International Journal of Computer Systems (ISSN: 2394-1065), Volume 03 Issue 02, February, 2016

Available at http://www.ijcsonline.com/

Survey and Analysis of Various Cryptographic Approaches for Cloud Security

Rahul Sharma, Anurag K. Jaiswal, Manoj Tyagi
Truba Institute of Engineering and Information Technology,
Bhopal, M.P., India.

Abstract
The utilization of cloud based services is growing with a rapid rate, so the need to secure these services is also
growing very rapidly. As the user stores and shares it's data over the cloud, so the data have to be used in the encrypted
structure for which many cryptographic algorithms (symmetric, Asymmetric & Hashing) can be used. These algorithms
use a large amount of resources for the computation purpose and their performances are diverse in diverse
environments. All the cryptographic algorithms face diverse issues based upon their Algorithm and key generation
process. Here in this survey paper we discuss about the various cryptographic approaches to facilitate the purpose of
security in cloud computing. Here we propose a model for storing the data on cloud in secured way. This model will also
enhance the security of stored data.
Keywords: Cryptography, Symmetric, Asymmetric, Hashing, Cloud Computing, Security Model.

I.

INTRODUCTION

The US Department of Commerce's National Institute

of Standards and Technology defines cloud computing as:
a model that enables appearing, appropriate, requirement
based network admittance to a common group of
configurable computing resources which can be
provisioned quickly and unconstrained with least amount
of administration and service source interference [1].
Cloud computing provides a broad variety of services to
its clients with slighter speculation which are delivered
above Internet. Protection is measured to be a noteworthy
problem in the enlargement of cloud computing which is
in fact an obstruction to the expansion of cloud as
computing. The core demanding undertaking in a pooled
environment akin to cloud is data safety. Cloud enables
the customers to accumulate data on distant servers in that
way preventing straight control above this data.
Information in cloud is not protected by the data holder.
So, appropriate data safety method must be maintained
[2].
II.

CLOUD SECUTIRY ISSUES

Nowadays, many end users have their concerns when

they use cloud services and have to trust the providers
infrastructure for storing their important data. Therefore,
they would like to know the place their information is
located in and be sure that the significant data are not
accessed and utilized illegitimately, even by the cloud
providers. Consequently, the most crucial security concern
becomes about privacy and user data confidentiality. This
segment discusses important security issues when utilizing
cloud services [3].
A. Outsourcing
When consumers makes use of the services which the
cloud provider offers exclusive of former awareness of the
resource location, they have to confer to the Terms of

Service which gives the provider the opportunity to

disclose clients data. Consequently disputes occurs, which
is occasionally becomes extremely hard to manage even
by the cloud providers. So it is extremely necessary to
address the security issues related to resource location so
that to achieve the integrity, confidentiality, and other
security services.
B. Multi Tenancy Issue
The extensive utilization of cloud computing and the
susceptible character of the data stored over cloud be
capable of creating issues of protecting the consumer data
beside illegal admission from persons accessing their
processes located on the similar physical servers.
C. System Monitoring and Access Control
The users may demand to the cloud providers for offering
additional monitoring and register data since the majority
of business applications have been put over cloud. As per
the result of monitoring and register data which sometimes
includes crucial information that is usually used inside, not
all cloud providers are set to provide their clients data to
other clients or intermediary examiners. The service
agreement includes this additional demands of the user
and providers intercession.
D. Cloud Standards
To achieve the increasing demands of interoperability
between clouds, the strength and protection are the most
vital needs offered by cloud standards. Hence, diverse
standards embryonic organizations requires diverse
standards.
E. Authentication and Trust
In cloud environment, the threat of data manipulation is
always been there as the cloud provider can change it
without user knowledge, the user is then required to access
and modify the as per its need, in such cases data
faithfulness is extremely significant for assuring the

127 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016

Rahul Sharma et al

Survey and Analysis of Various Cryptographic Approaches for Cloud Security

truthfulness of the data which was being stored in the

cloud by the user.
III.

