ijmeit// vol.03 issue 04//april//page no:1187-1198//issn ...igmpublication.org/ijmeit issue/v3-i4/16...

N.Ramadevi IJMEIT Volume 3 Issue 4 April 2015 187

IJMEIT// Vol.03 Issue 04//April//Page No:1187-1198//ISSN-2348-196x 2015

An Efficient Authenticated Key Exchange Schemes and Algorithms for Cloud

Computing (A Literature Review)

Author

N.Ramadevi

Associate Professor, Santhiram Engineering College, Nandyal,

[email protected]

ABSTRACT:

Cloud computing is an emerging trend in today’s world and becoming very efficient and useful. Cloud

computing is basically a shared pool of resources that includes software, storage, data, applications,

infrastructure. The services are offer on pay per user basis. Storage as a service is a kind of service where

data owner can store their data in cloud. As users outsourced their data to cloud data security and access

control is one of the most ongoing researches in cloud computing.

Keywords: cloud computing, cloud service provider (CSP), access control, cryptography, authentication.

I. INTRODUCTION:

Cloud computing refers to provision of

computational resources on demand via a

computer networks. Cloud computing provides

various services which includes software as a

service, platform as a service, infrastructure as a

service. Cloud computing provides various

advantages which include economies of scale,

dynamic provisioning, increased flexibility, low

capital expenditure and many more[1]. As cloud

computing share resources over the network,

security is the basic concern. Data owners store

their data on external servers so data

confidentiality, authentication, access control are

some of the basic concerns. To protect user’s

privacy one way is to use authentication technique

such as username and password. Authentication is

to check user’s identity, means whether the person

is same as he pretends to be. There are various

authentication methods and techniques [2].

Access control is a procedure that allows or denies

access to a system or services. The data are

outsourced to cloud after encryption with

symmetric key by the data owner. The CSP and

user communicate with each other and generate a

shared symmetric key using strong Diffie-

Hellman algorithm. This solves the purpose of

secure communication between CSP and user’s. In

this paper a literature survey on efficient

authenticated key exchange protocols in cloud

computing is presented. The reminder of the paper

is organized as follows section II reviews the

related work of efficient authenticated key

exchange schemes between the user and the cloud

controller. And the section III reviews the related

work of efficient cryptographic algorithms.

N.Ramadevi IJMEIT Volume 3 Issue 4 April 2015 Page 1188


II. RELATED WORK:

A) Secured Authenticated key exchange

Schemes:

1. Secured and Authenticated Communication in

Cloud Using Dynamic Key Exchange Protocol

[5].

The Dynamic Session Key Exchange (DSKE)

Method is computationally attractive as using

multiplication of a key matrix [4]. Our method has

several advantages such as masquerading letter

frequencies using matrix. The key exchange

method is one of the well-designed ways of

establishing secure communication between

couple of users by using a session key. The

session key, which is exchanged between two

users, guarantee the secure communication for

later sessions. The first practical key exchange

method is proposed by Diffie-Hellman [3]. Since

the introduction of key exchange method by

Diffie-Hellman, a variety of versions and

enhancement in key exchange method have been

developed. In the line of key exchange method

based key exchange mechanism achieved

attention due to its complexity, dynamic security

and wide range of applicability. In This method

we take two S-Boxes S1 and S2. S1 is secret and

S2 is chosen / taken from standard S2 box. S2

Standard box is open for all. S1 is very secret;

only two users understand this box. Using of these

two S-Boxes, we can exchange session key

between two users [4]. Since it is dynamic

protocol, for every session the session keys can be

changed with same set of S-boxes which provide

better security than other key exchange protocol.

2. Efficient and Secure Mutual Authentication

Scheme in Cloud Computing [6].

Figure.1.Basic architecture of proposed

authentication.

Fig. 1 Illustrates the basic architecture of our

proposed scheme, which composes of three

components: Data owner (DW), Service Provider

(SP), and users. DW is the owner of the data to be

stored in the cloud such as databases, images,

videos. The essential role of SP is to ensure that

just the authorized users can get accessed to the

secret data. The overall work can be divided into

three phases: Setup, Registration, and

Authentication. In the setup and registration

phases, the user Ui sends his username/ password

to DW who sets up keys (important information)

to use in the next phases. During the registration

phase, DW issues to each user and SP important

information (credential, public parameters) to be

used for authentication. The user’s credential file

contains user’s two-factor authentication. The

valid user derives a key from his password, which



is used for encrypting his credential file.

