An improved dynamic polynomial integrity based QCP-ABE framework on large cloud data security

Abstract

With the exponential growth of cloud data and network services, the computational resources and cloud data security has become one of the interesting research area of real-time cloud environment. Different types of cloud services are integrated in various domain applications such as defense, e-health, clinical databases etc, for data storage and resource computing. Attribute based encryption is a public key cryptographic algorithm that allows the cloud users to provide more security to the cloud data in the cloud storage services. Most of the traditional attribute based encryption techniques are applied on small datasets to generate constant size cipher text using limited computing resources. In the existing attribute based techniques, most of the attributes are considered as textual information and static values for key generation, data encryption and decryption process. To overcome these issues, a novel dynamic chaotic map based hashing is implemented to improve the security of the quantum based CP-ABE model. In the proposed model, user’s attribute are secured using the dynamic chaotic map function for key initialization, data encoding and decoding process. In this model, both structured and unstructured large medical data are taken as input for integrity verification and encryption process. Practical simulation results show that the presented model has better accuracy in terms of cloud data encryption and decryption time and computed memory compared to the existing attribute based encryption and decryption techniques.

Keywords

Chaotic CP-ABE cloud environment data security

1. Introduction

With the exponential growth of cloud computing storage and data, data servers are to be trusted and confidential on sensitive data. Cloud computing allows users to store their sensitive information in re-mote cloud servers as per computing resources and storage capabilities. A large number of encryption algorithms have been proposed in the past 10 years to improve the data security in cloud computing. Due to the complex data type and limited computing resources such as memory and storage capacity, traditional algorithms are failed to process unstructured data.

A basic encryption scheme is applied to encrypt the sensitive data and then store them in different cloud servers. If the cloud servers are compromised in any case, the confidential data will remains unsafe [3]. This encrypted data can be effectively shared all through the system and some entrance control arrangements are embedded with the end goal to add extra security to the cloud. If there should be an occurrence of adaptable access control, symmetric encryption or open key encryption are not attainable when contrasted with other cryptographic schemes [1]. Hence, it is essential to implement a secure encryption system along with fine-grained access control mechanism for corporate data sharing among different cloud servers. Therefore, a new approach is developed by integrating both of the above mechanism which is termed as Property based encryption conspires. Characteristic based encryption plan can be characterized as an open key based encryption strategy which includes both the ideas of access control component and encryption [1, 2].

The cloud computing storage is implemented according to the users’ demand. The users are able to access their stored data from cloud server at any time. In recent era, vast amount of data are stored in cloud computing storage irrespective of their origin and nature [4]. The security and privacy of those data has become our prime concern. In order to resolve this issue of privacy and security, many crypto-graphic algorithms are developed. Cloud security can be characterized as the way toward scrambling a message to an encoded shape and decoding it by the approved users [3]. By actualizing a protected and progressed cryptographic calculation, stretched out security can be added to the delicate information present in cloud servers. Lamentably, the redistributed information is not inside the controlling scope of information proprietors. This information can be just controlled by cloud benefit providers [7]. As all clients have diverse access rights, fine-grained get to control can be actualized on clients of distributed storage frameworks. Numerous crypto-realistic methodologies are produced with the end goal to scramble the private information productively. Once more, the unscrambling keys are circulated among every approved client and enable the m to partake during the time pent decoding. Cloud servers as well as the unauthorized users are not allowed to decrypt the outsourced data. The conventional public key encryption approach can be categorized under a coarse-grained encryption technique. Apart from symmetric cryptographic encryption approaches, public-key techniques share its public key without compromising in data confidentiality and data integrity [6]. These public-key approaches are developed in order to transmit data securely from sender to the appropriate receiver. It is also responsible for storing confidential data and numbers of different applications with advancement of cloud technology, the requirement of computing data in cloud also increases. All the conventional public-key cryptography algorithms do not support the evaluation of cipher text data in cloud [4].

