Authorization of Aadhar data using Diffie Helman key with enhanced security concerns

Abstract

In today’s digital era, the security of sensitive data such as Aadhaar data is of utmost importance. To ensure the privacy and integrity of this data, a conceptual framework is proposed that employs the Diffie-Hellman key exchange protocol and Hash-based Message Authentication Code (HMAC) to enhance the security. The proposed system begins with the preprocessing phase, which includes removing noise, standardizing formats and validating the integrity of the data. Next, the data is segmented into appropriate sections to enable efficient storage and retrieval in the cloud. Each segment is further processed to extract meaningful features, ensuring that the relevant information is preserved while reducing the risk of unauthorized access. For safeguarding the stored Aadhaar data, the system employs the Diffie-Hellman key exchange protocol which allows the data owner and the cloud service provider to establish a shared secret key without exposing it to potential attackers. Additionally, HMAC is implemented to verify the identity of users during the login process. HMAC enhances security by leveraging cryptographic hash functions and a shared secret key to produce a distinct code for each login attempt. This mechanism effectively protects the confidentiality and integrity of stored data. The combination of Diffie-Hellman key exchange and HMAC authentication provides a robust security framework for Aadhaar data. It ensures that the data remains encrypted and inaccessible without the secret key, while also verifying the identity of users during the login process. This comprehensive approach helps preventing unauthorized access thereby protecting against potential attacks, instilling trust and confidence in the security of Aadhaar data stored in the cloud. Results of the article depict that the proposed scheme achieve 0.19 s of encryption time and 0.05 s of decryption time.

Keywords

Hash based message authentication code (HMAC)cryptographic hash functions Diffie Hellman communications

1 Introduction

Depending on the demand, cloud computing provides the customers with large-scale, highly effective, multi-level and convenient resources but the transparency of cloud computing has caused various privacy concerns because the suspicious users have enjoyed the benefits of the transparency to target the system and to gain illegitimate benefits [1]. In many cloud computing service, the issues like malware threats, data and security violations have taken place through the human mistakes and security configuration weaknesses. As data storage in cloud environments becomes more centralized and data volumes continue to increase, ensuring the security of user information and resources becomes a significant challenge. This concern has captured the attention of cloud service providers and researchers, as they strive to address the evolving security requirements in the era of big data. However, existing information security methods are inadequate to meet these new demands and security threats have emerged as a significant obstacle to the advancement of big data technology [2]. To cope up with this revolution, the organizations have implemented the edge computing process but ensuring the suitable security is often a challenge in edge distributed atmosphere since data processing proceeds in outside edge of network, which results in the identity theft [3]. The primary focus of cloud storage is to provide data security of consumers, which is done through asystematic and well-organized strategy. In the existing works, the cloud security is performed by using CCAF multilayered security model, which offers improved data retrieval, safety strategies and action plans. In spite of these benefits, the existing methods have produced multiple security issues of cloud emphasis including management recognition fault, general cloud protection problems and authentication issues [4 –8]. All the participating entities has to be secure which further generates a secured cloud environment. An individual’s security measure not only influences the security of the assets present in the cloud. Bypassing the users defenses can also be caused by neighboring entities [9]. Storing and managing diverse types of user data in the cloud requires a significant database capacity. A reliable cloud platform should provide users with secure storage, sharing, and access options for their data. Cloud users can be located in different countries and access their data from various locations. Therefore, it is crucial to ensure the protection of stored cloud data from both authorized cloud users and malicious individuals within the cloud environment [10].

This proposed system has concentrated on security of Aadhaar in cloud computing. Aadhaar is globally considered as the biggest biometric identity scheme. Currently, biometric system is gaining popularity since it is the trustable alternative system of password based security system [11]. Conventional biometric identification and authentication techniques face significant challenges in terms of cross-matching and cross-application invariance. These challenges pose obstacles to the effectiveness of these systems as they can be susceptible to hacking. Consequently, the user’s information becomes vulnerable and easily traceable across all services and applications associated with their biometrics. There are concerns about the misuse or unauthorized access to this data, especially in scenarios where it is stored in large databases or transmitted over networks. Biometric systems can experience false acceptance, where an unauthorized person is incorrectly identified as an authorized user, or false rejection, where an authorized user is incorrectly rejected. These errors can be caused by factors such as environmental conditions, variations in biometric samples, or technical limitations of the system [12 –15].

To overcome these issues, this proposed system focuses on the security of Aadhaar identity card in cloud computing. Aadhar is a combination of biometric and demographic data, which can be accessed and downloaded through UIDAI website by entering its 12 digit code. It is linked with various prospectors such as banking transaction, loan, income tax, etc., which leads to the irresistible need of high level security in cloud computing. In this paper, image processing concept is proposed for processing the input images which includes different steps like preprocessing, segmentation and feature extraction, through which the digitalized image is enhanced and finally stowed in the cloud. Initially, the scanned image has been processed using Gabor filter, through which specific frequency and orientation features can be enhanced. Then processed image is segmented into samples by Nonlinear Partial Differential Equation (NPDE) by which the input is segmented into distinct regions or features of interest. Scale-Invariant Feature Transform (SIFT) is used for extracting distinctive features like corners, edges and textures from images. Subsequently, Diffie-Hellman key exchange protocol is used to securely establish encryption keys for storing the data in the cloud, while the HMAC ensures the authenticity of the stored data. This proposed approach shows more efficiency and high level security through the process of key generation, which aids to perform encryption and decryption.

The structure of paper is as follows, Section 2 explains theoretical framework of proposed work and the functions of different methods. The outcomes and analyses are elaborately discussed in section 3 and eventually concluded in section 4.

