K-RSA: Secure data storage technique for multimedia in cloud data server

Abstract

Cloud has become one of the most demanding services for data storage. On another hand, the security of data is one of the challenging tasks for Cloud Service Provider (CSP). Cryptography is one of the ways for securing the storage data. Cryptography is not a new approach instead of the efficient utilization of cryptographical algorithms is greatly needed. In this work, we proposed a Secure Hidden Layer (SHL) and Application Programming Interface (API) for data encryption. The SHL is consisting of two major modules (i) Key Management Server (KMS) and (ii) Share Holder Server (SHS) which is used for storing and sharing of cryptographic key. For this purpose, we proposed a server-side encryption algorithm, which is based on the asymmetric algorithm (RSA and CRT) for providing end-to-end security of multimedia data. The experimental results of text and video are evidence that the size of file is not much affected after the encryption and effectively stored at Cloud Storage Server (CSS). The parameters like ciphertext size, encryption time and throughput are considered for performance evaluation of the proposed encryption technique.

Keywords

Secure hidden layer (SHL)key management server (KMS)share holder server (SHS)cloud service provider (CSP)chinese remainder theorem (CRT)cloud storage server (CSS)

1 Introduction

In the era of multitasking, cloud services have become billion-dollar businesses for any industrialist. Millions of people are using the cloud services in their portable devices (like, laptops, palmtops, or even though any type of electronic gadgets) which has the accessibility of the internet. The biggest advantage of cloud storage is to provide services at a very economical cost. So, the users are very much attracted towards cloud services, to store their large amount of sensitive data (like, images, videos, documents, login password, bank details, and much more personal information); the primary concern for storage data is security. The cloud storage ownership is not present in a single location but it is distributed in different territories. Cryptography is one of the possible ways to make sure that our data is completely secured before sharing it with cloud storage. In the year 2017 [8], Forbes conducted a survey on data security and they found that 80% of the budget in IT industries was allocated for cloud infrastructure and from that 49% of business was not established due to some issues in infrastructures. So, for setup better cloud services we have focused on three properties; (i) Better Resources, (ii) Trained people who can handle the data, and (iii) Better management team who can provide solutions in financial crises

Above all of these, there is a minor issue regarding the security of multimedia which is addressed as:

Access Control of data.

Agreement monitoring between user and service provider.

Data storage problems.

Security and Reliability of the data.

Technical support against complaints.

For a better understanding of cloud infrastructure, threats, and risks problems it is important to study the cloud architecture.

1.1 National institute of standards and technology (NIST) architecture cloud

The cloud services are divided into three major sub-section [32]: (i) Software-as-a-Service (SaaS), (ii) Platform-as-a-Service (PaaS), and (iii) Infrastructure-as-a-Service (IaaS). The topmost layer of cloud services is SaaS which provides tools and software services at free of cost or require some monthly subscription. Some of the examples of SaaS service are Google play store, ZBIGZ torrent client service, Salesforce, Microsoft office suite, etc. which are used by consumers in day-to-day life. The middle layer of cloud service is PaaS which provides accessibility to the developers. Users rent the hardware support from IaaS, and then they deploy their applications and tools; which is distributed within the cloud user community. There are several IaaS service providers like; Amazon EC2, Ruby, and MySQL, etc. There are very few companies that provide the IaaS infrastructure like; Google Compute Engine, Amazon AWS, and Microsoft Azure, etc. According to NIST [6], the services of cloud is depend five different Actors witch are responsible for the security of cloud resources which is cited in Table 1.

Table 1
Actors used in Cloud Architecture

Actors Classifications

Cloud Service Provider (CSP) It provides all the services to trusted parties.

Cloud Service Consumer (CSC) It provides mutual bonding between consumer and cloud service providers.

Cloud Auditor (CA) It evaluates all the types of services and security for the consumer.

Cloud Broker (CB) It manages the performance between the service provider and the consumer.

Cloud Carrier (CC) It provides a link between the provider and the consumer for service connectivity.

Actors	Classifications
Cloud Service Provider (CSP)	It provides all the services to trusted parties.
Cloud Service Consumer (CSC)	It provides mutual bonding between consumer and cloud service providers.
Cloud Auditor (CA)	It evaluates all the types of services and security for the consumer.
Cloud Broker (CB)	It manages the performance between the service provider and the consumer.
Cloud Carrier (CC)	It provides a link between the provider and the consumer for service connectivity.

Cloud services provide numerous amount of supports for business, commercial, and governmental bodies. The advantages cloud services are:

To set up the small business firm at a cheap subscription cost.

It provides instant access to all the resources.

It creates an independent environment for innovations.

Ease of service for all users.

Deployment of tools and application at a cheap cost.

1.2 Cryptography approach and failures

There are various cryptographic algorithms are presented for encryption and decryption. But none of them provides 100% data security. In the year 1977, the MIT lab was first developed the asymmetric key algorithm named as RSA cryptosystem. In the year 1978, the three major computer scientists Ron Rivest, Adi Shamir, and Leonard Adleman has first described the RSA algorithm publically [1]. The major key factor of the algorithm is; it uses pairs of key. The first key is known as public key (K_public) which is used for encryption and second is the private key (K_private) which is used for decryption. RSA cryptosystem is adopted for various protocols like Secure Shell (SSH), Pretty Good Privacy (PGP), Secure Multipurpose Internet Mail Extensions (S/MIME), and Secure Sockets Layer (SSL). RSA works on the Euclidean algorithm; which uses two large prime numbers of size (512, 1024, or 2048 bits) for the computation of encryption key. The complexity of Euclidean algorithm is about O(log (N) ²). For fast encryption of data; the symmetric key cryptosystem is more suitable for data security. In the year 1970, the IBM lab was first presented the DES algorithm in front of the National Bureau of Standards (NBS). Later on, in year 1976, the National Security Agency (NSA) was first tested the strength of DES algorithm. The complexity of data encryption using DES is O(1) or O(m) [3]. In the year 1997, the National Institute of Standards and Technology (NIST) was developed the AES algorithm at an alternative of the DES algorithm [2]. Before moving further, there are several open issues of cloud resource security.

1.3 Open issues of cloud resources and data center

Cloud resource organization is one of the challenging aspects for personnel. The issues like Byzantine failure which caused by unpredictable failure of storage server. The Byzantine failure will not sustenance the security of data in the form of data integrity, confidentiality, or availability but it copes with the problems like increase of data intrusion with the help of malicious software or malicious insider attack [7]. Cloud is the enormous arena for technological application and commercial data. Due to the collection of different fields of information in a single cloud space, it always gives an invitation to the adversary. Here, we have discussed some of the problems:

All the technology is listed in the public domain: Due to the accessibility of cloud services, the possibility of single-point attacks is high. The hypervisor or cloud orchestration is an easy target for the adversary.

Publically Shared Data: There are various java-scripts that are present on the internet which creates a bridge in-between cloud consumer and service provider to leak the information.

Network Traffic Flooding: Services of the cloud are presented on the internet and everyone will use the services but losing the privileged account might lose the services.

Denial of Service (DoS): In this, the adversary is taking down the data server by flooding the false request which affects the services and resources of the cloud providers.

Malicious Insider: When unauthorized users tracking the cloud scenario and it covers with some different scenarios.

Internet Protocol: It is executed at the transport layer to attack the services of consumers. The attacks like Internet Protocol (IP) spoofing, Address Resolution Protocol (ARP) spoofing, and Domain Name Server (DNS) poisoning are known attacks for accessing the consumer data.

Injection Vulnerabilities: Adversary injects the Structured Query Language (SQL) command in the database to retrieve the information like (table name, primary key, etc.). This problem is always faced by multiple cloud consumers due to a lack of knowledge.

Application Program Interface (API) & Browser: Social engineering is a school level attack, where it uses personal information for website authentication.

1.4 Countermeasures for Attacks in Cloud

In a cloud infrastructure, the adversary only attacks three major sections (i) Network, (ii) Hypervisor, and (iii) Hardware. When the cloud system is compromised, the adversary attacks on these three vectors. Table 2 present the countermeasure of different types of attacks.