Traditional ABE approaches are developed for privacy preservation of cloud data on different cloud servers. An extended attribute based encryption technique includes a searching strategy for encrypted data. Hence, it is implemented in privacy preservation applications in the fields like finance, biomedicine and military database. Achieving the same level of security and performance along with other conventional techniques are more costly in terms of computational cost, storage cost and communication overheads [9]. The major disadvantage of attribute based encryption technique is that, the user’s attributes are static in nature. In order to add a new attribute or modify an existing attribute, the user needs a new private key. As the information and calculation are redistributed to a remote server, information honesty is required to be put up and checked continually in order to improve the calculation procedure. Information trustworthiness can be characterized as a property by which information is remained careful from unapproved adjustments and a slight change to information is noticed [8]. Calculation honesty includes the program execution not surprisingly and information are kept unaltered from malware, an insider or a malignant client. Information up rightness must be verified at the information level and calculation level.

The prime goal of the cloud based ABE demonstrate is to improve the expressiveness of access arrangements through applying dynamic area qualities. With the end goal to sup-port the area traits of cloud computing, various clients are required to get to these qualities and actualize customer server engineering. User authentication is an essential tool for data security and privacy preservation process. It verifies whether the provided identity is valid or not. There are four techniques generally implemented in order to verify the authentication of every individual user, those are

Passwords or PIN.

Tokens.

Dynamic biometric authentication.

Static biometric authentication.

In all these biometric authentication approaches, finger print and iris biometric authentication process are most robust in nature. The pattern of finger print varies from person to person. In other words it can be stated that, fingerprint patterns are considered as the patterns which is responsible for uniqueness of every person [10]. There exists no genetic correlation. Fingerprint patterns of identical twins also vary from each other. Also, it is not possible to change a person’s default fingerprint pattern with the help of medical surgery except digital modification. Additionally, these patterns have much faster reading ( $>$ 300 times) capability as compared to complex patterns while executing a pattern matching process. Both static and dynamic biometric authentications are capable to prevent repudiation. These two processes are completely immutable, as both of them have specific features.

A vast amount of data is shared over internet. These data are mostly personal sensitive data. With the rapid growth of cloud computing, presently most of the applications are deployed in cloud environment. Therefore, the amounts of such data are increasing day by day. If any unauthorized person will get access to these data, then all the sensitive data will be compromised. Hence, there is requirement of a strong and effective technique in order to protect these data. The advanced biometric based encryption schemes consider person’s biometric details as input in the encryption process to generate secret key. Additionally, the same biometric details are required in the process of decryption in order to decrypt the cipher text successfully. If both the biometric samples don’t match with each other, then the authentication process fails and that user won’t be able to decrypt the cipher text.

There are major challenges in the field of biometric data security and biometric data privacy. All the biometric data are protected in such a way that, no unauthorized person will ever can get access to those secure data. But there are still chances of identity theft or modification of biometric patterns such as fingerprint, face and voice. Raw biometric details are permanent for every individual person. These details can’t be reissued, revoked and modified in case of unauthorized or illegal access to these data. Sometimes these biometric details are shared and identities are disclosed. This may cause severe problem of user profiling, discrimination and loss of anonymity [5, 6].

A large number of chaotic encryption techniques have been proposed in the literature for data security and authentication process. In this process of chaotic encryption, a basic parameter of tent map is integrated along with a secret key in order to produce chaotic sequence with the help of forward iteration. Chaos dynamic mapping process gives rise to a deterministic pseudo-random series in the encryption process. $X(n+1)=E(x(n),z)$ . The previously encrypted cipher text is represented as $x(n)$ . There are many interesting features of Chaotic mapping, those are: sensitive dependence on initial state, random behavior, topological transitivity etc.

Hence, chaotic cryptography can be easily implemented in many practical real world applications. All the previously proposed techniques are not completely secure and those models still have some limitations. Most of these approaches emphasize on the encryption efficiency and mixture performance along with correlation analysis. No efforts have been carried out to emphasize on volatility and stationary corresponding to histogram and correlation distribution. In case of smaller histogram, the correlation will be well-distributed and the plain information is hidden effectively.

1.1 Requirements of biometric-based cryptographic key generation

Following are some of the requirements of biometric-based cryptographic key production process

Entropy: It must be confirmed that the encryption keys and passwords will be impossible to guess by the intruders. Key entropy is known as the total numbers of keys which are produced. In the key generation process it must be ensured that, no one will be able to guess and get access to the future states of the system by considering the previous stages. Additionally, highly compact and distinct characteristics must be chosen to produce high-entropy keys. It must be confirmed that, the input biometric sample is very hard to guess. So that, several attacks can be prevented.