Furthermore, the user will save his encrypted

credential file in any extra device that prefers it.

Each time, the user sends his first factor to SP.

After that, SP decrypts his credential using key,

and verifies user’s first factor and sends back

challenge value to the user for ensuring from

validity of SP. Finally, the user sends his second

factor to SP who checks again the validity of the

user’s second factor.

The proposed scheme assumes a new setting

where users keep their passwords far away from

the service provider in the cloud. This feature has

been gained a good chance to service provider to

increase processing time. Furthermore, proposed

scheme resists insider attacks, MITM attacks,

forgery attacks, replay attacks, off-line attacks,

and parallel session attacks. Also, work has many

virtues, including freely chosen password, user

anonymity, mutual authentication, session key

agreement and does not require the synchronized

clock. In performance evaluation, our scheme has

been proven to obtain strong security with lower

communion cost than previous works.

3. Secure Data Access with Enhanced Two Factor

authentication in Cloud Computing[7]:

Before introducing the work we first introduce the

model which includes three participants – users,

data owner and cloud service provider. There are

different scenarios of the work. The scenario is

given in figure 2. The proposed work is explained

as follows:

Figure. 2. Scenario of proposed work

1. Users registered themselves using their

username, password, mobile no. to the data owner.

The details are stored in the data owner’s database

and created a session value or token and the

mobile oken for that user. The registration details

are all send in encrypted form using public key of

data owner and then send it to the data owner.

2. After getting all the details the data owner store

these details within it and update the capability list

for every new user, if request is valid and also

update the data item that can be accessed by that

user. Data owner contains the actual data. Now

before transmitting that data into cloud, the data

set which contain files are computed using

message digest 128 bit MD5 hash this gives more

confidentiality and data integrity. The digest along

with the file is encapsulated using symmetric key.

Data owner then send all i.e. encrypted data,

capability list using its private key first and then

using public key of service provider. Also data

owner send the symmetric key and hash function

in encrypted form to the CSP using public key of

user. We assume that each party is preloaded with

other public keys; hence, we do not need any PKI

for distributing public keys of each other involved

in secure communication.



3. Cloud service provider now gets the encrypted

data, capability list and stored it. The message is

then decrypted by using its own private key and

the public key of data owner. CSP checks the

timestamp if it is correct then decrypts the

capability list under data owners public key. As

CSP does not know the symmetric key which is

used to encrypt the actual data, he cannot able to

decrypt that data. CSP now update its capability

list.

4. User now login into cloud using TWO

FACTOR authentication. To access cloud service

using two step verification process user has to go

through the following two stages:

The first step involves login using

username, password.

The second step involves the mobile phone

for authentication using MULTI AUTH

APP.

5. User now becomes authenticated and cloud

service provider then sends the message that is

intended for the user which contains the

symmetric key and the hash function. As these are

encrypted using public key of user, user now

decrypt it using its own private key and then

aware of symmetric key and hash function used

by the data owner. Now the actual data request

goes from user to cloud service provider.

6. Cloud service provider now initiates strong

Diffie- Hellman. Strong D-H algorithm is used to

prevent man in middle attack by encrypting the D-

H parameters. Both user and cloud service

provider are now agreeing on same shared session

key.

7. Cloud service provider now send the data

which is already encrypted using symmetric key is

now over encrypted using the shared session key.

8. User now received the data which can be firstly

decrypted using its symmetric key and shared

secret key. After that user calculates the digest by

using hash function and then compared with the

digest that is attached with the message to check

the integrity.

This paper presented a set of security procedures

to secure the data of a data owner in cloud. The

combined approach of access control and

cryptography is used to protect outsourced data.

Our scheme presented a capability based model

for access control mechanism. Extra layer of

security is provided for users and cloud using two

factor authentication approach. So the proposed

scheme ensure that only the registered users may

access the requested service using mobile phones

as an extra added security. Strong Diffie- Hellman

procedure to access outsourced data efficiently

and securely from CSP.