CRYTOGRAPHY

To achieve the required security we can make use of the

available various cryptographic techniques. Cryptography
is the process to transform a text (plain text) into a
scribbled text (cipher text) which preserves the
confidentiality of data. The word crypto means secret
and graphy means to carve. It is apprehensive with
data safety, encryption, verification and admission control.
Cryptography is basically of three types first is
Symmetric cryptography, where a common key is being
used for both encryption and decryption process. This
common key is undisclosed. Symmetric key cryptography
is more efficient in term of key generation time. Second
one is Asymmetric Key cryptography, where two keys are
being used one for encryption and the other one for
decryption process. The last one is Hashing in which hash
value is being calculated and is used normally in integrity
and security for data. In this survey, we have discussed
few of the Symmetric, Asymmetric and hashing
approaches for security purpose in cloud[4].
CRYPTOGRAPHY TYPES
In this section , few approaches of symmetric, Asymmetric
and hashing cryptography will be discussed.

encryption: the key used here should always be kept secret

from other parties. Speed & cryptographic strength per bit
of key are the strengths of it. The weaknesses includes
secrecy of the key have to be maintained between the two
parties before the communicate takes place.
1) DES
DES [6] is the Data Encryption Standard, which explains
the Data Encryption Technique (DET). DES was
premeditated by IBM, on the root of the older Lucifer
symmetric cipher and later adopted by NIST. It make use
of of a 64-bit block size (which means it can encrypt 64
bits per round) and a 56-bit key.
- Modes of DES - Electronic code book.
- Cipher block chaining.
- Cipher feedback.
- Output feedback.
- Counter mode.
Single DES: Single DES is the unique functioning of DES,
which encrypts the 64-bit block of data using a 56-bit key,
and having 16 round of encryption.
2) Triple DES:
Triple DES apply single DES three times for every block
to guard it against attacks without the need to design a
completely new algorithm, it is officially called the Triple
Data Encryption Algorithm (TDEA) and usually called
TDES or 3DES,. The collective key size in 3DES is
168 bits (3 times 56). TDEA makes the use of three 64-bit
DEA keys (K1, K2, K3) in Encrypt-Decrypt-Encrypt
(EDE) mode, to be precise, the simple text is encrypted
with K1, after that decrypted with K2, and followed by
encryption again with K3[7].
3) AES
The Advanced Encryption Standard (AES) is the
existing U.S. norm for symmetric block cipher. It makes
use of 128- (encryption with 10 rounds), 192- (encryption
with 12 rounds), or 256-bit (encryption with 14 rounds)
keys to encrypt the 128-bit data block.

Figure 1: Different Cryptographic Algorithms

Table 1: Comparison of Symmetric Algorithms

Algorithm
Key
Security
Efficiency
[9]
[8]
Name
Size
DES
56 Bits
Not Secure
Slow
Enough
3DES
112 or
Adequate
Slow
168
Security
Bits
AES
128,
Replacement
Faster
192 or
for DES,
256
Excellent
Bits
Security
B. ASYMMETRIC ENCRYPTION

A. SYMMETRIC ENCRYPTION
It makes the use of a single key to encrypt and decrypt the
data. If we encrypt some file and then decrypt the file
using the same key, we are making use of symmetric
encryption. It can also be called as secret key

Asymmetric encryption [5] uses two keys, first key for

encryption and other for decryption. Any one key can be
available publicly (called the public key); because of this
reason it is also called as public key encryption. The user
who wants to commune with us can simply download our

128 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016

Rahul Sharma et al

Survey and Analysis of Various Cryptographic Approaches for Cloud Security

public key to encrypt their plaintext. After the encryption

is done, we cannot use the public key to decrypt the
plaintext, decryption can only be done by using the private
key.
1) RSA :
An instance of a one way function is factoring a composite
number into its primes. Multiplying some prime number
by some other prime number gives us the results. This way
it can easily be computed, in fraction of seconds using
calculator. to answer the question i.e. which prime number
is being multiplied to which prime number is very
difficult. The problem is termed as factoring problem, the
RSA algorithm is made on the basis of this. It is
considered to be more secured with long keys.
2) DIFFIE-HELLMAN PROTOCOL:
This protocol makes two parties to securely to be in
agreement on a symmetric key using a public channel, for
ex. Internet, without any exchange of key . The attacker
who can blub the whole discussion is not able to obtain the
exchanged key. Whitfield Diffie and Martin Hellman
shaped the Diffie-Hellman Key Agreement Protocol (also
known as Diffie-Hellman Key Exchange) in 1976. It uses
discrete logarithms for providing security.
3) ELLIPTIC CURVE CRYPTOGRAPHY:
ECC leverages a one-way job using discrete logarithms
by applying elliptic curves. The resolution of such problem
is tougher as compared to discrete logarithms, that's why
algorithms base on Elliptic Curve Cryptography (ECC) are
more harder per bit as compared to systems with discrete
logarithms and also with prime numbers. ECC needs less
resources for computation because of the short key length
in comparison with rest asymmetric methods. ECC is lot
more used to lesser the power required.
Table 2: Comparison of Asymmetric Algorithms
Algorithm
Name
RSA
DIFFIE
HELLMAN
ECC