2 Related works

In [16] an effective architecture is proposed for securing Internet of Things (IoT) and accomplishing both secure communication and authentication. As a result, the lack of secured connectivity compromises the revolutionary revolution that IoT is meant to bring about. The privacy of the IoT services has been compromised by all of the unauthorized attacks. Numerous IoT applications could operate in an unfavorable setting, necessitating additional caution.

In [17] a novel lightweight authentication scheme for accessing drone data in Internet of Drones (IoD) environment, which directly provides is introduced. As a result of formal security analysis, proposed scheme has been shown to be resistant to numerous known attacks against an adversary. Simulating the scheme using network simulation is widely accepted as a practical demonstration method. The deployment of IoD, however, remains plagued with several security and privacy concerns.

In [18] an integrated authentication and user anonymity supporting privacy aware verification mechanism for distributed mobile cloud computing services is developed. Without the use of online registration center, the suggested approach establishes mutual authentication. This technique is capable of meeting all necessary security requests and is capable of sending off various types of attacks. This approach has excellent computational and communication efficiency in addition to useful security features. Besides, it suffers from flaws, such as inability of achieving three-factor security and no user enactment and re-registration.

In [19] a secure login for fog computing is developed using multi-tier authentication scheme. In comparison to single sign on, multitier authentication solutions offer tiered defence. When compared to alternative authentication strategies, a graphic password offers the user greater convenience and security at a lower cost. Online banking authentication methods are not very secure. To present a clear and brief overview of the authentication model that each solution is based on.

In [20] distributed cloud storage system with secure biometric authentication and de-duplication is analysed. The biometric cryptographic security and minimizing data de-duplication in cloud storage are two most significant tasks completed in this work. This approach offers faster and more dependable encryption methods. Different biometric methods could be developed in the future for user authentication procedures.

3 Proposed work

Recently,the security issues of the Aadhaar project become a controversial concern because of the frequent data theft and so significant discussions are carried out on the security and privacy concerns of Aadhaar. The present paper focuses on these issues of Aadhaar and proposed a high level security technique by using image processing and cryptographic approach. The data in its original form cannot be directly stored in cloud and so data has to be processed; thus image processing is employed to transform the image data into the required format. Preprocessing, segmentation and feature extraction are the three major steps of image processing, which is utilized to improve image data as shown in Fig. 1. In each stage of processing,input image gets enhanced and the processed image is connected with key, which is generated by using Homomorphic technique with Diffie Hellman along with HMAC and eventually the data is stored in the cloud. When other user is in need of Aadhaar information from main user, request message has to be forwarded to the cloud to perform some security measures to decrypt the original data. Combining these techniques, Diffie Hellman key exchange is accomplished between parties involved for establishing a secret key. While, the HMAC is applied to the shared secret key or some derived value to further secure it and ensure its integrity. As a consequence, homomorphic technique is used in a specific part of the key generation process, potentially to enhance the security or privacy of operation. Diffie Hellman is widely used and considered secure when implemented properly with sufficiently large key sizes. It provides a robust method for key exchange. As the proposed work, involves homomorphic technique for generation of key advanced approaches are not required.

Fig. 1

Proposed system description.

A. INPUT DATA

A collection of Aadhaar details are obtained as a sample of input data. These samples of data have been re-categorized into 256×256 pixels.

B. PREPROCESSING

Preprocessing helps in enhancing the image quality by diminishing the unwanted distortion. In preprocessing, the RGB has been transformed as a gray scale image in the initial level. The sample data of gray scale image are then preprocessed by using Gabor filter. For texture analysis and segregation, Gabor is considered as appropriate method. In the image space, a Gaussian kernel element is considered as a 2D Gabor filter, which is mediated by a sinusoidal wave and multiplied by a Gaussian function. Generally, Gabor filters are designed based on sinusoidal waves modulated by a Gaussian function. The sinusoidal wave component allows the filter to capture frequency information, while the Gaussian component controls the filter’s spatial extent. By convolving an image with Gabor filters of different orientations and scales, specific frequency and orientation features can be enhanced, making them highly suitable for tasks such as texture analysis, object recognition, and fingerprint identification. The sinusoidal wave component of the Gabor filter ensures that it is sensitive to specific frequencies present in the image, making it a powerful tool for analyzing images with complex frequency content. The Gaussian kernel effectively reduces noise and blurs image details, making it valuable for tasks like image denoising, image smoothing, and feature detection. Its smooth and continuous nature allows it to preserve edges and contours better than other smoothing filters that exhibit more abrupt transitions.

The filter contains real and imaginary variables, which represent the orthogonal direction. The two variables are generated into a complex number. It is represented in Equation (1).

$\begin{matrix} g (x, y; λ, θ, ψ, σ, γ) \\ = \exp (- \frac{x^{2} + γ^{2} y^{2}}{2 σ^{2}}) \exp (i (2 π \frac{x^{'}}{λ} + ψ) \end{matrix}$ (1)

From the above expression, θ specifies Gabor function orientation, ψ denotes offset phase, σ indicates Gaussian envelope with standard deviation, and aspect ratio as γ.

A group of Gabor filters with different frequency and orientation helps to obtain important information from the data. 2D Gabor filters are given in the discrete domain by,

$\begin{matrix} g (x, y; λ, θ, ψ, σ, γ) \\ = \exp (- \frac{x^{2} + γ^{2} y^{2}}{2 σ^{2}}) \cos (i (2 π \frac{x^{'}}{λ} + ψ)) \end{matrix}$ (2)

$\begin{matrix} g (x, y; λ, θ, ψ, σ, γ) \\ = \exp (- \frac{x^{2} + γ^{2} y^{2}}{2 σ^{2}}) \sin (i (2 π \frac{y^{'}}{λ} + ψ)) \end{matrix}$ (3)

Where

and image location is indicated as x′ and y′, in (x, y) coordinates. The frequency set to capture fine details is from 0.1 to 0.5 cycles with 8 orientations from 0 to 180⁰. The mentioned equations highlight the specific spatial frequency and orientation information enabling improved preprocessing.