Diffusion and confusion: Both of these are two important and essential processes of every individual cryptosystem. The process of confusion usually occurs at the initial stage of biometric key generation. Any unauthorized users who accidentally get access to the biometric data, but that user is prevented to produce the exact template. On the contrary, diffusion occurs in the subsequent phase. It has prime objective of scrambling the relationship among template and produced key. If an intruder gets access to the template, then he/she must not get any information related to the key [6].

Key stability: Key stability is the process of repeated production of a common key by using biometrics data. Generally, these biometric data are very much unstable and the template of a particular biometric feature may vary from one session to another. This variation may be because of change in acquisition device, environmental factors and physical changes.

Key revocability: Key revocation is the process of discarding all compromised keys of the system. There exist many issues and challenges in the process of biometric-based cryptographic systems. Biometric details are permanent for every individual and those can’t be changed at all. If the cryptographic keys are compromised, then those keys can’t be used in the process of encryption and decryption. Some biometric data are converted during the process of key revocation.

Biometrics is a special kind of approach which usually uses physical or physiological attributes or behavioral characteristics in order to verify a person’s authenticity. Among the applications of biometrics, physical and intelligent access controls, participation recording, installment frameworks, security, wrong doing/misrepresentation avoidance/location and outskirt security control are important. In the presented method, it accepts a biometric image as input and produces an encrypted version of biometric image. This encrypted image is again transmitted via an insecure channel.

1.2 Threshold secret sharing systems

Shamir secret sharing system was developed previously to distribute the complete sensitive information in between n parts. Reconstruction of information can be carried out using subset of n parts. This system usually acts like a threshold model which basically uses polynomial interpolation.

In this process two different positive integers are selected $\alpha$ and $\beta$ . Here, $\alpha\leqslant\beta$ . Additionally, another distribution of secret value $\delta$ in between users ( $u_{1},u_{2},\ldots,u_{n}$ ). In this case, subset of $\alpha$ users are permitted to take part in the reconstruction process of secret value $\delta$ .

Identity-based encryption technique is considered as a significant approach in the area of public key cryptography. The public key is basically a random string of unique information which is responsible for user identification. Some most common examples are: e-mail address, phone numbers, social security numbers etc. In most of the IBE technique, there is a Private Kay Generator (PKG) present. PKG is actually a third party server. PKG produces and publishes master public parameters PP of users’ identities. But, master secret parameters MSK are saved in a secure place. Following is the working phenomenon of any traditional IBE technique

Let us consider a scenario where Alice sends encrypted message to receiver Bob.

Bob’s email and PP are used to evaluate Bob’s public key PK.

Alice is responsible for executing encryption algorithm by using Bob’s PK. The secure encrypted message is then transferred to Bob.

Bob requires the appropriate private key sk (which was generated by using his email address) to access to the decryption key.

Bob takes part in the process of decryption and retrieves the decrypted message after executing the decryption algorithm.

Cloud computing environment in mostly insecure, as it is used worldwide. All the data are needed to be encrypted prior to uploading it on cloud [11]. Several classical public key encryption approaches can be implemented to enhance security, but it also gives rise to some issues which are mentioned below

For the encryption process to be executed, data owners requires user’s public key.

The storage overhead is increased, as for a single plain text there exist many public keys.

Quantum key distribution (QKD) involves the shared secret key generation between two parties via secured quantum channel. QKD is widely used in various security algorithms for data confidentiality. QKD is derived from quantum physics for key generation and it is perfect solution, whenever it is used in different applications. Security proofs by their nature are logical, conceptual and mathematical indispensable for security correctness. Quantum key distribution to traditional standard cryptographic models is quite hard to implement and it is difficult to evaluate the possible attacks [12, 21]. The main advantage of integrating quantum key distribution to ABE scheme is, it provides additional security to cloud data.

The typical quantum key distribution system is shown in Fig. 1. Only authorized parities of quantum key distribution are connected to each other through the quantum medium compared to classical channel. During the quantum key distribution process, A and B shared their quantum signals via the quantum channel and message exchange through the secured classical channel [22, 23].

Figure 1.

Classical QKD in cryptographic model.