Table 2
Countermeasure of different attacks in the cloud

Techniques Countermeasure

End-to-End data security All the data are presented at the cloud server needs end-to-end encryption before sharing with the third party.

A regular check of malicious script and software The adversary uses malicious scripts to replicate the original data. This will overload the system drive and network traffic. The regular checkup of the drive will help in increasing the performance of the network.

Authentication of cloud consumer Proper authentication of the legal consumer will help against unauthorized access to resources.

Secure Interfaces and APIs Suitable interface for all types of multimedia creates proper synchronization between consumer and storage serves for securely sharing of data.

Insider Attack Employ reliable persons for handling the security of the cloud server.

Secure leveraged of resources The resources of the cloud are shared with different consumers, and hypervisor and orchestration tools are used to manage those resources.

Business Continuity Attacks Cloud services are used for many business purposes; consumers will share their personal data which is needed to be secured against any attacks.

Techniques	Countermeasure
End-to-End data security	All the data are presented at the cloud server needs end-to-end encryption before sharing with the third party.
A regular check of malicious script and software	The adversary uses malicious scripts to replicate the original data. This will overload the system drive and network traffic. The regular checkup of the drive will help in increasing the performance of the network.
Authentication of cloud consumer	Proper authentication of the legal consumer will help against unauthorized access to resources.
Secure Interfaces and APIs	Suitable interface for all types of multimedia creates proper synchronization between consumer and storage serves for securely sharing of data.
Insider Attack	Employ reliable persons for handling the security of the cloud server.
Secure leveraged of resources	The resources of the cloud are shared with different consumers, and hypervisor and orchestration tools are used to manage those resources.
Business Continuity Attacks	Cloud services are used for many business purposes; consumers will share their personal data which is needed to be secured against any attacks.

1.5 Basic cloud architecture for the security of the data

Figure 1 represents basic cloud architecture for secure transmission and storage of multimedia. Here, the client uploads the encrypted data to cloud datacenter; and third-party user downloads the encrypted data from the storage server; then it is decrypted by using an encryption algorithm. According to Kaaniche and Laurent [4], encryption plays an important role in data security and privacy. Symmetric and Asymmetric algorithm is used for data security and authentication in the cloud. Traditional algorithms have enriched mathematical and theoretical foundations but still have some flaws in real-time implementation. The motivation of this work is to provide end-to-end data security in cloud environment. After the study, we point out some of the gaps in classical encryption algorithms:

Encryption of large size files will result in the expansion of size in cipher form.

Encryption time ∝ Length of key size.

Fig. 1

The cloud architecture for transmission and storage of multimedia.

These are two major gaps in classical cryptographic algorithms present for almost 40 years. Now, the other issues of data security in the cloud environment are file sharing and storage. The rest of the paper is organized as follows. Sec. 2, presents the background of work followed by Sec. 1. Sec. 3, represent the proposed system model and proposed encryption technique. Sec. 4, deals with the implementation, performance evaluation and security analysis. Sec. 5 provides the conclusion and novelty of the entire work.

2 Background of the work

This section presents the various researches in the field of multimedia security in the cloud environment, which creates the foundation of our research work. Here, we addressed two current aspects of secure data storage in the cloud. The first aspects are to present the techniques that were used for multimedia security in a cloud environment; and the other aspect shows the limitation of different cryptographic techniques; which creates a necessity for our proposed research work.

2.1 The techniques used for multimedia security in the cloud environment

Cloud is the collection of multi-layered platforms, where storage and hardware devices are deeply interconnected with each other and data’s in the cloud are distributed to every end-user which creates the huge concern of privacy and security of data. For secure storage of data Y. Li et al. [24], was proposed Security-Aware Efficient Distributed Storage (SA-EDS) model which divides the data and store separately to the distributed cloud server. The purpose of this process is to obstruct the direct data interaction by the cloud service operator. For the cost-saving and management of data, various companies and organizations use the services of the cloud. L. Ferretti et al. [25], was presented the technique based on the encrypted Bloom filter to detect the unauthorized modifications on outsourced data of companies and protect the confidentiality and integrity of private data. When user share a huge amount of multimedia on the cloud there is always faced an issue of copyright and privacy protection of data. To ensure this problem H. Li et al. [31], was implemented Secure Media Cloud (SMC). The work of SMC is to provide a secure cloud environment, content storage and access control of data. In this, the video files are sliced and stored randomly at different edge servers. They also introduced the Sec-ABAC access control protocol to guarantee access to cloud resources. Multimedia distribution on cloud storage should be kept confidential except for the data owner. To maintain the privacy of outsourced contents L. Xiong et al. [28], was proposed the framework of Multimedia Distribution based Re-encryption and Fingerprinting (MDRF) scheme. The cloud service provider is the semi-trusted service provider and MDRF is used to maintain the privacy and copyright of contents, and it also resolves the problems of content piracy. The cloud services are not only be used by IT companies but it also been used by healthcare professionals. H. A. Al Hamid et al. [27], was presented an electronic medical record (EMR) system for the storage of health care records. EMR stores the huge size of multimedia data such as X-rays, ultrasounds, CT scans, and MRI reports of various patients. To secure EMR data they use a one-round authenticated key agreement protocol. To authenticate the users; and provide access to multimedia data otherwise, it is kept stored in the hidden gallery. M. Morales-Sandoval et al. [26], was proposed hybrid cloud models for end-to-end data storage. It works as a file-sharing application where users upload there data and also control the access of data. The encryption is mainly based on Attribute-Based Encryption (ABE) and short signatures (SSign) to encrypt, decrypt and sign operation on data. Cloud services are very fragile in terms of attacks. R. Shaikh and M. Sasikumar [15], was proposed a security model to measure the trust and compute the strength of security. To validate this model, CSA (Cloud Service Alliance) services are used to measure security and service quality. The mobile cloud computing is low computational devices which increase the overhead of transmission. A. N. Toosi et al. [18], was presented a survey on Cloud Interoperability. They discussed about scalability and resource limitations in the cloud environment, and how energy-saving a vital role plays in technology to move towards the cloud interoperability. The small mobile devices are very capable and remove all the barriers of the network. N. V. Juliadotter and K.-K. R. Choo [20], provides a brief taxonomy of cyber-attacks on the cloud. The CERT statistics are used to find out the motivation of attacks and it also finds the risk assessment scenario to reduce the impact of the attack. A. S. Sendi and M. Cheriet [21], was presented a Fuzzy Multi-Criteria Decision Making (FM-CDM) technique for analyzing customer’s risk in the cloud environment. It is a quantitative risk assessment model to maintain the continuous security of cloud-based on the iterative and incremental approach. N. H. Ab Rahman and K.-K. R. Choo [22], was presented the Conceptual cloud incident handling model for effective handling of the incident in the cloud. The working of the model is based on digital forensics and incident handling to manage the data effectively. Nowadays, mobile data storage in the cloud becomes more operational. Data owners store their data without any privacy and access control concern; Q. Li et al. [30], was proposed the Privacy-Preserving Cloud-assisted Mobile Multimedia (PPCMM) data-sharing scheme. This scheme is mainly based on ciphertext-policy attribute-based encryption (CP-ABE). For encryption and decryption of multimedia, CP-ABE used there attributes like name and value which reveals the access policy of data owner. The access policy does not provide much security at the time of the attack; as resultant end-to-end data security comes into the security frame. M. Shiraz et al. [16], was proposed the Computational Offloading Frameworks (COFs) analyze the resource-intensive nature of data at the time of offloading. The virtual mobile policies are used to measure energy consumption, and computational time is required for the transmission of data. J. Liu et al. [17], was reviewed the issues and challenges of Application Partitioning Algorithms (APAs) in mobile cloud computing. The analysis of APAs is based on the computation ratio and allocation decision of data. M. Alizadeh et al. [19], was presented the survey on various issues of mobile cloud computing in terms of privacy and security. The mobile cloud computing (MCC) authenticate data owner to use the services of cloud storage. Trust and data security arise challenges for the cloud service provider.