C. SEGMENTATION

Segmentation of image has been described as the major approach or mechanism, which divides a pictorial data into separate regions. In this proposed approach, segmentation is carried out by using Non-linear partial differential equation. In order to analyze its operation, a non-linear scale space is obtained as follows,

$u_{t} = \frac{\partial}{\partial x} {F (u_{x})}$ (4)

$u_{t} = F (u_{x}) u_{xx}$ (5)

Here u_x and u_xx represent $\frac{\partial u}{\partial x}$ and $\frac{\partial^{2} u}{\partial x^{2}}$ respectively and F (u_x) = G (|u_x|) u_x. The following equation is accomplished when the difference is actually substituted at the space axis level 4.

$u_{n} (t) = F (u_{n + 1} (t) - u_{n} (t)) - F (u_{n} - u_{n - 1} (t))$ (6)

If the similar method is used again on the time axis, a discrete shape may be achieved, which is represented in Equation 7,

$u_{n}^{i + 1} = u_{n}^{i} + F (u_{n + 1}^{i} - u_{n}^{i}) - F (u_{n}^{i} - u_{n - 1}^{i})$ (7)

As extended to 2D, the equation is as follows,

$\begin{matrix} u_{m, n}^{i + 1} = u_{m, n}^{i} + F (u_{m, n + 1}^{i} - u_{m, n}^{i}) \\ - F (u_{m, n}^{i} - u_{m, n - 1}^{i}) + F (u_{m + 1, n}^{i} - u_{m, n}^{i}) \\ - F (u_{m - 1, n}^{i} - u_{m - 1, n}^{i} - u_{m, n}^{i} \end{matrix}$ (8)

Here, function F of Equation (8) employs the following form of equation and a positive number seems to be the proportional constant. It is represented as,

$F (x) = \frac{k}{\sqrt{1 + x^{2}}} x > 0$ (9)

$F (x) = \frac{k}{\sqrt{1 + x^{2}}} x < 0$ (10)

By segmenting an image into samples, it becomes easier by discerning the variations among them. Contrasted to those linear scale spaces, the edges obtained in the nonlinear scale space are exactly stationed. In nonlinear scale spaces, the edges obtained are stationary, meaning that their positions remain fixed across different scales. Nonlinear scale spaces retain the pixel values within each region or object throughout the scale space transformation. This retention of pixel values enables efficient segmentation by performing a simple pixel value search for each region. Since the pixel values within a particular region remain constant across scales, the segmentation algorithm can identify and separate regions based on their unique pixel values, simplifying the segmentation process. This property is particularly beneficial for image segmentation tasks because it allows for convenient and consistent identification of boundaries between different regions or objects. As a result, the segmentation process becomes more straightforward and reliable, as the unique pixel values within each region can be easily identified and distinguished. This segmentation strategy is an indication that the system is designed to handle increasing data volumes efficiently. As data grows, additional segments are created, ensuring that the system remains organized and responsive.

D. FEATURE EXTRACTION USING SHIFT INVARIANT TRANSFORM

The normalization is accompanied by an adaptive SIFT indicated in Fig. 2, which has required the process of features extraction. In standardization, it transforms the provided image into a standardized scale image. To produce sub bands of the shift invariant wavelet coefficient, the transformed representation is then transferred to adaptive shift invariant transform. A potential signature is determined for each sub-band to reduce the dimensionality of the feature and after that the amount of largest energy signatures are chosen to construct vector image feature.

Fig. 2

Algorithm of shift invariant transform.

Normalization

The M × N image sample is converted into a standardized size R × S image. Hence, the two images with same size have matched accurately. Normalization is computed as follows,

$Norm (i, j) = f ([\frac{i . (M - 1)}{R - 1}], [\frac{j . (N - 1)}{s - 1}])$ (11)

Adaptive shift invariant transform

Once normalization is carried out, the shifting issue has to be overcome by transforming the shift invariant function. In this work, adaptive shift invariant transform is used to create shift invariant and coefficient of non-redundant wave. The specified image has the repeating array of wavelet coefficients, which have been determined initially. Then, by adding and integrating coefficient of all circular shifts, duplication is eradicated.

A set of quadrature mirror filters are produced to acquire orthogonal depiction while producing shift invariant wavelet coefficient for M × N image whereas periodic boundary managing strategies are implemented during packet decomposition. Three separate circular changes are used in the process of decomposition: One shift in a row; one shift in a column; one shift in a row and a column. The zero shift wavelet coefficients have completely represented the given illustration. It has no high image data representation and is utilized to attain the invariant wavelet coefficients of the shift. On every degradation P, the concerned group of coefficients are summed and amplified to form a single set of non-redundant and shift invariant wavelet coefficients.

The following are the four normal wavelet coefficient images with zero change,

$\begin{matrix} {S_{16 k, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J}, {S_{16 k + 1, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J}, \\ {S_{16 k + 2, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J}, {S_{16 k + 3, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \end{matrix}$ (12)

Where,

$\begin{matrix} {S_{16 k, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} h (m) h (n) C_{k, (m + 2 i, n + 2 j)}^{p} \end{matrix}$ (13)

$\begin{matrix} {S_{16 k + 1, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} h (m) h (n) C_{k, (m + 2 i, n + 2 j)}^{p} \end{matrix}$ (14)

$\begin{matrix} {S_{16 k + 2, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} g (m) h (n) C_{k, (m + 2 i, n + 2 j)}^{p} \end{matrix}$ (15)

$\begin{matrix} {S_{16 k + 3, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} g (m) g (n) C_{k, (m + 2 i, n + 2 j)}^{p} \end{matrix}$ (16)

From the above expression the value of I = [M/2^p+1] - 1, J = [N/2^p+1] - 1, and $C_{k, (i, j)}^{p} = x_{(i, j)}$ represents intensity level of ith row and jth column, which is shifted circularly shifted by 0, 1, 2, … 2ⁿ rows and columns.