In this paper, we have proposed a novel dynamic integrity based quantum CP-ABE model for large unstructured datasets. Therefore, the proposed ICQCP-ABE approach will be able to give perfect solution to access control system through the process of consideration, distribution, access control and confidentiality. The main advantages and limitations of the proposed model are discussed below.

The main advantages of the proposed model include:

This model supports high dimensional datasets either in text or media formats.

This model efficiently minimizes the encryption and decryption time on large datasets.

This model supports unstructured 3D medical image formats such as HDR, NII etc.

Limitations of the Proposed Model

The main limitations of the proposed model are:

Require high computational memory if the data size exceeds $>$ 1 GB.

This model requires static parameters initialization for integrity computation and encryption phases.

2. Related works

Chen et al. [1] performed a thorough survey on biometric data security and chaotic encryption techniques. They have integrated the traditional chaotic encryption technique along with Berboulli’s mapping. In this research work, they identified various security problems of biometric data applications. They studied and analyzed the previously developed cipher-based approaches and its drawbacks. Additionally, they also mentioned the issues of biometric data application characteristics. Here, an advanced encryption technique is suggested which is integrated with 2D Berboulli-Logistics map. Complete experimental evaluation is performed and the resulted outcomes show that, this scheme shows much better effect in case of correlation distribution and histogram. Apart from these this scheme also shows that, the ASC and volatility of this approach is very low as compared to logistic mapping technique. This above presented technique not only guarantees extended security, but also maintain hiddeness of the encryption perfectly. The outcomes of correlation distribution of encrypted data are more evenly interacted along with diffusion and mixture. The stochastic characteristics of histogram demonstrates that, the resulted outcomes of encryption process are much stationed. Hence, it becomes more complex to break both cipher system and plain text system. Moreover, the most widely implemented application of this approach is online based biometric data network [13]. During the time spent Public Key Encryption, two distinctive keys are utilized for encryption and unscrambling process. Among two of these keys, one key is open and the other one is private. People in general key are dispersed openly and the private key is just accessible to the collector. All messages are scrambled with receiver’s open key and the procedure of decryption is completed by the private key. This methodology offers ascend to extensive key administration overheads; henceforth it isn’t efficient enough for cloud condition. Figure content Policy Attribute-Based Encryption [3] procedure settles the underneath specified issues. This methodology identifies a client alongside its arrangement of qualities rather than his character. In the event that the client’s characteristics fulfill the comparing access arrangements, at that point just the client will be eligible for the procedure of decryption [14]. The CP-ABE conspire is superior to that of open key cryptography, in view of its base overhead during the time spent key administration. At the point when a specific private key of a client is imperiled, at that point just information documents of that particular client might be unscrambled by considering properties of the client. CP-ABE gives an improved rendition of security when contrasted with Symmetric Key Encryption methods.

Homomorphic encryption can be defined as the processing encrypted data on remote storage without decrypting it. It is considered as a vital approach in cloud. Homomorphic encryption checks the data confidentiality in order to resolve the security issue of storage or processing data by an untrusted third party. Cloud users are capable of using cloud services at any time and at any place via internet. Therefore, it fully utilizes the availability nature of cloud. Hardening and redundancy can be considered as two distinct approaches in order to enhance the availability of cloud system.

CP-ABE approach gives rise to many issues when implemented in the data sharing system. Users ‘private keys are generated through the KGC when the master secret key match attributes’ set of users. The proposed algorithm needs reduced amount of efforts in the process of storing public key certificates as compared to all other traditional public key infrastructure (PKI). The above algorithm fails to resolve key escrow problem in which KGC is able to decrypt each and every cipher text assigned to every individual user by the process of attribute keys generation. The mentioned issue violates data confidentiality constraints in data sharing systems. Another important disadvantage is known as key revocation [15].

Attribute Based Encryption technique encounters a major issue in the process of key revocation or update of every attribute. Here, every attribute is used by more than one user and several users may probably transform the associate attributes or change certain private keys too. This process of revocation is very important for maintaining data security as well as data privacy. Each and every user of the group is affected by either an individual user or attribute.

2.1 Traditional QKD using cryptographic models

The main goal of quantum key distribution is to generate a key K, which is used to transmit bits from source A to destination B via quantum signals without a shared key value. The quantum key distribution process is shown in Fig. 2. In this figure, BB84 protocol is used as key distribution using cryptographic model for secured data storage.