4. An Identity -Based Secure Authenticated

Framework by using ECC in Cloud Computing

[10]:

4.1 Preliminaries:

4.1.1 Notations

Symbols Meaning

∶ A large prime number

P ∶ Prime finite field



∶ An elliptic curve over a prime finite field

∶ Additive elliptic curve cyclic group

∶ Generator of group

ℋ1, ℋ2, ℋ3 ∶ Cryptographic secure hash functions

m ∶ Master key of PKG

Ppub ∶ The public key of PKG

∶ The entity ’s identity

∶ Private Key of entity

∶ Secure session key

4.1.2 Computational Problem Elliptic Curve

Cryptography Elliptic Discrete Logarithms

Problem (EDLP): For given A, B ∈R find k ∈R

Z*P such that A = kB, which is hard.

Elliptic Computational Diffie-Hellman Problem

(ECDHP): For , ∈R Z*P and the is the

generator of , given , x , y , then compute

xy is hard to the group .

4.2 The Proposed Protocol:

The protocol is composing of major three

algorithms:

4.2.1 Set Up:

Private Key Generator (PKG) takes a security

parameter k, returns security parameter and master

key m for given k, PKG takes following steps:

Choose an arbitrary generator ∈ . Select a

master key m ∈ Z*P and public key Ppub = m .

Choose collision free one way hash functions

ℋ1: {0,1}∗ × → * .

ℋ2: {0,1}∗ × {0,1}∗

× {0,1} × × → {0,1} .

ℋ3: × {0,1} → * . Publish systems

parameters < , , , , , , ℋ1, ℋ2, ℋ3 >

and keep secret.

4.2.2 Extraction:

Entity submits her/his public identities to

PKG. Then PKG verifies the proof of identity. If

verification succeeds, generates the partial private

key as:

Generate a random number ∈ * .

Compute = and ℎ = ℋ1( || ).

PKG generate the partial private key as = +

ℎ . Then PKG distributes user partial private key

via a secure channel.

On receiving partial private key entity checks the

condition = + ℋ1( || )Ppub . Then entity

sets public key = .

4.2.3 Authentication and Key Agreement:

User U and server S mutually authenticate each

other and establish a session key as:

Generate a random number ∈ * ,

an opaque string as a session identity and

computes = and sends < , ,

, 1 > to . Where 1 is the current date and

time of .

On receiving message, computes 2 −

1, checks 2 − 1 ≤ Δ . Where 2 message

receiving time of and Δ is the valid time

delay in message transmission. If condition is

hold then, generate a random number ∈

* , computes = , mutual

authenticated code =

ℋ2( || || || || ) and sends < ,

, , 3 > to . Where 3 is the current

date and time of .





receiving time of user and Δ is the valid

time delay in message transmission. If

condition is hold then, generates random

number 1 ∈ * , computes mutual

authenticated code =

ℋ2( U|| || || || ), session key =

1 + ℋ3 ( || , and sends < ,

, 5 > to . Where 3 is the current date

and time of .



receiving time of and Δ is the valid time

delay in message transmission. If condition is

hold then, also checks =? , if

verified then, generates random number 1

∈ * , computes session key = 1 + ℋ3

( || ).

From the explanation of this protocol, and

agreed session key can be computed as: =

= . And, once the session establishes user can

store/access his/her data strongly via the public

channel.

Figure.3.Authentication and key agreement.

Authentication between User and Cloud Sever is

critical certification in data security which is also

necessary in Cloud Computing. The paper shows

the security analysis of this protocol. By the

analysis of performance, this protocol is more

efficient compare than Chen at al[8] and Mishra et

al[9] in cloud environments. In addition to, the

protocol is permitted by a budding cryptographic

technique from the pairing-free and its security

can be assured by EDLP and ECDHP.

