computing. The solution of splitting some available countermeasures is a technical implementation, which is not covered in this study.

Rahmani et al. [11] implemented a new technique, encryption as a service (EaaS), as a solution based on XaaS concept for cryptography in cloud computing. The security risks and the inefficiency of cloud provider’s encryption and of client-side encryption can be prevented by this solution, respectively. Moreover, this solution does not show a comparative study of cryptographic algorithms that can be integrated.

The performances of cryptographic algorithms in cloud platform are evaluated using symmetric and asymmetric algorithms by the Mohammad et al. [12]. Different encryption techniques which are based on key size, the performance, and the size of the output file are discussed in this paper. The distribution of encryption keys in a secure way is not proposed, but it proposed AES algorithm to encrypt data for more security.

In [7] paper, secure cloud architecture using cryptography was first proposed by this D. Zissis. For cloud storage, they proposed to use cryptographic algorithms [11, 13]. But, they do not specify which algorithm is recommended to encrypt data and how to distribute cryptographic keys while maintaining adequacy with cloud characteristics. So these solutions remain incomplete.

In [2], Belguith proposed a new lightweight cryptographic algorithm which is the combination of AES as public-key algorithm to encrypt data and RSA as public–private-key algorithm to distribute keys. During conserving the rights of users to access data by a secured and authorized way, this combination helps to benefit from the efficient security of asymmetric encryption and the rapid performance of symmetric encryption.

3 Cryptographic Techniques

  1. (a)

    Data Encryption Standard (DES)

    DES is proposed by NIST in 1977. DES is block cipher and follows 16-round Feistel cipher structure. DES is based on symmetric key where the same key is used for encryption and decryption. This algorithm support 64-bit plaintext and 56-bit key value. First 64-bit plaintext value goes through the initial permutation (IP) stage which reorders the bits and generates permuted input. After initial permutation your 64-bits input value divided into two halves of 32-bits [14].

In key generation process, the function will ignore every 8-bit from original 64-bit key value and generate 56-bit key from 64-bit key. Those 8-bit key value is further used as parity bits in DES algorithm; 56-bit key value is further divided into two halves of 28 bits, and individual value will rotate 1 or 2 bits by circular left shift register. In next step, 56-bit key value passes to the permutation that produces final 48-bit key. Now, right halves of 32-bit plaintext value pass through expansion permutation where you bits will expand from 32 bits to 48 bits. These 48-bit plaintext and 48-bit key value will be XORed and substituted into 32-bit plaintext by S-box.

Final 32-bit plaintext value passes from permutation P-box and XOR with left halves of 32-bit plaintext. This process will do till 16 rounds, and 48-bit key value will be changed at each round. The heart of this algorithm is an inner function which includes expansion, substitution, and permutation process.

DES is less secure algorithm because it supports 56-bits key that is too short. It is vulnerable to brute-force attack.

  1. (b)

    Triple DES (3DES)

    Triple DES is similar to DES, but it includes three stages of encryption and decryption with two different keys k1 and k2. First, plaintext will be encrypted by k1 key; then, plaintext will be decrypted by k2 key, and at last, it will gain encrypted by k1 key. Triple DES overcomes the security problems of DES. To crack DES through brute-force attacks, 2^112 operation is required, so it is still be secure.

  2. (c)

    Advanced Encryption Standard (AES)

    AES is developed by two people Joan Daeman and Vincent Rijmen in 2000 which is also called Rijndael cipher. AES is extended of DES and published by NIST in 2001 [15]. It is block cipher and supports 128-bit block as plaintext. Except DES, AES supports three key sizes—128, 192, or 256 bits. It is a symmetric key cryptography, which supports both confusion and diffusion. On base of key value, it works on three rounds—10, 12, or 14. In symmetric key cryptography (AES), 128-bit plaintext passes through different four stages in one round as shown below.

    1. 1.

      Substitution bytes: AES uses 16 × 16 matric of byte values, called as S-box to perform a byte-by-byte substitution [16]. This S-box contains permutation of all possible 256 8-bit values. 128-bit plaintext value is divided into 16 blocks of 8 bits. The leftmost 4 bits are considered as row value, and rightmost 4 bits are considered as column value [17]. Unique 8 bit output value generated by row and column value which are indexes into the S-Box.

    2. 2.

      ShiftRows: ShiftRows process is simple permutation process. In ShiftRows process, 4 × 4 matrixes are generated using unique 128 bits which are generated by substitution byte process. This stage performs process as its name shows. First row of state will remain same. The value of second row will shift left by 1 byte. For the third row, 2-byte left shift is performed. And four rows shifted left by 3 bytes.

    3. 3.

      MixCloumns: MixCloumns process is simple substitution process. Final 128 bits which are generated by ShiftRows stage pass through MixCloumns process. Each byte of column is multiplied with new function value.

    4. 4.

      AddRoundKey: In AddRoundKey bits value XOR with key value (128, 192, 256 bits).

These four stage processes are repeated till the number of rounds 10, 12, and 14 depends on key values of 128, 192, and 256 bits. AES is completely secure against the brute-force attacks because it is a required multibit key to encrypt the data.