2.2 The limitation of different cryptographic techniques

Cloud is a vulnerable space where lots of attacks are executed on multimedia. To secure cloud storage cryptographic techniques are applied for encryption before uploading to the cloud storage server. The cryptography technique is mainly based on key management. There are three different types of key management techniques: (i) Symmetric key requires a single key for encryption and decryption, (ii) Asymmetric key requires pair of keys, one for encryption and another for decryption, and (iii) Hashing is technique for conversion of original text into fixed size of hash values. The cryptographer is using these techniques in much-prescribed input selection modes. Encryption algorithm gets the data in two different forms (i) Block cipher and (ii) Stream cipher. In block cipher, the message is divided into sub-blocks. And, each sub-block consist of fixed (b - bit) size for encryption. In a stream cipher, the data is fragmented in a bit of stream for encryption. The cryptographic algorithm intake the raw data in five different modes:

Electronic Code Book (ECB): In this, the original message is broken down into a bunch of sub-blocks. Each sub-block consist of (b - bit) of the size which is encrypted with ^′K′ key and then send it to the receiver. It is the simplest way for encryption and decryption of raw data.

Cipher Block Chaining (CBC): It uses the initialization vector (IV), XOR, and key ^′K′ for encryption. The feed of the first block is intake as an input for another block and this process has continued till the end of the encryption.

Cipher Feedback Mode (CFM): In this, the ‘S’ significant left bit of the original message is XOR with initialization vector (IV) which is encrypted with key ^′K′. The feed of the first block is input to shift register, this process is continued for remaining blocks.

Output Feedback Mode (OFM): It creates a bit of keystream for encryption of data. The block is converted into stream cipher for encryption using the initialization vector.

Counter (CTR): It uses nonce and counters to encrypt the plaintext with a bit keystream. The nonce value is a one-time unique value for encryption.

Now, every cryptographic technique has certain limitations and drawbacks which will affect the encryption process. Encryption is used to provide the complete security of data. O. Arki et al. [29], was proposed the multi-agent framework for remote storage and provide the integrity and confidentiality of data. Here, they use the client-side encryption method based on a hybrid combination of (AES + RSA) algorithm. Meyers and Desoky [9] was proposed blowfish and XOR technique for the encryption of multimedia (like Text (txt), Rich text format (RTF), Window media audio (WMA), Window media video (WMV), and Zip compressed (ZIP)). The input data follows the CBC mode; S-box generation is used for fast computation of algorithm. T. Nie et al. [10], was implemented an 802.11 wireless network and they transmitted the randomly generated plaintext of 128-byte size block. The text file is encrypted with Blowfish and DES technique and the result comparison shows that encryption speed and power consumption of blowfish are much better than the DES technique. There is a various drawback of DES technique; M. Sharma and R. B. Garg [11] presents a deep survey on open challenges of DES algorithm; it takes huge encryption time and it also vulnerable against brute force attack. For lightweight cryptography, the DES algorithm is a very suitable candidate. S. Rajput et al. [12], was implemented the AES algorithm for cloud security. They use the variable length of the message block size for encryption. The result is compared with DES (64, 64) and DES (64, 128) of (key size and block size) and it shows that AES (128, 128) takes less memory for the execution in the cloud. For the security of storage data; P. Kumar and S. B. Rana [13], was presented the modified AES algorithm. Here, the addition of one more round at the time of encryption has enhanced the performance of the algorithm. For a different text file, various traditional encryption algorithms like (DES, 3DES, and AES) are compared with the modified AES algorithm and it is concluded that the addition of one more round makes more secure and less prone at the time of attack. Cloud-based applications and services require security while uploading the data; A. Bhardwaj et al. [14], was compared the performance of different symmetric (DES, 3DES, and AES) and asymmetric (RSA) algorithms. The result evidence that AES takes less computational time than another algorithm. M. Sohal and S. Sharma [23], was proposed a multifold symmetric-key cryptography technique for client-side data encryption. The objective of this work is to prevent unauthorized access to user’s data.

3 A proposed system model for multimedia security in the cloud data server

The biggest challenge for cloud users is multimedia security in the cloud data server. So, this section presents the solution for multimedia security based on the encryption technique. First; we proposed a system model that highlights the secure hidden layer in the cloud for the key management system, and it also explains the assess control modules of each user then; we represent the proposed encryption technique for storage server and also check the confidentiality of multimedia.

3.1 The proposed system model

After a thorough study of various research papers, we have proposed Secure Hidden Layer (SHL) cloud architecture for multimedia storage. Fig. 2 represents the proposed system model for end-to-end data security in the cloud. Here, it consists of five different modules that provide access control for every user.

Fig. 2

The proposed System Model for Secure data storage in the cloud.

User_id()

File_Info()

User_Share()

–Cloud Service Consumer (CSC): The CSC has very limited access to cloud resources. The access control like read/write, delete, update, and share is a common attribute for cloud users.

User_id()

File_Type()

File_Size()

–Key Management Server (KMS): It is a unique implementation in Secure Hidden Layer (SHL) architecture to manage both symmetric and asymmetric keys. KMS is used as key splitter and store the key securely at Share Holder Server (SHS).

User_id()

File_Info()

Share_Holder()

Key_type()

–Share Holder Server (SHS): The SHS is divided into two different parts (a) Primary share holder: It stores the public key (K_public (x_i)) of the symmetric key algorithm, and (b) Secondary share holder: In this the private key K_private (y_i) of the asymmetric algorithm is stored at SHS. The attributes of SHS are,

User_id()

File_Info()

K_public (x_i)

–Log editor: It uses to maintain the log for every user. The attributes like User_id(), Server_Id(), Server_Time(), and Status() are used to maintain the logs client and server transmission and storage of data.

3.2 The proposed system model description

The proposed system model allows users to upload and download data securely from the cloud. The security of multimedia is achieved by using the encryption and decryption agents. There are seven individual agents are work for authentication, encryption/decryption, key management, and storage of multimedia. The detailed working of agents are as follows;

Interface agent: It is the frontend of the application and the cloud storage. It provides the appearance for data and access modules to users. Before uploading or downloading any multimedia the interface agent authenticates the user credential. If the user is not authentic then all the access controls are denied.

Authentication agent: The work is to provide authentication to users. Here, the authentic user will only upload or download the multimedia. The other vectors of authentication agents are to deny the login request of unauthorized users and it also takes control at the time of multiple logins.

Key agent: It uses the random stream for key generation. The key is divided into two types (i) public, and (ii) private. The public key is used for encryption whereas the private key is used for the decryption.

Key server agent: It works as a key storage and distribution server. Ones the key generation process is over the public key is sent for encryption; whereas the respective private key is saved at the key server agent and it is only retrieved at the time of decryption; the user sends a download request to storage agent.

Encryption agent: It is responsible for data encoding and public key encryption. This process contains the key agent and key server agent for generation and encryption of multimedia. It is the black box process so the end-user doesn’t aware of key generation and storage.

Decryption agent: It decodes the encrypted data using the private key. Here, the user sends the download request to the storage agent, respectively the decryption key is retrieved from the key server agent.

Storage agent: It holds the encrypted multimedia which is shared by the users. It is a secured storage server that resists all the types of a possible attack.

The scenario for multimedia encryption and storage is as follows: The interface agent collects the credential of users and sends it to the authentication agent. Ones the user is authenticated the user starts to download or upload the multimedia. Here, the user first sends the multimedia upload request simultaneously the encryption agent sends the request to key agent for the generation keys. The encryption is only needed the public key to encrypt the multimedia and the other is saved for the decryption in key server ant. Ones the file is encrypted it is stored at the storage agent and users get the successful acknowledgment. The sequence diagram is used here to summaries the interaction between the different agents. Fig. 3 represent the interaction between the agents in the case of uploading the steps are as follows:

Step 01: The user sends the authentication (username and password) request to the interface agent.

Step 02: The interface agent checks the credential and authenticates the user.

Step 03: The interface agent returns the Auth(success) to the interface agent.

Step 04: The user sends the upload request to the interface agent.

Step 05: The interface agent sends the request to the encryption agent for multimedia encryption.

Step 06: Encryption agent initialize the key agent for the generation of the key.

Step 07: The key agent generates public and private keys.