III. Cryptographic Algorithms for Cloud

Computing:

Cryptography can help emergent acceptance of

Cloud Computing by more security concerned

companies. The first level of security where

cryptography can help Cloud computing is secure

storage. Cryptography is the art or science of

keeping messages secure by converting the data

into non readable forms. Now a day’s

cryptography is considered as a combination of

three algorithms. These algorithms are

Symmetric-key algorithms, Asymmetric-key

algorithms, and Hashing. In Cloud computing, the

main problems are related to data security,

backups, network traffic, file system, and security

of host [12], and cryptography can resolve these

issues to some extents. Consider an example, in

the cloud consumer can protect its confidential

data, then he has to encrypt his information before

storing in the cloud storage, and it is advised not

to save an encryption key on the same server

where you have stored your encrypted data. This



will helps us in reduction of Virtualization

vulnerability. For secure communication between

the host domain and the guest domain, or from

hosts to management systems, encryption

technologies, such as Secure HTTP (HTTPS),

encrypted Virtual Private Networks (VPNs),

Transport Layer Security (TLS), Secure Shell

(SSH), and so on should be used. Encryption will

help prevent such exploits as man-in-the-middle

(MITM), spoofed attacks, and session hijacking

[13].

i). Symmetric-key algorithms:

The most important type of the encryption is the

symmetric key encryption. Symmetric-key

algorithms are those algorithms which use the

same key for both encryption and decryption.

Hence the key is kept secret. Symmetric

algorithms have the advantage of not consuming

too much of computing power and it works with

high speed in encryption [11]. Symmetric-key

algorithms are divided into two types: Block

cipher and Stream cipher. In block cipher input is

taken as a block of plaintext of fixed size

depending on the type of a symmetric encryption

algorithm, key of fixed size is applied on to block

of plain text and then the output block of the same

size as the block of plaintext is obtained. In Case

of stream cipher one bit at a time is encrypted.

Some popular Symmetric-key algorithms used in

cloud computing includes: Data Encryption

Standard (DES), Triple-DES, and Advanced

Encryption Standard (AES).

1. Data Encryption Standard (DES):

The Data Encryption Standard (DES) is a

symmetric- key block cipher published as FIPS-46

in the Federal Register in January 1977 by the

National Institute of Standards and Technology

(NIST). At the encryption site, DES takes a 64-bit

plaintext and creates a 64-bit ciphertext, at the

decryption site, it takes a 64-bit ciphertext and

creates a 64-bit plaintext, and same 56 bit cipher

key is used for both encryption and decryption.

The encryption process is made of two

permutations (P-boxes), which we call initial and

final permutation, and sixteen Feistel rounds.

Each round uses a different 48-bit round key

generated from the cipher key according to a

predefined algorithm as shown in figure 4.

The function f is made up of four sections:

Expansion P-box

A whitener (that adds key)

A group of S-boxes

A straight P-box.

Figure .4. Encryption with DES



2. Advanced Encryption Standard (AES):

Advanced Encryption Standard is a symmetric-

key block cipher published as FIPS-197 in the

Federal Register in December 2001 by the

National Institute of Standards and Technology

(NIST). AES is a non-Feistel cipher. AES

encrypts data with block size of 128-bits. It uses

10, 12, or fourteen rounds. Depending on the

number of rounds, the key size may be 128, 192,

or 256 bits as shown in figure 5. AES operates on

a 4×4 column-major order matrix of bytes, known

as the state.

Figure.5. Encryption with AES

3. Triple-DES:

A quite simple way of increasing, the key size of

DES is to use Triple DES, to guard it against

attacks without the need to design a completely

new block cipher algorithm.

DES itself can be adapted and reused in a more

secure scheme. Many former DES users can use

Triple DES (TDES) which was described and

analyzed by one of DES's patentees. It involves

applying DES three times with two (2TDES) or

three (3TDES) different keys as shown in figure 2.

TDES is quite slow but regarded as adequately

secure.

Figure.6. Encryption: Triple DES

4. Blowfish Algorithm:

Blowfish is a symmetric block cipher algorithm. It

uses the same secret key to both encryption and

decryption of messages. The block size for

Blowfish is 64 bits; messages that aren't a multiple

of 64-bits in size have to be padded. It uses a

variable –length key, from 32 bits to 448 bits. It is

appropriate for applications where the key is not

changed frequently. It is considerably faster than

most encryption algorithms when executed in 32-

bit microprocessors with huge data caches. Data

encryption happens via a 16-round Feistel

network [14] as shown in figure 7.

Figure.7. Encryption with Blowfish



ii). Asymmetric-key algorithms:

Asymmetric-key algorithms are those algorithms

that use different keys for encryption and

decryption. The two keys are: Private Key and

Public Key. The Public key is used by the sender

for encryption and the private key is used for

decryption of data by the receiver. In cloud

computing asymmetric-key algorithms are used to

generate keys for encryption. The most common

asymmetric-key algorithms for cloud are: RSA,

IKE, Diffie-Helman Key Exchange.