Figure 2.

QKD on cryptography model.

Tseng et al. [2] developed an advanced biometric-based framework in order to protect sensor health data in cloud [5]. Implementation of remote healthcare monitoring application has resolved many problems of healthcare domain and it is very much beneficial for both patients and healthcare professionals. In order to achieve this goal, HMA systems have to monitor patients’ record all the time. It usually uses sensors in order to gather data which are attached to patients’ body. These health-related data of patients are stored in cloud environment and these are considered to be super sensitive. Therefore, its privacy and security must be maintained. Apart from this, it is very much difficult to provide complete security to the real time vast quantity of data. In this research paper, a self-protective security framework is developed in order to protect cloud based HMA records. This framework has the following advantages

Prevents unauthorized access of unauthorized users.

All the data are self-protected with the help of biometric authentication system.

Series of experiments are carried out in the evaluation phase to check the validation of the proposed theory and significant results are obtained. In future, cost evaluation and integration analysis of the developed framework can be determined. Additionally, this framework can be implemented for other applications of biomedicine domain along with more large datasets.

Yang et al. [3] introduced an encrypted sensing mechanism for improvising security of biometric authentication system. In this piece of research work, they developed a new scheme in which biometric images are saved by implementing optical encryption techniques. Such types of approaches are also known as encrypted sensing approaches. These approaches are usually based upon the concepts of Double Random Phase Encoding (DRPE) and Compressed Sensing (CS). Additionally, encrypted sensing based upon DEPR is also applied with the help of Digital Holographic method. Numbers of different experiments are carried out in the evaluation phase. With the help of fingerprint images and finger vein images, encrypted biometric images are gathered. Restoration can be done accurately by using these encrypted images. Further research works can be carried out in order to improve security of this proposed technique.

Song et al. [4] proposed a new and advanced biometric-based encryption technique [7]. This scheme is an asymmetric authentication technique. The reference tokens are produced by the process of enrolment which is generally saved in biometric databases. This saved token will not be completely matched along with any newly provided biometric token. This is an important characteristic of biometric schemes. Password or PIN based authentication systems usually includes symmetric authentication technique. If the provided password or PIN will slightly differ from the original saved one, then the authentication process will fail and the authenticity of user is not verified. In mathematical analysis, chaotic functions are simply those where input does not generate output that is close to the range of the input. For example, Fig. 1 illustrates the nonlinear chaotic representation.

Figure 3.

Chaotic randomization.