Step 08: The public key is retrieved by the encryption agent. And private key is stored in the key server agent.

Step 09: The encryption agent encrypts the multimedia and sends it to the storage agent.

Step 10: The storage agent stores encrypted multimedia.

Step 11: The successful store message return to the interface agent.

Step 12: The interface agent displays the success message to the user and the file is stored in cloud storage.

Fig. 3

Multimedia Storage in Cloud Data Server.

To retrieve the multimedia from cloud storage, the user sends the retrieval request to the storage agent. The interface agent directly sends the request to the storage agent. Fig. 4 represent the sequence diagram of different agent interaction, the steps are as follows:

Step 01: The user provides the credential to the interface agent.

Step 02: The interface agent sends the request to the authentication agent.

Step 03: Authentication agent verify the credential and send the success message to the interface agent.

Step 04: User requests to download the multimedia from cloud storage using an interface agent.

Step 05: The interface agent sends the request to the storage agent.

Step 06: Storage agent retrieves the encrypted file and simultaneously its search for the private key.

Step 07: The private key search request sends to the key server agent.

Step 08: The key server agent searches the key based on the encryption logs.

Step 09: The key server agent retrieves the private key and sends it to the key agent.

Step 10: The key agent decrypts the encrypted multimedia and sends it to the decryption agent.

Step 11: The decryption agent sends the multimedia to the interface agent.

Step 12: The interface agent creates the download link for the user.

Step 13: The user downloads the original multimedia from the cloud storage server.

Fig. 4

Multimedia Retrieval from Cloud data server.

3.3 The proposed encryption technique

Encryption is the process to achieve the confidentiality of data. Moreover, encryption not only provides the confidentiality but also guarantees the secrecy of data. Encryption is a very complex process and it needs a high level of key management. Encryption techniques are consist of symmetric (like AES, DES, Blowfish, etc.) and asymmetric (like RSA, DSA, Elliptic curve technique, etc.) techniques. Furthermore, the security of multimedia is achieved by using both the type of key management system. But the selection of encryption technique is based on the four different properties such as (i) Structure of algorithm, (ii) Input message block, (iii) Length of the key, and (iv) Number of rounds. Now, for all symmetric key cryptosystem structure of encryption is mainly based on the Feistel or Permutation & substitution types, the input message block is consists of 64 or 128 bits, the length of the key has mainly fluctuated from 56 to 256 bits, and it covers 16 to 48 rounds for encryption. Now, for asymmetric key cryptosystem is consist of two properties (i) Input message block, and (ii) Length of the key. Here, data is input in the form of stream cipher which provides flexibility in the user input size, the length of the key varies from 1024, 2048, or 4096 bits. The prime feature of asymmetric key selection is based on the factorization and moduli. Now the question arises that the appropriate selection of encryption techniques for data security. Now, the appropriate selection in-between asymmetric and symmetric key is done on the basis of two properties:

The computational time of encryption, and

Key distribution technique.

In the case of computational time, the symmetric key requires less CPU cycle then asymmetric key algorithms. So, the algorithm based on the symmetric key much faster than the asymmetric key. But in the case of key distribution, asymmetric key cryptosystem uses the pair of keys, one for encryption and other for decryption, it provides ease for users to share the key securely. The keys are mainly based on the prime factorization concept which is secure against any type of timing attack. Whereas, in symmetric key cryptosystem the single key is used for encryption/decryption and the distribution of that key is a very challenging task for the user. In the year 2019, researchers are successfully factored the RSA-240 and it approximately takes 900 core-year computing power [33]. In the 2010, factorization of 768-Bit RSA Modulus is down [34]. Now, it is estimated that 1024, 2048, and 4096 bit RSA would take huge processing for factorization. So, it proves that the asymmetric key technique provides better performance against attacks then symmetric key cryptosystem. This paper adopts the asymmetric technique for multimedia encryption. The proposed technique is a modified version of RSA named K-RSA which is mainly based on the Chinese Remainder Theorem (CRT), which makes 4× times fast computing during the encryption. For the requirement of the paper, we just briefly describe the CRT technique for asymmetric encryption. CRT is a number theory technique that uses the Euclidean division of integer ‘n’ by several integers the only condition is that the divisors are co-prime [5]. This technique was first developed in the 3rd century AD by the Chinese mathematician Sunzi Suanjing.

Theorem 1: Let m₁, m₂, m₃, …, m_r denote the ‘r’ positive integers that are relatively prime in pairs. Let a₁, a₂, a₃, …, a_r denotes any ‘r’ integers. Then the congruence: $\begin{matrix} \begin{matrix} X_{0} \equiv a_{1} (\mod m_{1}) \\ X_{0} \equiv a_{2} (\mod m_{2}) \\ . \\ . \end{matrix} \\ \begin{matrix} . \\ X_{0} \equiv a_{r} (\mod m_{r}) \end{matrix} \end{matrix}$ (1)

The common solutions to‘X₀ ’ is give one such solution iff it satisfies the form of, $X = X_{0} + k_{m}$ (2)

For some integer ‘k’ here m = m₁, m₂, m₃, …, m_r.

Proof: If m = m₁, m₂, m₃, …, m_r then we see that $\frac{m}{m_{j}}$ is an integer and that ( $\frac{m}{m_{j}}$ , m_j)=1. So, there is an ‘X’ such that ( $\frac{m}{m_{j}}$ ) X ≡ 1(mod m_j) any two such ‘X’ are congruent. If ( $\frac{m}{m_{j}}$ , m_j) > 1, then there is no such ‘X’. So, for each ‘j’ there is an integer b_j such that ( $\frac{m}{m_{j}}$ )b_j≡ 1(modm_j). Clearly ( $\frac{m}{m_{j}}$ )b_j≡ 0 (modm_i) if i≠j. Then, $X_{0} = \sum_{j = 1}^{r} \frac{m}{m_{j}} b_{j} a_{j}$ (3)

Wconsider this as (number×mod m_i) and find that, $X_{0} \equiv \frac{m}{m_{i}} b_{i} a_{i} \equiv a_{i} (\mod m_{i})$ (4)

Thus, X₀ is the solution of the system (1), If ‘X₀’ and ‘X₁’ are two solutions to the system (1).

Then,X₀ ≡ X₁ (mod m_i) for (i = 1, ... r).

Since, X ≡ y (mod m_i) for (i = 1, 2 ... r).

Iff, X ≡ y (mod [m₁, m₂ … , m_r])

Hance, X_o ≡ X₁ (mod m) this complete the proof of CRT. Now, how the CRT is collaborating tthe A encryption algorithm. The mathematicaaboration for CRT with RSA is given as,

Let (n₁, n₂, n₃, …, n_k) be the pairwise coprime and it is greater than 1, and(a₁, a₂, a₃, …, a_k) be any integer value. Then the representation of equation is given as in Equation 5, $a^{(phi (n))} = 1 modn$ (5) For all ‘a’ and ‘n’ the CRT we say that, $X = = a_{1} \mod p$ (6) $X = = a_{2} \mod q$ (7)

From Equations 6 and 7, ‘p’ and ‘q’ are relatively prime, and a unique solution is given by Equation 8, ${m = c}^{d} mod (p \times q)$ (8)

From Equation 8, we calculate the ‘n’ value in Equation 9 $X = = a mod (p \times q)$ (9)

Using the Equation 7, we calculate individual message prime value in Equations 8 and 9. For the message ‘m1’ and ‘m2’. ${m 1 = c}^{d} mod p$ (10) ${m 2 = c}^{d} mod q$ (11)

While using the Equations 10 and 11 the prime factorization module of message ‘m’ is given by Equation 12. ${m = c}^{d} (\mod n) [for, squom 1^{'} and squom 2^{'}]$ (12)

It is a unique and 4× times fast computing of ‘m1’ and ‘m2’. Before, deep-diving inside the multimedia security. Table 3 represents the basic communication steps for cloud users to download and upload the data to the cloud storage server.