The following is illustrated by four periodic wavelet coefficient images with one row change,

$\begin{matrix} {S_{16 k + 4, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J}, {S_{16 k + 5, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J}, \\ {S_{16 k + 6, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J}, {S_{16 k + 7, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \end{matrix}$ (17)

Can be computed as follows,

$\begin{matrix} {S_{16 k + 4, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} h (m) h (n) C_{k, (m + 2 i + 1, n + 2 j)}^{p} \end{matrix}$ (18)

$\begin{matrix} {S_{16 k + 5, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} h (m) h (n) C_{k, (m + 2 i + 1, n + 2 j)}^{p} \end{matrix}$ (19)

$\begin{matrix} {S_{16 k + 6, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} g (m) h (n) C_{k, (m + 2 i + 1, n + 2 j)}^{p} \end{matrix}$ (20)

$\begin{matrix} {S_{16 k + 7, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} g (m) g (n) C_{k, (m + 2 i + 1, n + 2 j)}^{p} \end{matrix}$ (21)

Where $C_{k, (i, j)}^{p}$ is shifted by 1, 3, 5, …, 2ⁿ + 1 rows and 0, 1, 2, … 2ⁿ columns.

The following is illustrated by four periodic wavelet coefficient images with one column change,

$\begin{matrix} {S_{16 k + 8, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J}, {S_{16 k + 9, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ {S_{16 k + 10, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J}, {S_{16 k + 11, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \end{matrix}$ (22)

Can be computed as follows,

$\begin{matrix} {S_{16 k + 8, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} h (m) h (n) C_{k, (m + 2 i, n + 2 j + 1)}^{p} \end{matrix}$ (23)

$\begin{matrix} {S_{16 k + 9, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} h (m) h (n) C_{k, (m + 2 i, n + 2 j + 1)}^{p} \end{matrix}$ (24)

$\begin{matrix} {S_{16 k + 10, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} g (m) h (n) C_{k, (m + 2 i, n + 2 j + 1)}^{p} \end{matrix}$ (25)

$\begin{matrix} {S_{16 k + 11, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} g (m) g (n) C_{k, (m + 2 i, n + 2 j + 1)}^{p} \end{matrix}$ (26)

From above expression, $C_{k, (i, j)}^{p}$ is shifted by 0, 1, 2, … 2ⁿ rows and 1, 3, 5, …, 2ⁿ + 1 columns.

The four wavelet coefficient random images of one row and one column change are defined as follows.

$\begin{matrix} {S_{16 k + 12, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J}, {S_{16 k + 13, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J}, \\ {S_{16 k + 14, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J}, {S_{16 k + 15, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \end{matrix}$ (27)

Where

$\begin{matrix} {S_{16 k + 12, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} h (m) h (n) C_{k, (m + 2 i + 1, n + 2 j + 1)}^{p} \end{matrix}$ (28)

$\begin{matrix} {S_{16 k + 13, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} h (m) h (n) C_{k, (m + 2 i + 1, n + 2 j + 1)}^{p} \end{matrix}$ (29)

$\begin{matrix} {S_{16 k + 14, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} g (m) h (n) C_{k, (m + 2 i + 1, n + 2 j + 1)}^{p} \end{matrix}$ (30)

$\begin{matrix} {S_{16 k + 15, (i, j)}^{p + 1}}_{i, j = 0}^{i = Ij = J} \\ = \sum_{m} \sum_{n} g (m) g (n) C_{k, (m + 2 i + 1, n + 2 j + 1)}^{p} \end{matrix}$ (31)

Where $C_{k, (i, j)}^{p}$ is shifted by 1, 3, 5, …, 2ⁿ + 1 rows and columns.

A shift invariant illustration is derived from the above 16 recurrent wavelet coefficient images. However, only one set is capable of producing the necessary information of the image. The four recurrent images are officially calculated on the following basis,

$\begin{matrix} C_{4 k + 1, (i, j)}^{p + 1} = \frac{1}{4} (S_{16 k, (i, j)}^{p + 1} \\ + S_{16 k + 4, (i, j)}^{p + 1} + S_{16 k + 8, (i, j)}^{p + 1} + S_{16 k + 12, (i, j)}^{p + 1}) \end{matrix}$ (32)

$\begin{matrix} C_{4 k + 2, (i, j)}^{p + 1} = \frac{1}{4} (S_{16 k + 1, (i, j)}^{p + 1} \\ + S_{16 k + 5, (i, j)}^{p + 1} + S_{16 k + 9, (i, j)}^{p + 1} + S_{16 k + 13, (i, j)}^{p + 1}) \end{matrix}$ (33)

$\begin{matrix} C_{4 k, (i, j)}^{p + 1} = \frac{1}{4} (S_{16 k + 2, (i, j)}^{p + 1} \\ + S_{16 k + 6, (i, j)}^{p + 1} + S_{16 k + 10, (i, j)}^{p + 1} + S_{16 k + 14, (i, j)}^{p + 1}) \end{matrix}$ (34)

$\begin{matrix} C_{4 k + 3, (i, j)}^{p + 1} = \frac{1}{4} (S_{16 k + 3, (i, j)}^{p + 1} \\ + S_{16 k + 7, (i, j)}^{p + 1} + S_{16 k + 11, (i, j)}^{p + 1} + S_{16 k + 15, (i, j)}^{p + 1}) \end{matrix}$ (35)

Instead of disintegrating each sub-band image,some sub-band images have to be picked and divided to obtain an accurate and succinct illustration. The rudimentary principle behind this method is to measure and analogize the data expense of each sub-band image with the sum of all sub-band images of the latter step. If it is found that the information expense of the present sub image is smaller than the following sub-band image stage, the present sub image is not further divided. Hence, the present sub-band picture has to be divided and analogized before a certain threshold is achieved. The best general depiction is then achieved with an efficient hierarchical selection procedure, which decides the optimal breakdown of the provided picture.