1. Homomorphic Encryption:

Cloud consumer encrypts its data before sending

to the Cloud provider, but, each time he has to

work on that will have to decrypt that data. The

consumer will require giving the private key to the

server to decrypt the data before to perform the

calculations required, which might influence the

confidentiality of data stored in the Cloud.

Homomorphic Encryption systems are needed to

perform operations on encrypted data without

decryption (without knowing the private key);

only the consumer will have the secret key. When

we decrypt the result of any operation, it is the

same as if we had performed the calculation on

the plaintext (or original data). The Homomorphic

encryption is distinguishing, according to the

operations that are performed on raw data [15].

Additive Homomorphic encryption: additions of

the raw data.

Multiplicative Homomorphic encryption: products

for raw data.

2. RSA:

RSA cryptosystem realize the properties of the

multiplicative Homomorphic encryption [15].

Ronald Rivest, Adi Shamir and Leonard Adleman

have invented the RSA algorithm and named after

its inventors. RSA uses modular exponential for

encryption and decryption. RSA uses two

exponents, a and b, where a is public and b is

private. Let the plaintext is P and C is cipher text,

then at encryption

C = Pa mod n

And at decryption side

P = Cb mod n.

n is a very large number, created during key

generation process. The process is shown in figure

8.

Figure.8. RSA algorithm[16, 17]

3. Diffie-Hellman Key Exchange:

In 1976, Whitfield Diffie and Martin Hellman

introduced a key exchange protocol with the use

of the discrete logarithm problem. In this protocol

sender and receiver will set up a secret key to their

symmetric key system, using an insecure channel.



To set up a key Alice chooses a random integer

aє[1; n] computes ga, similarly Bob computes g

b

for random bє [1; n] and sends it to Alice. The

secret key is gab

, which Alice computes by

computing (gb)a and Bob by computing (g

a)b. The

important concepts on which the security of the

Diffie-Hellman key exchange protocol depends

are [18]:

Discrete Logarithm Problem (DLP): If from g and

ga Eve, an adversary can compute a, then he can

compute gab

and the scheme is broken.

Diffie-Hellman Problem (DHP): If from given the

information g, ga and g

b with or without solving

the discrete logarithm problem, Eve can compute

gab

then the protocol is broken. It is still an open

problem if DHP is equivalent to DLP.

Decision Diffie-Hellman Problem (DDH): If we

are given g; ga; g

b and g

c, DDH is to answer the

question, deterministically or probabilistically, Is

ab = c mod n?

DES, Triple-DES, AES, and Blowfish etc are

some symmetric algorithm. DES and AES are

mostly used symmetric algorithms. DES is quite

simple to implement then AES.

RSA and Diffie-Hellman Key Exchange is the

asymmetric algorithms. In cloud computing both

RSA and Diffie-Hellman Key Exchange is used to

generate encryption keys for symmetric

algorithms.

But the security algorithms which allow

operations (like searching) on decrypted data are

required for cloud computing, which will maintain

the confidentiality of the data.

REFERENCES

1. http://mobiledevices.about.com/od/additi

onalresources/a/Cloud-Computing-Is-It-

Really-All-That-Beneficial.htm.

2. http://www.tweakandtrick.com/2012/06/m

ost-common-authentication-methods-

used.html

3. W. Diffie and M. Hellman, "New

Directions in cryptography", IEEE

Transactions on Information theory, Vol

22 ,no. 6 , pp 644-54, (1976).

4. Sohail Abid and Shahid Abid,”Dynamic

key exchange method using two S-boxes”

in International Journal of Computer

Science, Engineering and Applications

(IJCSEA) Vol.1, No.6, December 2011.

5. J.V. Anchitaalagammai, R.Kavitha,

S.Padmadevi “Secured and Authenticated

Communication in Cloud Using Dynamic

Key Exchange Protocol”, International

Journal of Engineering and Innovative

Technology (IJEIT),Volume 2,Issue

4,October 2012.