Table 3

Basic Communication with Cloud Storage Server

File Type: Text and Video
Client-Side		Receiver Side
Input: Multimedia_Data (M)	⟶	Input: Encrypted_file (M)
Processing: Encrypt (M)		Processing: Decrypt (M)
Upload encrypted files.		Download Original file

Here, in this paper, the proposed cryptography algorithm is based on a complete encryption technique. The input data are completely encoded which creates no modification on pixels and frames. The step-by-step procedure for data encryption is presented in the next sub-section.

3.4 The proposed encryption technique description

The encryption of multimedia is based on the asymmetric key cryptosystem. Table 4 defines the notation used for the encryption process.

Table 4
Notations for Proposed Encryption Technique

Notations Definitions

M/E1 Multimedia/Encrypted file for the data owner

Encrypt()/Decrypt() Function to encode and decode multimedia file

RandPrime() Function to generate a prime number

K-RPublic / K-RPrivate K-RSA public key and private key for cloud data server

Auth() Function to authenticate the users

S/S1() Function to store the multimedia file in the data server

Request() Function to retrieve the multimedia from the cloud data server

C/S1() Function to identify the size of multimedia

M/M1 Multimedia/Original multimedia file

Split() Function to split the multimedia into sub-blocks

C/P1() Function to calculate the relative primes using CRT

S/S2() Function to store the private key at the key storage server

Notations	Definitions
M/E1	Multimedia/Encrypted file for the data owner
Encrypt()/Decrypt()	Function to encode and decode multimedia file
RandPrime()	Function to generate a prime number
K-RPublic / K-RPrivate	K-RSA public key and private key for cloud data server
Auth()	Function to authenticate the users
S/S1()	Function to store the multimedia file in the data server
Request()	Function to retrieve the multimedia from the cloud data server
C/S1()	Function to identify the size of multimedia
M/M1	Multimedia/Original multimedia file
Split()	Function to split the multimedia into sub-blocks
C/P1()	Function to calculate the relative primes using CRT
S/S2()	Function to store the private key at the key storage server

The proposed encryption technique contains three steps which are explained as follows.

Step 1: Data encoding and prime number generation: The data owner uploads multimedia to the cloud. The Encrypt() function is used for conversion of raw data to binary form; C/S1() function is used to check file size; and Split() function is used for division of file into small blocks; RandPrime() is used for prime number generation.

Step 2: Generate Encryption and Decryption key: Cloud server is responsible for key generation based on the CRT technique. The C/P1() function is used to calculate K-RPublic and K-RPrivate key for a cloud data server. C/P1 is used to compute the key using Euler’s function φ(n), where ‘n’ is the number of elements $Z_{n}^{*}$ relatively prime; and (M/M1) ^{K-RPublic,K-RPrivate} = (M/M1) modn; then the (K-RPublic×K-RPrivate) = 1 mod φ(n); is used to calculate the encryption and decryption key.

Step 3: Encryption and Decryption: The proposed technique is based on the complete encryption technique. So, Encrypt() and Decrypt() function is used to convert the data into binary strings. After conversion, the small blocks are taken by K-RSA for encryption. M/E1 is used to store encrypted multimedia file; M/E1 = Encrypt((M/M1) ^K-RPublicmod n); S/S1() function is used to store the encryption file. For decryption, the encrypted file is retrieved from the storage server using the S/S1() function; S/S2() function is used to retrieve the private (K-RPrivate) key from the key storage server. Decryption is used to retrieve the original message M/M1 = Decrypt((M/E1) ^K-RPrivatemod n); send the original message to the data owner.

Algorithm 1

K-RSA: The Proposed Encryption Technique

1: Upload multimedia file (video and text)

2: Cloud: (encode) Encrypt(M/M1);

3: Cloud: Split() = C/S1(M/M1);

4: Cloud: Compute(‘p’ and ‘q’) = R and Prime();

5: Calculate n = (p × q);

6: Compute Euler’s function φ(n), where ‘n’ is the number of elements

Z_{n}^{*}

relatively prime;

7: φ (n) = (p-1) (q-1);

8: Cloud: Calculate(K-RPublic / K-RPrivate) = C/P1();

9: (M/M1) ^{K-RPublic,K-RPrivate} = (M/M1) modn;

10: (K-RPublic×K-RPrivate) = 1 mod φ(n);

11: Storage of Multimedia Data

12: Cloud: Compute(K-RPublic / K-RPrivate);

13: Cloud: Data owner: S/S2(K-RPrivate, n);

14: Cloud Encryption M/M1;

15: Cloud: M/E1 = Encrypt((M/M1) ^K-RPublicmodn);

16: Data owner: Cloud: Store: S/S1(M/E1);

17: Data owner (get) cloud: receive(successful encrypted, M/E1);

18: Retrieving the Encrypted Multimedia Data

19: Data owner (request) cloud: Retrieve(M/E1);

20: Cloud: Auth(Data owner)

21: Auth(username, password) {

22: if(credential (is correct)) then

23: Cloud (get): send(M/E1)

24: Else

25: Revoke(credential); }

26: Cloud: (decode) Decrypt(M/E1)

27: Cloud: Data owner: Split() = C/S1(M/E1);

28: Cloud: (share with) Decrypt(M/E1);

29: Cloud: Retrieve(K-RPrivate, n) ← S/S2();

30: Cloud: M/M1 = Decrypt((M/E1) ^K-RPrivatemodn)

31: Data owner (receive) cloud: Send(successful decrypted, M/M1)

At last, the working of the log editor is to check the system log periodically for every 60 sec. The data shareholders server is used to check the frequency of the user’s login and maintain the private key of every encrypted multimedia file stored at the cloud storage server (CSS).

4 Implementation and case study

This section deals with the implementation of the proposed system model in our local system. This paper is mainly based on secure data storage in the cloud data server, but the problem was we cannot create the whole cloud environment. So, we have simulated the secure storage operation at the local system. For simulation we requires oracle 11 g for data storage, and it is assumed that data owners are encrypted the data and share with the server. The GUI interface is used to encrypt the multimedia. The rest of the systems is implemented using Eclipse V 3.5.1, using JDK 8 on the Windows 8.1 platform having the hardware specification of Intel Core i5 CPU with frequency 1.70 GHz of the clock with 4GB RAM on×64-bit processor. The proposed encryption technique is named K-RSA (means, the combination of RSA and CRT) for encryption with a key size of 512 bit asymmetric key.

Figure 5 represent the API interface, where the multimedia file is uploaded, simultaneously the key is generated for encryption. The cloud storage stores two things (i) Private Key and (ii) Encrypted file. The oracle server is used to store the encrypted file and key of the data owner.

Fig. 5

API Interface for Encryption ad Decryption.

4.1 Case Study 1: The plaintext file (.txt) encryption and decryption

This case study is prepared on the basis of the randomly generated text file which is used for encryption and decryption. The text file is in the format of (.txt) and it is generated by using the website (https://www.lipsum.com/). The size of files are varies from (5, 10, 15, 20, 25, and 30) kb respectively the word count are (758, 1516, 2274, 3032, 3790, and 4548) and character count are (5097, 10194, 15291, 20388, 25485, and 30582). The parameters are considered for encryption and decryptions of text files are:

Input: Text File (.txt)

Output: Encrypted file

Algorithm: K-RSA

Comparison: Blowfish, AES, DES, DNA, BDNA

Key Size: 512 bit

Evaluation: File size and Encryption time.

Table 5 represents the comparison of the text file on the basis of size in (kb). The proposed K-RSA results are compared with the traditional encryption technique (M. Sohal and S. Sharma [23]). The result is evaluated on the basis of two properties (i) Encrypted file size expansion and (ii) Time to encrypt the multimedia file. The comparison table represents the various size of the plaintext; various encryption techniques like (Blowfish, AES, DES, DNA, and BDNA) is applied and compared with the proposed technique (K-RSA). The encryption technique shows the size expansion of ciphertext. Here, 5 kb of plaintext size is encrypted with different techniques and produce 6.76 kb of ciphertext by Blowfish, 6.86 kb by AES and DES, 6.67 kb by DNA, 5.83 kb by BDNA and 5.21 kb by K-RSA. Similarly, for every plaintext size K-RSA perform out well than other traditional techniques. The comparison of the result shows that K-RSA technique generates less size of ciphertext than other traditional techniques. And it is proved that K-RSA technique occupies less memory size for the cloud storage server.