At level j, the optimal basis depiction for the sub-band picture is $A_{k}^{j}$ . The optimal basis is determined for the given picture by utilizing

$A_{k}^{p} = {\begin{matrix} c_{k}^{p}, ifM (C_{k}^{p}) \sum_{i = 0}^{3} M (A_{4 k + i}^{p + 1}) \\ \oplus_{i = 0}^{3} A_{4 k + i}^{p + 1}, otherwise \end{matrix}$ (36)

The recurrent calculation continues down to the defined level J, where

$A_{k}^{J} = C_{k}^{J}, 0 k < 4^{J}$ (37)

With O (nlogn) complexity, the mathematical intricacy of evolutionary shift invariant function transfer is very effective, where n determines the total of image pixels. SIFT identifies the appropriate key points based on their intensity patterns and gradients, allowing for reliable and repeatable detection. The descriptor captures the local appearance and spatial distribution of image gradients around the key point. It encodes information about the intensity variations, orientations, and scales in the region, resulting in a rich feature representation that is invariant to scale and rotation.

Feature extraction from shift invariant fourier transform:

Step1: Normalization is applied

Step 2: Adaptive shift-invariant wavelet packet transform is implemented to produce m sub-bands of wavelet coefficient.

Step 3: Mean energy signature is calculated as

$E_{i} = {\frac{1}{k \times L} \sum_{r, s} | A_{k}^{p}, (r, s) |}$ (38)

Step 4: Energy Signatures are arranged in descending order, among which the dominant energy signature has been selected as a feature vector

$f = (E_{1}, E_{2}, \dots \dots E_{m})$ (39)

Step 5: Generate the vector of features for the given image. Finally the obtained features are collected and then stored in the cloud.

This feature extraction step implies that the system is optimized to focus on essential information within each segment. As data volumes increase, the system’s feature extraction process can be fine-tuned to remain efficient, preserving only the most relevant data.

E. AADHAR BASED SECURITY IN CLOUD COMPUTING

This paper aims at protecting the Aadhaar data from the unauthorized users. The final feature, which is stored in the cloud has been retrieved as output with the aid of key generation and it has the capacity of performing encryption. The signature is created by using the technique of encryption algorithms. To secure the communications and data from malicious attack, session key is created between two nodes before beginning the communications. The encrypted key is optimized and managed by fusion of Diffie-Hellman algorithm and HMAC. By combining the Diffie-Hellman key exchange with HMAC, we can achieve secure data authentication in a communication protocol. The Diffie-Hellman algorithm allows two parties to establish a shared secret key, which can be used for encryption and decryption purposes. This shared key ensures confidentiality in secure communication. Once the shared secret key is established, HMAC can be applied to the data being exchanged between the parties. The sender computes the HMAC of the data using the shared key and appends it to the message. The receiver, upon receiving the message, recalculates the HMAC using the shared key. By comparing the calculated HMAC with the received HMAC, the receiver can verify the integrity and authenticity of the data. If the HMAC values match, it indicates that the data has not been tampered with during transmission and can be trusted. The combined use of Diffie-Hellman and HMAC provides a robust mechanism for secure communication. It ensures both confidentiality through the shared secret key and data integrity/authentication through the HMAC verification.

A user-to-cloud session key is produced by this algorithm, which works as follows,

Authentication

Generation of key

Input numbers(prime only)

The input number given by the user is forwarded to cloud service.

Secret key is generated.

Creation of OTP.

For corresponding user on the user-side, the cloud server has set count1 = 0, count2 = 0..., count5 = 0.

The user is requested with the OTP.

Secret key+count is entered as OTP by the user.

As server is aware of both secret key and count of each user, it compares the values.

Count 1++; // Count 1 = 1 for user 1; the count = 0 for all users.

If (secretkey + count(x) == secretkey + count(y))

{

Permission granted;

}

Perform encryption/decryption;

Data operation;

Logout.

Figure 3 represents the procedure for key generation. In the proposed work prime numbers are utilized for generating the secret key. By ensuring that the input numbers are prime, it aims to enhance the security and strength of generated key. Using prime numbers in key generation is a common practice in cryptographic systems. Prime numbers offer certain mathematical properties that make them suitable for Diffie-Hellman cryptographic algorithm. These properties help to ensure security of key exchange process and overall confidentiality of data. Since the proposed work adopts Homographic technique 128 bit key generation is sufficient to provide confidentiality, integrity, authentication, secure key exchange, and access control. By leveraging cloud computing in the proposed various benefits are attained, as follows:

Fig. 3

Key Generation.

Data Encryption: Encryption guarantees that even if unauthorized access is gained, the data remains unreadable in the absence of necessary decryption keys.

Access Controls: This includes authentication mechanisms, role-based access controls, and permissions management to guarantee that only authorized individuals.

Network Security: security measures implemented by the cloud service provider protect the Aadhaar card data from unauthorized network access and attacks.

Redundancy and Backup: This ensures that data is replicated across multiple locations, reducing the risk of data loss and enhancing data availability.

4 Result and discussion

The simulation concept of this proposed approach is written in JAVA and PYTHON language. To provide safety measures against malicious attack, Image processing and cryptographic techniques are followed. The dataset includes Aadhaar data along with the contact details like mobile phone numbers and contains information for a substantial number of 10,000 individuals. Each record includes a unique 12-digit Aadhaar number, which serves as the primary identifier for individuals. The name of the individual is included, which typically consists of the first name, middle name and last name. The date of birth of each individual is recorded, ensuring that age-related information is available. The gender of the individual is specified as male, female or other. The residential address includes details like house number, street, locality, city, state and PIN code. Biometric information included comprises of fingerprint and iris scan data, stored in a secure and encrypted format.