Key Size
1024-4096
Bits
1024-4096
Bits
Smaller
Key sizes

Security
[9]
Good
Security
Adequate
Security
Excellent
Security

1) MD FAMILY :
Message Digest 2 [11] or MD2 was the first member of
this family developed in 1989, after that MD4 was being
proposed in 1990 based on which MD5 the Message Digest
algorithm 5, shaped by Ronald Rivest. It is also the most
extensively used MD family of hash algorithms. It makes a
128-bit hash on the basis of some input length. It has been
fairly popular under the years, but due to the discovered
weakness in which collisions could be establish in a
practical time frame. MD6 is the latest edition of the MD
family of hash algorithms, first available in 2008.
Table 3: Comparison between MD Family
Algorithm
Block Size Hash Size
Security
Name
MD2
128 Bits
128 Bits
Secure
MD4
512 Bits
128 Bits
Less
Secure
MD5
512 Bits
128 Bits
Secure
2) SHA FAMILY:
Secure Hash Algorithm 1 [12] or SHA1 is the first
revision of hash algorithm developed by the National
Security Agency. SHA-1 makes a 160-bit hash value and
supports a message of length up to 264 bits. If anyone
wishes to compute the digest larger than 264, it can be done
by dividing the message into smaller messages, no
weakness in SHA1 are known till date. There are variations
of SHA1 like SHA-2 which includes SHA-224, SHA-256,
SHA-384, and SHA-512 comes, that are named as per the
size of the message digest they create.
Table 4: Comparison between SHA Family
Algorithm
Name
SHA160
SHA 256

Block Size

Hash Size

Security

512 Bits
512 Bits

160 Bits
256 Bits

SHA 512

1024 Bits

512 Bits

Secure
More
Secure
Very
Secure

Efficiency
[8]
Average
Slow
Fast

IV.
A.

C. HASH FUNCTIONS
A hash function provides the encryption by using an
algorithm without any key [10]. We can also call them as
one-way hash functions as it is not possible to overturn
the encryption. A patchy-length plaintext is hashed into
a set-length hash value , also called as the message digest
or commonly a hash. These are basically used to serve
truthfulness, if hash of changes, the plaintext also gets
altered. General older hash functions includes of Secure
Hash Algorithm 1 (SHA-1), that makes a 160-bit hash &
Message Digest 5 (MD5), that makes a 128-bit hash. Some
weaknesses were being founded in both MD5 and SHA-1;
newer substitutes like SHA-2 are suggested.

PROPOSED CLOUD SECURITY MODEL

DATA OWNER:

An entity which wants to store its data over cloud. It

encrypts the data using the public key of Authorized user
and remove the dependency of cloud. After that it sends
this encrypted copy of the data to TPA, which then
forwards it to the CSP.
B. THIRD PARTY AUDITOR (TPA)
An entity which works as an intermediate between Owner
and Service provider. It calculate the hash value of data.
TPA sends the data to the CSP for storing over cloud
server.It also send hash value to Authorized user. This

129 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016

Rahul Sharma et al

Survey and Analysis of Various Cryptographic Approaches for Cloud Security

hash value can be used to check the reliability of data at

the receiver end.
C. CLOUD SERVICE PROVIDER (CSP)
CSP is a trusted Provider which authorizes the access
control and is accountable for security of the data stored
on cloud. CSP generates a key with the help of KGC and
makes use of this key for encrypting the encrypted data
provided by TPA. Then CSP stored this double encrypted
data over cloud servers. Here we used double encryption
to enhance the security of data.
D. KEY GENERATION CENTER (KGC)
It is responsible to generate the key with the help of CSP
and remove the dependency on cloud server.
E. AUTHORIZED USER
An entity which requires the data from cloud. It requests
the CSP for accessing the data stored over cloud. CSP
verifies its identity. After verification of authorized user
CSP decrypts one layer of encryption of data and sends
the encrypted data to the user, which can be decrypted by
the user with the help of its private key.