Table 5
The comparison of ciphertext with given plaintext size

Plain text size in (kb) Ciphertext size in (kb)

Blowfish AES DES DNA BDNA K-RSA

5 6.76 6.86 6.86 6.67 5.83 5.21

10 13.52 13.70 13.70 13.33 11.66 10.27

15 20.27 20.55 20.55 20.0 17.5 15.43

20 27.03 27.39 27.39 26.67 23.34 20.89

25 33.78 34.25 34.25 33.33 29.17 25.79

30 40.5 41.09 41.06 40.0 35.0 30.51

Plain text size in (kb)	Ciphertext size in (kb)
5	6.76	6.86	6.86	6.67	5.83	5.21
10	13.52	13.70	13.70	13.33	11.66	10.27
15	20.27	20.55	20.55	20.0	17.5	15.43
20	27.03	27.39	27.39	26.67	23.34	20.89
25	33.78	34.25	34.25	33.33	29.17	25.79
30	40.5	41.09	41.06	40.0	35.0	30.51

The second property for evaluation of encryption technique is ‘encryption time’. Fig. 6 represents the comparison of encryption time of various traditional technique (Blowfish, AES, DES, DNA, and BDNA) with proposed technique (K-RSA). Here, 5 kb of plaintext takes 0.054 sec in Blowfish, 0.053 sec in AES and 0.152 sec in DES, 0.200 sec in DNA, 0.048 sec in BDNA and 0.038 in K-RSA (for encryption). Similarly, the encryption time of different file sizes (10, 15, 20, 25 and 30) kb using K-RSA is as follows (0.065, 0.096, 0.128, 0.161, and 0.192) sec. The other traditional technique encryption times for different file size (10, 15, 20, 25 and 30) kb are as follows; Blowfish (0.074, 0.097, 0.130, 0.133, and 0.170); AES (0.081, 0.106, 0.172, 0.198, and 0.218); DES (0.283, 0.405, 0.571, 0.785, and 0.955); DNA (0.483, 0.625, 0.972, 1.250, and 1.487); BDNA (0.066, 0.090, 0.106, 0.123, and 0.149). The result evidence that K-RSA technique take less time for encryption and it also require less space for storage of text file.

Fig. 6

The comparison of encryption time (sec) for different algorithm.

4.2 Case Study 2: The video file (.mp4) encryption and decryption

This case study is related to the video file (.mp4) for encryption and decryption. The video file is in the format of (.mp4) and it is downloaded from the website (www.sample-videos.com). The size of files varies from (1, 2, 5, 10, and 20) Mb. MP4 or MPEG-4 method is used to compress the audio and visual format. The video format (.mp4) is a Quick Time File Format (QTFT), which is usually working with portable multimedia devices; Table 6 presents the different video formats which are used for simulation.

Table 6
The description of video file format

Size (Mb) Format Time (sec) Frames Dimension Link

1 mp4 13 195 360×240 https://www.sample-videos.com/video123/mp4/240/big_buck_bunny_240p_1 mb.mp4

2 mp4 26 390 360×240 https://www.sample-videos.com/video123/mp4/240/big_buck_bunny_240p_2 mb.mp4

5 mp4 64 960 360×240 https://www.sample-videos.com/video123/mp4/240/big_buck_bunny_240p_5 mb.mp4

10 mp4 125 1875 360×240 https://www.sample-videos.com/video123/mp4/240/big_buck_bunny_240p_10 mb.mp4

20 mp4 285 4275 360×240 https://www.sample-videos.com/video123/mp4/240/big_buck_bunny_240p_20 mb.mp4

Size (Mb)	Format	Time (sec)	Frames	Dimension	Link
1	mp4	13	195	360×240	https://www.sample-videos.com/video123/mp4/240/big_buck_bunny_240p_1 mb.mp4
2	mp4	26	390	360×240	https://www.sample-videos.com/video123/mp4/240/big_buck_bunny_240p_2 mb.mp4
5	mp4	64	960	360×240	https://www.sample-videos.com/video123/mp4/240/big_buck_bunny_240p_5 mb.mp4
10	mp4	125	1875	360×240	https://www.sample-videos.com/video123/mp4/240/big_buck_bunny_240p_10 mb.mp4
20	mp4	285	4275	360×240	https://www.sample-videos.com/video123/mp4/240/big_buck_bunny_240p_20 mb.mp4

Each video file is consists of 15 frames/sec of the window, the screen size format of (360×240) pixels (number of points at each frame). The parameters are considered for encryption and decryptions of video files are:

Input: Video (.mp4)

Size: (1, 2, 5, 10, and 20) Mb.

Frame Rate: 15 frames/sec

Size: 360×240 resolution

Algorithm: K-RSA

Comparison: Blowfish, AES, DES, and RSA

Key Size: 512 bit

Evaluation: File size and Encryption time.

Fig. 5 is used for encryption and decryption of video files. The video file is consists of a large size so to reduce the computation of the algorithm, first, we divide the file into sub-blocks. Table 7 represents the size indexing of five different sample video data.

Table 7

Size indexing for the encryption

Size Indexing for all five different video sample
1 mb	2 mb	5 mb	10 mb	20 mb
00000-65853	00000-131274	00000-328090	000000-659163	0000000-1311582
65853-131706	131274-262548	328090-656180	659163-1318326	1311582-2623164
131706-197559	262548-393822	656180-984270	1318326-1977489	2623164-3934746
197559-263412	393822-525096	984270-1312360	1977489-2636652	3934746-5246328
263412-329265	525096-656370	1312360-1640450	2636652-3295815	5246328-6557910
329265-395118	656370-787644	1640450-1968540	3295815-3954978	6557910-7869492
395118-460971	787644-918918	1968540-2296630	3954978-4614141	7869492-9181074
460971-526824	918918-1050192	2296630-2624720	4614141-5273304	9181074-10492656
529824-592677	1050192-1181466	2624720-2952810	5273304-5932467	10492656-11804238
592677-658530	1181466-1312740	2952810-3280900	5932467-6591630	11804238-13115820
658530-724383	1312740-1444014	3280900-368990	6591630-7250793	13115820-14427402
724383-790236	1444014-1575288	3608990-3937080	7250793-7909956	14427402-15738984
790236-856089	1575288-1706562	3937080-4265170	7909956-8569119	15738984-17050566
856089-921942	1706562-1837836	4265170-4593260	8569119-9228282	17050566-18362148
921942-987795	1837836-1969110	4593260-4921350	9228282-9887445	18362148-19673730
987795-1053651	1969110-2100396	4921350-5249454	9887445-10,546,620	19673730-20,985,324

Table 7 represents the size indexing of different sizes (1, 2, 5, 10 and 20) MB is taken for encryption. The size indexing is one of the tedious tasks and it depends on two things (i) Length and (ii) Negative values. The length is divided into two parts odd and even. For odd size, the fixed padding is applied with original file size and for even size indexing works normally. The second issue is negative values which are handled by java cryptography extension (JCE).

Here, we encrypt the original file with different traditional and proposed encryption techniques. Table 8 represents the comparison of the traditional algorithm (Blowfish, AES, DES, and RSA) with the proposed encryption technique (K-RSA) for different video file size. The results are compared for both symmetric and asymmetric algorithms; for the symmetric-key algorithm, the Blowfish is performed well then AES and DES; whereas for the asymmetric algorithm, the K-RSA presents better results than RSA. As a conclusion, it is found out that there is an expansion of (19% to 27%) in encrypted file size. Overall evaluation of cryptographic technique is K-RSA has performed better than other traditional algorithms.