Here’s an overview of a testing methodology for this concept:

•Unit Testing:

Start with unit testing to verify the correctness of individual components, functions, and algorithms within the system. For example, test the Diffie-Hellman key exchange implementation, HMAC generation, and image processing techniques in isolation. Ensure that these components work as expected and produce the desired outputs.

•Integration Testing:

Move on to integration testing to evaluate how different system components work together. Test the interaction between the Diffie-Hellman key exchange and HMAC authentication, ensuring that they can communicate and exchange keys securely.

•Security Vulnerability Testing:

Perform security vulnerability testing to identify and address potential weaknesses and vulnerabilities in the system. This may include penetration testing, code reviews, and vulnerability assessments to discover and remediate security flaws.

•Data Integrity Testing:

Validate the data integrity and encryption aspects of the system. Verify that data remains intact and unaltered during transmission, storage, and retrieval. This ensures that the data’s integrity is maintained.

•Performance Testing:

Evaluate the system’s performance under various conditions. Test the system’s ability to handle different load levels, including the encryption and decryption processes. Measure response time and resource utilization to ensure that the system remains efficient.

The sample of Aadhaar data has to be transformed to binary form. To perform this operation, image processing concept is followed and it is stored in the cloud by generating the key to perform encryption and decryption. It is elaborately explained in the upcoming steps.

In Image processing technique, the data sample of original Aadhaar image is retrieved as an input; then it is processed and resized with the pixels range of 256×256 as shown in Fig. 4. To perform preprocessing, Gabor filter is used. By applying Gabor filters to the input image during the preprocessing stage, the essential features are extracted and enhance certain aspects of the image for further processing. Also it capture both local spatial details and frequency characteristics in different orientations. This filter assist to remove the distortions such as noise and blurring effect. It transforms the original image into gray scale image, which is represented in Fig. 5.

Fig. 4

Input and its resized images.

Fig. 5

Pre-processing using Gabor Filter.

After removing the distortions in the image by using Gabor filter, the preprocessed gray scale image is segmented into several clusters as represented in Fig. 6. By using Non-linear partial differential equation, it divides the image into 256 samples by limiting the image pixel of frequency band. The segmented image is mentioned in Fig. 7. The histogram representation of segmented image is shown in Fig. 8, which shows the frequency of pixels intensity values. The x-axis spectrum starts at 0 and terminates at 255 whereas the counting of these intensities have been mentioned on the y-axis. In order to extract the best out of 256 samples, Shift Invariant transform is used.

Fig. 6

Partition of clustered images.

Fig. 7

Segmented image.

Fig. 8

Histogram representation.

Until a specific level is reached, it performs decomposition and the feature vector of the taken sample image is attained. The selection of the specific level is guided by the size and characteristics of the features of interest in the image. The level should be chosen such that the features are neither too small nor too large to be captured effectively. It is depicted in Fig. 9. In Shift Invariant Transform, Normalization is performed. After the process of Normalization, Shift Invariant Transform is performed to generate non redundant wavelet coefficients for each decomposition.

Fig. 9

Feature extraction using SIFT.

Image binary transformation is a technique to transform the gray scale images into binary images. In binary imagery shown in Fig. 10, it has two levels called black and white pixels. The pixel value ‘0’ and ‘1’ represents the black and white area in the images respectively. The binary transformation approach helps to remove the cohesion between the patterns. Cryptographic technique: After the termination of image processing, the retrieved output feature is integrated with the key, which has been generated by using Homomorphic encryption in fusion with Diffie Hellman and HMAC as shown in Fig. 11. This algorithm creates 128 bit key, through which the details are secured the communications and saved in the cloud.

Fig. 10

Binary image based on threshold.

Fig. 11

Encrypted data with key generation using Homomorphic encryption.

The key generation is performed by using Homomorphic encryption in fusion with Diffie Hellman and HMAC. With these key, the image gets encrypted and stored in the cloud as shown in Fig. 12.

Fig. 12

Encrypt and Upload the file.

If any user is in need of Aadhaar details from the main user, the user has to register its details in the cloud, which is represented in Fig. 13. The requested user is registered in the cloud by making use of login ID and password. The user can request the details of the primary user via cloud. Figure 14 is the Login website for main user.

Fig. 13

Registration form for main userin the cloud.

Fig. 14

Figure 15 is the portal for admin login. The cloud stores the encrypted file of Aadhaar along with the secret key. If an authenticated user is identified, the user is given access to the information. To login the cloud server, the request of the secondary user is forwarded to the main user after retrieving authorization from cloud server. The main user can login and look for the uploaded file for verification and then the main user performs decryption by using Homomorphic encryption in fusion with Diffie Hellman and HMAC and forwards the key to the cloud. By sending the decryption key, the request of the secondary user is accepted by the main user. Figure 16 indicates the retriever login whereas Fig. 17 represents the decrypted image.

Fig. 15

Fig. 16

Retriever login.

Fig. 17

Decrypted image.

Finally, the user, who is in need of Aadhaar information has requested the main user and by using the generated key from the cloud,the user has viewed the original data of main user as shown in Fig. 18. The main user decrypt the aadhaar file and forward it to the email ID of requested user.

Performance metrics:

Fig. 18

Decrypted file.

Figure 19 clearly indicates the time, which is taken for the key generation. In cloud, multiple users try to download the Aadhaar related information at a same time. Therefore the key is generated at a short interval of time by using Homomorphic encryption in fusion with Diffie Hellman and HMAC. The generated key has assisted multiple users to access data easily. The proposed technique works well in achieving time consumption. Time consumption of encryption and decryption has explained that there is a gradual increase in time depending upon the size of the file. However, it takes only few seconds to perform this operation. Figures 20 and 21 denotes the time taken for performing encryption and decryption.