  1. (a)

    Rivest–ShamirAdleman Algorithm (RSA)

    Three researchers Rivest, Shamir, and Adleman proposed secure public-key cryptography algorithm. RSA is block cipher where plaintext and ciphertext are integers between [0, n − 1] for some n where size of n is 1024 bits. RSA supports public–private-key (asymmetric cryptography algorithm) concept where encryption will be done by public-key and decryption will be done by private-key. Key generation schema of RSA is shown below.

    1. 1.

      Choose two very large digit prime numbers a and b, where a ≠ b

    2. 2.

      Calculate: x = a*b.

    3. 3.

      Calculate: ϕ(x) = (a-1)*(b-1)

    4. 4.

      Select integer p Where, gcd (ϕ(x), p) = 1; 1< p < ϕ(x)

    5. 5.

      Calculate n where, q = p-1(mod ϕ(x))

    6. 6.

      Now, we have Public Key PU = {p, x} Private Key PR = {q, x}

    7. 7.

      Encrypt plaintext M and create cipher text: C = M*p mod x

    8. 8.

      Decrypt cipher text C and create plain text M = C*q mod x

RSA algorithm is very popular and secure because it is very difficult to factor very large numbers. Factoring large number is not a difficult task, but today not a single algorithm exists to factor a 200-digit number in the reasonable amount of time. This algorithm can be applied to any electronic fund transmissions [18].

  1. (b)

    DiffieHellman Key Exchange (D-H)

    Diffie and Hellman published a new public-key algorithm which enables two users to establish secret key [19]. This is one of the first secret key transfer protocol over a public channel. When two parties want to share their data over network, first they generate secret key and transfer that secret key in secure channel. Data transfer process will happen between two users when both parties get keys securely by D-H algorithm [20]. Key generation schema between two person M and N is shown below.

    1. 1.

      Choose two random number: a, b where a is prime number and b is primitive roots of a and b < a

    2. 2.

      Select private key for user M: XM where XM < a

    3. 3.

      Calculate public key for user M: YM where YM = b XM mod a

    4. 4.

      Select private key for user N: XN where XN < a

    5. 5.

      Calculate public key for user N: YN where YN = b XN mod a

    6. 6.

      Compute secret key by user M: K = (YN) XM mod a

    7. 7.

      Compute secret key by user N: K = (YM) XN mod a

In DH key exchange protocol secure because to calculate exponentials modulo of a prime is easy task, but calculation of discrete logarithms is very difficult.

4 Hybrid Techniques

The basic idea behind hybrid techniques is improving the efficiency of the existing algorithm. Many hybrid techniques are used to encrypt the data; some of them are explained below.

  1. (a)

    Dual RSA

    It is a new public-key cryptography algorithm; it is also called RSA-CRT, because it uses Chinese remainder theorem, CRT, for its decryption [21]. Dual RSA has been developed for better performance in terms of computation costs and memory storage requirements. RSA takes one block at a time to encrypt and decrypt the data. But dual RSA takes two blocks during encryption and decryption [21]. Encryption time of dual RSA is more as compared to decryption of two blocks. Thus, dual RSA increases the performance as compared to RSA.

  2. (b)

    AES–RSA

    Symmetric algorithms are faster to encrypt data as compared to asymmetric techniques. RSA (asymmetric algorithm) takes more processing time to encrypt data due to longest key size. A new symmetric and asymmetric hybrid model has been developed to increase the level of security. In AES–RSA [22] hybrid techniques, AEs first generate 256-bit key. That 256-bit key is expanded to 1024-bit key and is used in RSA as private-key.

  3. (c)

    RSA–AES–Digital Signature

    Digital signature [23] is an authentication mechanism which provides data integrity and authentication. It is public–private-key algorithm where data are encrypted by sender’s public-key and decrypted by receiver’s private-key. In this hybrid key generation algorithm, first 1024-bit key is generated by RSA and XOR with 1024-bit key of AES. Final hybrid key generated by RSA and AES algorithms is used in digital signature as sender’s private-key (Table 1; Fig. 1).

    Table 1 Efficiency of cryptographic algorithm
    Full size table
    Fig. 1
    figure 1

    Comparison of cryptographic and hybrid cryptographic techniques

    Full size image

5 Conclusion and Future Scope

Data security is major issue in cloud computing. Many techniques are available to make secure communication, but one of the most efficient techniques is hybrid technique. This paper explores the comparison between cryptography and hybrid cryptography techniques. Based on the result, we can conclude that the efficiency of symmetric algorithm is more as compared to asymmetric algorithm, and the efficiency of hybrid technique gives average efficiency in any procedure. Because hybrid technique is a combination of public-key cryptography and private-key cryptography, then the security and avalanche effect will be more and also with the use of hybrid technique non-linear function generated.

The work is defined in this paper in terms of efficiency, but we can extend the same work in the different parameters like security, power saving, scheduling, and complexity. Also, we can show the same work with any simulation tool for showing all the parameters, and we can analyze each hybrid technique for different parameters.