Table 8

The comparison of original video size with encrypted video

Original video size in (Mb)	Encrypted Video Size in (Mb)
	Blowfish	AES	DES	RSA	K-RSA
1	2.352	2.36	2.391	1.781	1.21
2	3.352	3.37	3.391	2.732	2.91
5	6.352	6.369	6.391	5.7818	5.27
10	11.352	11.369	11.391	10.78	10.23
20	21.352	21.3696	21.391	20.7817	20.27

Figure 7 is the graphical representation of encryption time for different video samples using the proposed system model. The comparison of the symmetric and asymmetric algorithm is based on the encryption time. As we see, the result of AES takes less time than other symmetric techniques DES and Blowfish; and for the asymmetric algorithm, K-RSA take less time than RSA algorithm. The domination of K-RSA over the Blowfish, AES, DES and RSA has visually appeared for every file size, and the combination of RSA and CRT provides better results at the time encryption. Furthermore, it is noticed that the encryption time is reduced by approximately 50% using the proposed encryption technique.

Fig. 7

The comparison of encryption time for different video file size.

4.3 Performance evaluation

This section is used to evaluate the performance of the proposed system model on the basis of throughput. It is the rate of transmission for the encrypted messages successfully uploaded to the cloud storage server. Maximizing the throughput provides better performance at the time of encryption. $Throughput = \frac{Plain text size}{Encryption Time}$ (13)

Table 9 represents the throughput calculation of various algorithms for text files (.txt). Here, the throughput of BDNA, Blowfish, AES, DES, and DNA are 180.4, 159.6, 126.8, 33.32, and 20.92 kb/sec respectively. Whereas, the throughput of K-RSA is 181.89 kb/sec. The result shows the proposed encryption technique has maximum throughput among all traditional algorithm and it is evidenced that K-RSA performs better than other encryption techniques at the time of uploading and communication.

Table 9

Throughput calculation of various algorithm for plaintext encryption in (kb/sec)

Algorithm	BDNA	Blowfish	AES	DES	DNA	K-RSA
Throughput (kb/sec)	180.4	159.6	126.5	33.32	20.92	181.89

Table 10 represents the throughput calculation of various algorithms for video files (.mp4). Here, the throughput of Blowfish, AES, DES, are RSA are 0.0536, 0.1195, 0.0321, and 0.0475 (Mb/sec) respectively. Whereas, the throughput of K-RSA is 0.1740 (Mb/sec). The result is evidenced that K-RSA has maximum throughput among all traditional encryption algorithm and it provides better performance at the time of transmission and uploading.

Table 10

Throughput calculation of various algorithm for encrypted video in (Mb/sec)

Algorithm	Blowfish	AES	DES	RSA	K-RSA
Throughput (mb/sec)	0.0536	0.1195	0.0321	0.0475	0.1740

4.4 Security analysis

This section is used to evaluate the proposed encryption technique (K-RSA) on the basis of various cryptanalysis and attacks. The testing of the K-RSA technique is based on three different types of attacks.

–Chosen Plaintext Attack (CPA): Here, the adversary chooses the arbitrary plaintext block and generates the respective ciphertext block. According to the proposed system model, SHL is responsible for data encryption and the data owner uploads the original multimedia (M/E1) for storage and transmission. In CPA, the adversary selects the random plaintext; lets as take a scenario where original multimedia (M/M1) is encrypted with K-RSA technique. Now the original message is presented as,

Original Message = M/M1 Encrypted Message: M/E1=(M/M1) ^K-RPublicmodn

Here, ‘K-RPublic’ is the public key and ‘n’ is moduli value (multiple of two prime numbers). In a chosen-plaintext attack, the adversary creates random plaintext and it is encrypted with ‘K-RPublic’ and ‘n’ to obtain the corresponding ciphertext. Here,M/M1′ is presented as a random plaintext that is encrypted with ‘K-RPublic’ and ‘n’.

Adversary: M/M1′.

The adversary required = ‘K-RPublic’ and ‘n’.

Now, at the time of the attack; the proposed system model is based on SHL and key management server (KMS). To execute the attack; the adversary requires the public key ‘K-RPublic’ and moduli ‘n’ for the creation of ciphertext, but the proposed system model has a KMS module which deletes the public key ‘K-RPublic’ and private key ‘K-RPrivate’ and ‘n’ is stored at SHS. So, this shows the adversary is not able to get the key for encryption because SHL provides a secure environment for the key storage and data encryption. The Auth() function is used to authenticate the users and only legit users access the multimedia.

–Known Plaintext Attack (KPA): In this, the adversary has access to both plaintext and ciphertext. This cryptanalysis is used to check thentropy of the key. Let us take a scenario for adversary attack,

The adversary has original multimedia: M/M1

The adversary has encrypted multimedia: M/E1

Adversary identifies public-key ‘K-RPublic’ and moduli ‘n’. Now, to decrypt the multimedia adversary requires private key ‘K-RPrivate’. To perform this attack adversary has to backtrack the public key and moduli. Now, K-RSA technique is based on 512 bit key size and moduli ‘n’ (which is constructed using multiple of two prime numbers). Now, the adversary has to perform prime factorization of moduli ‘n’ to reconstruct the K-RSA technique. The construction of K-RSA with a normal computer is not possible and it almost takes 2⁵¹² = 1.34 × 10¹⁵⁴ combination of CPU cycle or 13 billion years to retrieve the key. Another possibility is quantum computers which will calculate the key in the limited year.

–Ciphertext Only Attack (COA): Here, the adversary knows the entire encryption algorithm to access the ciphertext. Now, the proposed system model is deployed at the cloud server. And the services of the cloud are bind with Service-level agreement (SLA). The proposed system model also consists of several independent modules that create different security layers for data encryption. For multimedia storage security, the S/S1() and S/S2() functions are used to store the multimedia files and the private key of the K-RSA and Auth() function is used for authenticating the user. So, no unauthorized uses access the cloud server and it is impossible for any adversary to retrieve the algorithm of SHL and K-RSA from the cloud server.

Hence, the security of the proposed system model is precisely convinced that it is not easy to attack multimedia which is stored at cloud storage. The SHL and K-RSA provide a secure environment for the data owners.

5 Conclusion and future scope

Cloud is one of the venerable places where all the user shares their personal data. The data is present in various forms like document, video, audio, and images. These data are reachable to every user without any means of security. Storing the data in the cloud will require a huge amount of security and privacy. Here, we proposed a secure hidden layer (SHL) for key management and storage of data. The proposed K-RSA technique is used to encrypt the multimedia using 512 bit key size which doesn’t affect computational time and size after encryption. The experimental results evidence that the proposed encryption technique (K-RSA) is performed will against traditional encryption cryptosystems such as DNA, AES, DES, Blowfish, RSA, and BDNA in terms of size expansion and encryption time. The performance evaluation of the proposed system model is based on the throughput and it shows that the proposed encryption technique outperforms in both case study (text and video). The security analysis of encrypted multimedia is based on three different type’s attacks which are performed by the adversary (i) chosen plaintext attacks, (ii) Known plaintext attack, and (iii) Ciphertext only attack. And the analysis precisely convinced that SHL and K-RSA provide a secure environment for the storage of multimedia. The result evidences the novelty of the work in the field of cloud data security.

The main contributions of the paper are:

The proposition of a securely hidden layer model for key management servers in a cloud environment.

The proposition of key management server (KMS) for storing and sharing of cryptographic keys.

The combination of RSA and CRT (K-RSA) provides high security and less computational time for encryption.

The proposition of K-RSA provides end-to-end multimedia encryption.

The performance evaluation of SHL checks the packet rate of uploading and downloading.

The security analysis of the proposed encryption technique guarantees the security of data storage.

The perspectives of this study are:

The interface agent is used to upload and download multimedia from the cloud storage server.

The secure hidden layer allows authentication and encryption of multimedia.

The adaptation of the key management server enables key agents and key server agents to splitting and storing the key securely.

The future accepts of this study are:

End-to-End security provides a secure environment for data storage.

Secure hidden layer (SHL) and Key management server (KMS) provides a secure environment for Big Data storage.

The field like medical organizations and customer supports companies use SHL for storing secure multimedia data in the cloud.

Footnotes

Acknowledgment

I would also like to thanks our Institute Birla Institute of Technology, Mesra. Finally, I would like to acknowledge and thankful to the publisher of this Journal for its wide circulation and make a provision to reach this article to some readers.

References

Rivest

R.L.

, Shamir

and Adleman

, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM 21(2) (1978), 120–126. DOI: 10.21236/ada606588

Rachh

R.R.