Fig. 19

Time taken for creating a key.

Fig. 20

Encryption time.

Fig. 21

Decryption time.

Comparison of encryption and decryption time taken by 128 bits s illustrated in Table 1 with existing work. It is observed that, time taken by proposed homomorphic approach is minimum when contrasted with existing approaches of [21 –24] and [25]. As a consequence, the proposed approach offer benefits such as improved performance, enhanced user experience, increased system efficiency, better support for real-time applications, and energy efficiency gains. These advantages make it possible to handle larger data volumes, reduce latency, and optimize the overall operation of systems that rely on encryption and decryption processes.

Table 1

Comparison of encryption & decryption time for 128 bits

Existing Approaches	Encryption Time	Decryption Time
Arnold Mashud Abukari et al. [21]	10.3s	1.7s
Qiu-yu Zhang et al. [22]	7.14s	3.53s
Fursan Thabit et al. [23]	1.66s	1.66s
Jie Huang et al. [24]	2.47s	0.57s
Boomija M.D. et al. [25]	2.9s	0.99s
Proposed	0.19s	0.05s

Figure 22 indicates the comparison of turnaround time. It is an important metric in evaluating the scheduling techniques. The time period between submission of request and the execution of input/output is defined as turnaround time, which is computed by using,

Fig. 22

Turnaround time comparison.

$T_{T - up} = t_{Enc} + t_{up}$ (40)

Where t_enc and t_up denotes encrypted time

The turnaround time of decryption is calculated using following equation,

$T_{t - down} = t_{dec} + t_{down} .$ (41)

The convergence ratio and user satisfaction are provided in Fig. 23 and 24 respectively. In the present work, the Homomorphic encryption in fusion with Diffie Hellman and HMAC is proposed. Figures 25–27 have represented the effect of various decision factors. The decision threshold has to be considered since it analyzes the transaction. The lower threshold retrieves high-level of success rate. However, in case of higher threshold, rate of success and satisfaction gets gradually raised. When the user’s preference is increasing, the influences of the different transaction threshold are also exceeded from the given amount of time.

Fig. 23

Convergence ratio.

Fig. 24

User satisfaction.

Fig. 25

Success ratio of service matching.

Fig. 26

Success ratio of user satisfaction.

Fig. 27

Transaction success ratio.

Area under Curve (AUC) is a general term, which is used to classify the interference attacks. The larger value of AUC has represented better security. The highest value of AUC indicates zero attack, which is nearly equal to 0.5. It is represented in Fig. 28.

Fig. 28

Privacy protection over time using Homomorphic encryption in fusion with Diffie Hellman and HMAC.

Figure 29 represents the impact of domain size on private data. The Domain size represents the number of bins in the input histogram. While increasing or decreasing the domain size, the data is not changed but it changes the ability to request the private data at finer granularities respectively. To provide persistent security measures against malicious attack, this technique provide better performance than other approaches.

Fig. 29

Impact of domain size on private data.

Risk assessment:

The proposed concept may be subjected to data breach risk and data loss risk. Unauthorized access to Aadhaar data due to weak access controls or compromised user credentials leads to data breach risk. Including robust access control mechanisms, integrating multi-factor authentication and role-based access control, to restrict data access to authorized users are the ways to overcome the data breach risk. Data loss occurs due to technical failures, accidents or system errors which can be overcome by maintaining regular back up of Aadhaar data to secure and geographically diverse locations.

Table 2

Mean and Standard deviation outputs for encryption and decryption

Existing	Encryption time		Decryption time
approaches	Mean	Std. deviation	Mean	Std. deviation
Arnold Mashud Abukari et al. [21]	10.3	1.5	1.7	0.4
Qiu-yu Zhang et al. [22]	7.14	0.89	3.53	0.92
Fursan Thabit et al. [23]	1.66	0.21	1.66	0.21
Jie Huang et al. [24]	2.47	0.34	0.57	0.18
Boomija M.D. et al. [25]	2.9	0.63	0.99	0.25
Proposed	0.19	0.03	0.05	0.02

5 Conclusion

Aadhaar data in the cloud has initiated certain security issues, which make the people to be cautious about the privacy and security of their information. The cloud computing has no global guidelines or regulations for the generation of data. To provide security measures in cloud computing, the proposed work has provided various methodologies. The image processing technique along with key generation is employed in this work to perform encryption and decryption, which aids in retrieving the Aadhaar data from the cloud. It is not possible for the unauthorized users to access data without secret key since the secret key is issued only after verifying the identity of the user, who is in need of Aadhaar information, which prevents malicious attacks and data theft. This proposed approach has provided a thorough scientific evaluation on the privacy issues of Aadhaar. The simulation analysis and security evidence have validated the implemented techniques of this approach, which shows desirable security and better efficiency. The future scope of the proposed work lies in a dynamic and proactive approach to data security, ensuring that the system remains resilient and aligned with the ever-evolving landscape of data protection and privacy.

Conflict of interest

Authors do not have any conflict of interest regarding submission and publication of manuscript.

Footnotes

Acknowledgments

We would like to thank the Sri Sairam College of Engineering, Anekal (VTU University) for providing infrastructure facility to carry out our research work successfully.

References

Jian Xu , Changyong Liang , Hemant Jain

, Dongxiao Gu , Opennessand security in cloud computing services: assessment methods andinvestment strategies analysis, IEEE Access 7(3) (2019), 29038–29050.

Pan Yang , Naixue Xiong , Jingli Ren , Data security and privacyprotection for cloud storage: A survey, IEEE Access 8 (2020), 131723–131740.