6. Ali A. Yassin, Hikmat Z. Neima, Zaid

Ameen Abduljbbar, HaiderSh Hashim

“Efficient and secure Mutual

Authentication scheme in Cloud

Computing”, International Journal of

Engineering and Engineering and

Advanced Technology (IJEAT),

ISSN:2249-8958,Volume-3,Issue-1,

October 2013.

http://mobiledevices.about.com/od/additi%20%20%20%20%20%20onalresources/a/Cloud-Computing-Is-It-Really-All-That-Beneficial.htm



http://www.tweakandtrick.com/2012/06/most-common-authentication-methods-used.html



N.Ramadevi IJMEIT Volume 3 Issue 4 April 2015 97


7. Divya saraswat,Pooja Tripathi, ”Secure

Data Access with Enhanced Two Factor

authentication in Cloud Computing”,

International Journal of Advanecd

Research in Computer Science and

Software Engineering,ISSN:2277

128X,Volume 4, Issue 11,November 2014.

8. T.H. Chen, H. Yeh and W. Shih “ An

advanced ECC dynamic id-based remote

mutual authentication scheme for cloud

computing”. 2011 Fifth FTRA

international conference on multimedia

and ubiquitous engineering, IEEE

Computer Society, pp.155-159.2011.

9. D. Mishra, V. Kumar, and S.

Mukhopadhyay “ A pairing-free identity

based authentication framework for cloud

computing”, NSS 2013, LNCS 7873,

Springer- Verlag Berlin Heidelberg, pp.

721-727,2013.

10. Nasheem Khan,Vinod Kumar,Adesh

Kumar,”An Identity-Based Secure

Authenticated Framework by using ECC

in Cloud Computing”, International

Journal of Science and

Research(IJSR),ISSN(online): 2319-7064.

11. A L.Jeeva, Dr.V.Palanisamy And

K.Kanagaram “Comparative Analysis Of

Performance Efficiency And Security

Measures Of Some Encryption

Algorithms” International Journal Of

Engineering Research And Applications

(IJERA) ISSN: 2248-9622 Vol. 2, Issue 3,

May-Jun 2012, Pp.3033-3037.

12. Neha Jain and Gurpreet Kaur

‘Implementing DES Algorithm in Cloud

for Data Security” VSRD International

Journal of CS & IT Vol. 2 Issue 4, 2012,

pp. 316-321.

13. Ronald L. Krutz and Russell Dean Vines,

Cloud Security: A Comprehensive Guide

to Secure Cloud Computing Wiley

Publishing, Inc. Indianapolis, Indiana

2010.

14. G. Devi , M. Pramod Kumar “Cloud

Computing: A CRM Service Based on a

Separate Encryption and Decryption using

Blowfish algorithm” International Journal

Of Computer Trends And Technology

Volume 3 Issue 4, ISSN: 2231-2803,2012,

pp. 592-596.

15. Maha TEBAA, Saïd EL HAJJI, Abdellatif

EL GHAZI “Homomorphic Encryption

Applied to the Cloud Computing

Security”, World Congress on Engineering

Volume I, July 4 - 6, 2012, London, U.K.

ISBN: 978-988-19251-3-8, ISSN: 2078-

0958 (Print); ISSN: 2078-0966 (Online).

16. Akhil Behl “Emerging Security

Challenges in Cloud Computing ”, IEEE

World Congress on Information and

Communication Technologies, 2011

pp.217-222.

17. Leena Khanna, Prof. Anant Jaiswal “Cloud

Computing: Security Issues And



Description Of Encryption Based

Algorithms To Overcome Them”,

International Journal of Advanced

Research in Computer Science and

Software Engineering 3(3), March - 2013,

pp. 279-283.

18. Ayan Mahalanobis “Diffie-Hellman Key

Exchange Protocol,Its Generalization and

Nilpotent Groups.”, August 2005, 40

pages

19. Rashmi nogoti, Manoj Jhuria, Dr.

Shailendra Singh,“A survey of

cryptographic Algorithms for Cloud

Computing”, International Journal of

Engineering Technologies in

Computational and Applied

Sciences(IJETCAS), ISSN(print):2279-

0047, ISSN(online):2279-0055.

ijmeit// vol.03 issue 04//april//page no:1187-1198//issn ...igmpublication.org/ijmeit issue/v3-i4/16...

Documents