, Mohan

P.V.A.

and Anami

B.S.

, Efficient Implementations for AES Encryption and Decryption, Circuits, Systems, and Signal Processing 31(5) (2012), 1765–1785. DOI: 10.1007/s00034-012-9395-0

Furht

, Data Encryption Standard (DES) and Advanced Encryption Standard (AES), Encyclopedia of Multimedia (2006), 135–136. DOI: 10.1007/0-387-30038-4_46

Kaaniche

and Laurent

, Data security and privacy preservation in cloud storage environments based on cryptographic mechanisms, Computer Communications 111 (2017), 120–141. DOI: 10.1016/j.comcom.2017.07.006

Niven

, Zuckerman

H.S.

and Montgomery

H.L.

, An Introduction to The Theory of Numbers, fifth ed., Wiley India, NewDelhi, 1991. ISBN-10:0471625469 and ISBN-13:978-0471625469.

Pansotra

E.A.

and Singh

E.S.P.

, Cloud Security Algorithms, International Journal of Security and Its Applications 9(10) (2015), 353–360. DOI: 10.14257/ijsia.2015.9.10.32

Zhang

, Zheng

and Lyu

M.R.

, BFTCloud: A Byzantine Fault Tolerance Framework for Voluntary-Resource Cloud Computing, 2011 IEEE 4th International Conference on Cloud Computing (2011). DOI: 10.1109/cloud.2011.16

Internet source: www.forbes.com/sites/forbestechcouncil/2017/01/17/why-cybersecurity-should-be-the-biggest-concern-of-2017/#264538c65218.

Meyers

R.K.

and Desoky

A.H.

, An Implementation of the Blowfish Cryptosystem, 2008 IEEE International Symposium on Signal Processing and Information Technology (2008). DOI: 10.1109/isspit.2008.4775664

10.

Nie

, Song

and Zhi

, Performance Evaluation of DES and Blowfish Algorithms, 2010 International Conference on Biomedical Engineering and Computer Science (2010). DOI: 10.1109/icbecs.2010.5462398

11.

Sharma

and Garg

R.B.

, DES: The oldest symmetric block key encryption algorithm, 2016 International Conference System Modeling & Advancement in Research Trends (SMART), (2016). DOI: 10.1109/sysmart.2016.7894489

12.

Rajput

, Dhobi

J.S.

and Gadhavi

L.J.

, Enhancing Data Security Using AES Encryption Algorithm in Cloud Computing, Smart Innovation, Systems and Technologies (2016), 135–143. DOI: 10.1007/978-3-319-30927-9_14

13.

Kumar

and Rana

S.B.

, Development of modified AES algorithm for data security, Optik 127(4) (2016), 2341–2345. DOI: 10.1016/j.ijleo.2015.11.188

14.

Bhardwaj

, Subrahmanyam

G.V.B.

, Avasthi

and Sastry

, Security Algorithms for Cloud Computing, Procedia Computer Science 85 (2016), 535–542. DOI: 10.1016/j.procs.2016.05.215

15.

Shaikh

and Sasikumar

, Trust model for measuring security strength of cloud computing service, Procedia Comput Sci 45 (2015), 380–389. DOI: 10.1016/j.procs.2015.03.165

16.

Shiraz

, Sookhak

, Gani

and Shah

S.A.A.

, A Study on the Critical Analysis of Computational Offloading Frameworks for Mobile Cloud Computing, Journal of Network and Computer Applications 47 (2015), 47–60. DOI: 10.1016/j.jnca.2014.08.011

17.

Liu

, Ahmed

, Shiraz

, Gani

, Buyya

and Qureshi

, Application partitioning algorithms in mobile cloud computing: Taxonomy, review and future directions, Journal of Network and Computer Applications 48 (2015), 99–117. DOI: 10.1016/j.jnca.2014.09.009.

18.

Toosi

A.N.

, Calheiros

R.N.

and Buyya

, Interconnected Cloud Computing Environments, ACM Computing Surveys 47(1) (2014), 1–47. DOI: 10.1145/2593512

19.

Alizadeh

and Hassan

W.H.

, Challenges and opportunities of Mobile Cloud Computing, 2013 9th International Wireless Communications and Mobile Computing Conference (IWCMC), (2013). DOI: 10.1109/iwcmc.2013.6583636

20.

Juliadotter

N.V.

and Choo

K.-K. R.

, Cloud Attack and Risk Assessment Taxonomy, IEEE Cloud Computing 2(1) (2015), 14–20. DOI: 10.1109/mcc.2015.2.

21.

Sendi

A.S.

and Cheriet

, Cloud Computing: A Risk AssessmentModel, 2014 IEEE International Conference on Cloud Engineering, (2014). DOI: 10.1109/IC2E.2014.17

22.

Ab Rahman

N.H.

and Choo

K.-K. R.

, A survey of information security incident handling in the cloud, Computers & Security 49 (2015), 45–69. DOI: 10.1016/j.cose.2014.11.006

23.

Sohal

and Sharma

, BDNA-A DNA inspired symmetric key cryptographic technique to secure cloud computing, Journal of King Saud University-Computer and Information Sciences (2018). DOI: 10.1016/j.jksuci.2018.09.024

24.

, Gai

, Qiu

and Zhao

, Intelligent cryptography approach for secure distributed big data storage in cloud computing, Information Sciences 387 (2017), 103–115. DOI: 10.1016/j.ins.2016.09.005

25.

Ferretti

, Marchetti

, Andreolini

and Colajanni

, A symmetric cryptographic scheme for data integrity verification in cloud databases, Information Sciences 422 (2018), 497–515. DOI: 10.1016/j.ins.2017.09.033

26.

Morales-Sandoval

, Gonzalez-Compean

J.L.

, Diaz-Perez

and Sosa-Sosa

V.J.

, A pairing-based cryptographic approach for data security in the cloud, Information Security 17(4) (2017), 441–461. DOI: 10.1007/s10207-017-0375-z

27.

Al Hamid

H.A.

, Rahman

S.M.M.

, Hossain

M.S.

, Almogren

and Alamri

, A Security Model for Preserving the Privacy of Medical Big Data in a Healthcare Cloud Using a Fog Computing Facility With Pairing-Based Cryptography, IEEE Access 5 (2017), 22313–22328. DOI: 10.1109/access.2017.2757844

28.

Xiong

, Xia

, Chen

and Shim

H.J.

, Secure multimedia distribution in cloud computing using re-encryption and fingerprinting, Multimedia Tools and Applications 78(21) (2019), 30297–30313. DOI: 10.1007/s11042-018-6981-6

29.

Arki

, Zitouni

and Eddine Dib

A.T.

, A multi-agent security framework for cloud data storage, Multiagent and Grid Systems 14(4) (2019), 357–382. DOI: 10.3233/mgs-180296

30.

, Tian

, Zhang

, Shen

and Guo

, Efficient Privacy-Preserving Access Control of Mobile Multimedia Data in Cloud Computing, IEEE Access 7 (2019), 131534–131542. DOI: 10.1109/access.2019.2939299

31.

, Yang

and Liu

, A novel security media cloud framework, Computers & Electrical Engineering 74 (2019), 605–615. DOI: 10.1016/j.compeleceng.2018.07.022

32.

Simmon

and Bohn

, An Overview of the NIST Cloud Computing Program and Reference Architecture, Concurrent Engineering Approaches for Sustainable Product Development in a Multi-Disciplinary Environment, (2012), 1119–1129. doi:10.1007/978-1-4471-4426-7_94

33.

Internet source: https://arstechnica.com/information-technology/2019/12/new-crypto-cracking-record-reached-with-less-help-than-usual-from-moores-law/.

34.

Kleinjung

, Aoki

, Franke

, Lenstra

A.K.

, Thomé

, Bos

J.W.

, Gaudry

, Kruppa

, Montgomery

P.L.

, Osvik

D.A.

, te Riele

, Timofeev

and Zimmermann

, Factorization of a 768-Bit RSA Modulus, Lecture Notes in Computer Science (2010), 333–350. doi:10.1007/978-3-642-14623-7_18