Rustem Dautov , Salvatore Distefano , Dario Bruneo , Francesco Longo , Giovanni Merlino , Antonio Puliafito Data processing incyber-physical-social systems through edge computing, IEEEAccess 6(5) (2018), 29822–29835.

Zahid Ghaffar , Shafiq Ahmed , Khalid Mahmood , Sk Hafizul Islam , Mohammad Mehedi Hassan , Giancarlo Fortino , An improved authentication scheme for remote data access and sharing over cloud storage in cyber-physical-social-systems, IEEE Access 8 (2020), 47144–47160.

Xiang Li , Qixu Wang , Xiao Lan , Xingshu Chen , Ning Zhang , DajiangChen , Enhancing cloud-based IoT security through trusworthty cloudservice: an integration of security and reputation approach, IEEE Access 7(1) (2019), 9368–9383.

Xin Tang , Yongfeng Huang , Chin-Chen Chang , Linna Zhou , Efficientreal-time integrity auditing with privacy-preserving arbitration forimages in cloud storage system, IEEE Access 7 (2019), 33009–33023.

Kennedy Torkura

, Muhammad Sukmana

I.H.

, Feng Cheng , Christoph Meinel , CloudStrike: chaos engineering for security and resiliency in cloud infrastructure, IEEE Access 8(7) (2020), 123044–123060.

Chenquan Gan , Qingdong Feng , Xulong Zhang , Zufan Zhang , Qingyi Zhu , Dynamical propagation model of malware for cloud computing security, IEEE Access 8(1) (2020), 20325–20333.

Mazhar Ali , Kashif Bilal , Samee U. Khan , Bharadwaj Veeravalli , Keqin Li and Albert Zomaya

, DROPS: Division and Replication of Data in Cloud for Optimal Performance and Security, IEEE Transactions on Cloud Computing 6(2), 303–315.

10.

Nithisha

and Jesu

, A Secured Storage and Communication System for Cloud Using ECC, Polynomial Congruence and DSA, Wireless Personal Communications 126(2) (2022), 949–974.

11.

Chun Liu , Xuexian Hu , Qihui Zhang , Jianghong Wei , Wenfen Liu , An efficient biometric identification in cloud computing with enhanced privacy security, IEEE Access 7 (2019), 105363–105375.

12.

Mikel Labayen , Ricardo Vea , Julián Flórez , Naiara Aginakoand Basilio Sierra , Online student authentication and proctoringsystem based on multimodal biometrics technology, IEEE Access 9 (2021), 72398–72411.

13.

Walid El-Shafai , Fatma Hossam Eldein Mohamed

, Hassan Elkamchouchi

M.A.

, Mohammed Abd-Elnaby , Ahmed Elshafee , Efficient and secure cancelable biometric authentication framework based on genetic encryption algorithm, IEEE Access 9 (2021), 77675–77692.

14.

Wei Li , Xuelian Li , Juntao Gao , Haiyu Wang Design of secure authenticated key management protocol for cloud computing environments, IEEE Transactions on Dependable and Secure Computing 18(3) (2019), 1276–1290.

15.

Qiang Chen , Bin Yang , Yuehua Li , Lihui Pang , Multi-Focus image fusion with point detection filter and superpixel-based consistency verification, IEEE Access 8(5) (2020), 99956–99973.

16.

Junqing Zhang , Sekhar Rajendran , Zhi Sun , Roger Woods , Lajos Hanzo , Physical layer security for the Internet of Things: Authentication and key generation, IEEE Wireless Communications 26(5) (2019), 92–98.

17.

Mohammad Wazid , Ashok Kumar Das , Neeraj Kumar , Athanasios Vasilakos

and Joel Rodrigues

J.P.C.

, Design and analysis of secure lightweight remote user authentication and key agreement scheme in internet of drones deployment, IEEE Internet of Things Journal 6(2) (2018), 3572–3584.

18.

Ling Xiong , Daiyuan Peng , Tu Peng , Hongbin Liang , An enhanced privacy-aware authentication scheme for distributed mobile cloud computing services, KSII Transactions on Internet & Information Systems 11(12) (2017).

19.

Awais Manzoor , Abdul Wahid , Munam Ali Shah , Adnan Akhunzada , Faisal Fayyaz Qureshi , Secure login using multi-tier authentication schemes in fog computing, EAI Endorsed Transactions on Internet of Things 3(11) (2017).

20.

Venkatachalam

, Prabu

, Abdulwahab Almutairi , Mohamed Abouhawwash , Secure biometric authentication with de-duplication on distributed cloud storage, PeerJ Computer Science 7 (2021), e569.

21.

Arnold Mashud Abukari , Edem Kwedzo Bankas , Mohammed Muniru Iddrisu , A hybrid of two homomorphic encryption schemes for cloud enterprise resource planning (ERP) data, International Journal of Computer Applications 183(38) (2021), 1–7.

22.

Zhang

Q.Y.

and Jia

Y.G.

, A speech fully homomorphic encryption scheme for DGHV based on multithreading in cloud storage, Int J Netw Secur 24(6) (2022), 1042–1055.

23.

Fursan Thabit , Ozgu Can , Sharaf Alhomdy , Ghaleb Al-Gaphari

, Sudhir Jagtap , A novel effective lightweight homomorphic cryptographic algorithm for data security in cloud computing, International Journal of Intelligent Networks 3 (2022), 16–30.

24.

Wen-Jie Lu , Yoshiji Yamada , Jun Sakuma , Privacy-preserving genome-wide association studies on cloud environment using fully homomorphic encryption, In BMC Medical Informatics and Decision Making 15, 1–8. BioMed Central, 2015.

25.

Boomija

M.D.

and Kasmir Raja

S.V.

, Securing medical data by role-based user policy with partially homomorphic encryption in AWS cloud, Soft Computing 27(1) (2023), 559–568.