3. Hashing techniques are mainly used to provide data

integrity, MD5 can be used where speed and security both
are required but for higher security purpose SHA has to be
used although it is a bit slower than MD5 but provides
comparatively higher security.
4. Combination of symmetric and asymmetric key is also
used for enhancing the security.
5. Combination of Asymmetric key and hashing is also
used for maintaining both confidentiality and integrity.
6. Prefer Symmetric key in secure storage of data.
7. Prefer Asymmetric key in secure exchange of data.

VI.

CONCLUSION

With the growing use of cloud based services, the

security requirements are also getting increased, for which
the use of various cryptographic techniques has been
suggested. Here in this survey paper, we have analysed and
compare few of the available cryptographic techniques
such as Symmetric ones like DES, 3DES and AES,
Asymmetric ones like RSA, Diffie Hellman and ECC and
also Hashing techniques like MD and SHA Family, by
making the use of these techniques in the cloud computing
environment, we can make the data communication and
sharing process more smooth and secure. We also proposed
and discussed a secure model for storing the data over
cloud server. It enhanced the data security over cloud and
also protect from cloud service provider.

REFERENCES
[1]

Figure 2: Proposed Cloud Security Model

V.

SUGGESTIONS FOR SECURITY

ENHANCEMENT

We would like to give some suggestions on the basis of

our survey, which can help to enhance the data security.
1. Amongst Symmetric algorithms, AES algorithm can be
used for encryption where we need security as well as
efficiency, as it is a fast algorithm. AES is the current
recommended algorithm for security.
2. Amongst Asymmetric algorithms, ECC can be used for
providing high security as well as performance. Although
asymmetric algorithms are slower than symmetric ones but
ECC due to capability of providing higher security with
small key sizes is more efficient and secure.

MELL, P. and GRANCE, T. 2009. Draft NIST Working Definition

of Cloud Computing.
[2] Devi T, Ganesan R, "Data Security Frameworks In Cloud", IEEE32331, International Conference on Science, Engineering and
Management Research (ICSEMR 2014)
[3] Sura Khalil Abd, S.A.R Al-Haddad, Fazirulhisyam Hashim, Azizol
Abdullah, "A Review of Cloud Security Based on Cryptographic
Mechanisms", IEEE 2014 International Symposium on Biometrics
and Security Technologies (ISBAST).
[4] Sourabh Chandra, Siddhartha Bhattacharyya, Smita Paira, Sk
Safikul Alam, "A Study and Analysis on Symmetric
Cryptography", IEEE International Conference on Science,
Engineering and Management Research (ICSEMR 2014).
[5] Eric conard, Seth Minesar, Joshua Feldman, "Cryptography",
"Eleventh Hour CISSP( Seventh Edition), 2014 Page 77-93,
Syngress.
[6] William Stallings, Cryptography and network Security: Principles
and Practice, Pearson Education/Prentice Hall, 5th Edition.
[7] 3DES, http://www.cryptosys.net/3des.html.
[8] Sourabh Chandra, Smita Paira, Sk Safikul Alam, Dr. Goutam
Sanyal, "A comparative survey of symmetric and asymmetric
cryptography", IEEE 2014 International Conference on Electronics,
Communication and Computational Engineering (ICECCE).
[9] Rajani Devi. T, "Importance of Cryptography in Network Security",
IEEE 2013 International Conference on Communication Systems
and Network Technologies.
[10] John Edward Silva, GIAC Security Essentials Practical Version
1.4b, "An Overview of Cryptographic Hash Functions and Their
Uses "2003.
[11] Sandhya Verma, G.S Prajapati, "A Survey of Cryptographic Hash
Functions and Issues", IJCSCA 2015.
[12] Secure Hash Standards, Information Technology Laboratory
National Institute of Standards and Technology, Gaithersburg, MD
20899-8900, March 2012.

130 | International Journal of Computer Systems, ISSN-(2394-1065), Vol. 03, Issue 02, February, 2016