1207959552x^25

-

1342177280x^23

-

830472192x^21

-

1870659584x^19

-

1014497280x^17

+

991952896x^15

+

964558848x^13

+

1175060480x^11

+

174272512x^9

-

1229955072x^7

+

1553434496x^5

+

36067200x^3

+

20808x With positive factor 1078647520

1979711488x^24

+

578813952x^22

-

1029701632x^20

+

749731840x^18

+

871235584x^16

-

555614208x^14

-

1401847808x^12

-

774422528x^10

-

182041600x^8

+

1202926976x^6

+

965151200x^4

+

1092624x^2

+

206 With positive factor 9657906

-

134217728x^23

-

738197504x^21

+

385875968x^19

+

830472192x^17

+

1524629504x^15

+

588251136x^13

-

514588672x^11

+

724172800x^9

-

321107968x^7

-

425169920x^5

+

38980864x^3

+

21632x With positive factor 1214550528

268435456x^24

-

964689920x^22

-

1507852288x^20

-

1792016384x^18

-

183894016x^16

+

91357184x^14

+

346521600x^12

+

818757632x^10

+

1242949120x^8

-

1220791936x^6

+

1062603360x^4

+

1157520x^2

+

210 With positive factor 3996114

1073741824x^25

-

-

2147483648x^23

+

192937984x^21

+

2038431744x^19

+

946339840x^17

-

2002780160x^15

+

673841152x^13

+

1271791616x^11

-

331466752x^9

+

1183477760x^7

+

2125078144x^5

+

42067584x^3

+

22472x With positive factor 990576864

-

1073741824x^26

-

1342177280x^24

-

1342177280x^22

-

1092616192x^20

+

1160249344x^18

+

1465778176x^16

-

305397760x^14

+

1670414336x^12

+

1807517696x^10

+

684548608x^8

-

1988899328x^6

+

1167772320x^4

+

1224936x^2

+

214 With positive factor 1160401066

0x^27

-

-

2147483648x^23

-

1073741824x^21

-

1170210816x^19

-

1507852288x^17

-

1222639616x^15

+

967835648x^13

-

250855424x^11

+

235315200x^9

-

294744064x^7

+

632764416x^5

+

45334080x^3

+

23328x With positive factor 1378812800

-

1073741824x^26

-

1879048192x^24

+

1879048192x^22

-

973078528x^20

+

1317535744x^18

-

1132331008x^16

-

1912864768x^14

-

1736417280x^12

-

1969756160x^10

-

2126109184x^8

-

512449024x^6

+

1281107520x^4

+

1294920x^2

+

218 With positive factor 1304585562

1073741824x^25

-

-

2147483648x^23

-

1476395008x^21

-

2013265920x^19

-

873988096x^17

+

2141192192x^15

+

1522827264x^13

-

643989504x^11

-

671623168x^9

+

1601777664x^7

-

587544832x^5

+

48787200x^3

+

24200x With positive factor 1362704928

-

2147483648x^26

-

1342177280x^24

-

1207959552x^22

-

905969664x^20

-

50331648x^18

+

196476928x^16

+

1350336512x^14

+

1163239424x^12

-

870346752x^10

+

404148736x^8

-

451731200x^6

+

1403075520x^4

+

1367520x^2

+

222 With positive factor 1499881762

0x^23

-

-

2147483648x^21

-

536870912x^19

+

805306368x^17

-

418381824x^15

-

927465472x^13

+

1752039424x^11

+

2135359488x^9

+

1796382720x^7

-

1515130880x^5

+

52433920x^3

+

25088x With positive factor 868648960

-

2147483648x^26

-

268435456x^24

+

939524096x^22

+

973078528x^20

+

218103808x^18

-

1229455360x^16

-

1250656256x^14

-

51470336x^12

+

1250463744x^10

+

1224784384x^8

-

1123725056x^6

+

1534160320x^4

+

1442784x^2

+

226 With positive factor 2116157726

-

1073741824x^25

-

-

2147483648x^23

-

1744830464x^21

-

1207959552x^19

-

1545601024x^17

-

1082130432x^15

+

1935114240x^13

-

205094912x^11

+

1039353856x^9

+

1068568576x^7

-

2128113408x^5

+

56281344x^3

+

25992x With positive factor 654846432

-

1073741824x^26

+

1342177280x^24

+

805306368x^22

-

704643072x^20

+

295698432x^18

-

307757056x^16

-

785383424x^14

-

1211670528x^12

-

1616918528x^10

-

665903616x^8

-

1794355712x^6

+

1674863680x^4

+

1520760x^2

+

230 With positive factor 951552102

0x^27

-

-

2147483648x^23

+

1073741824x^21

+

318767104x^19

-

176160768x^17

+

964689920x^15

+

977272832x^13

-

609304576x^11

+

991223808x^9

+

1875718144x^7

+

1891559424x^5

+

60336704x^3

+

26912x With positive factor 1379126144

-

1073741824x^26

-

268435456x^24

+

1879048192x^22

-

1753219072x^20

-

1507852288x^18

-

942145536x^16

+

695205888x^14

-

1816002560x^12

-

2013206528x^10

-

740505088x^8

-

1675684352x^6

+

1825705440x^4

+

1601496x^2

+

234 With positive factor 250928746

-

1073741824x^25

-

-

2147483648x^23

-

1577058304x^21

-

369098752x^19

-

908066816x^17

+

729808896x^15

+

39321600x^13

+

2026373120x^11

+

1731749888x^9

-

113717248x^7

+

1978285184x^5

+

64607360x^3

+

27848x with positive factor 1936249632

-

805306368x^24

-

637534208x^22

+

478150656x^20

+

1824522240x^18

-

1001914368x^16

+

1393033216x^14

-

1004666880x^12

-

780337152x^10

-

2070110720x^8

+

77002880x^6

+

1987223840x^4

+

1685040x^2

+

238 With positive factor 2117827602

-

1610612736x^23

+

1879048192x^21

-

1275068416x^19

-

503316480x^17

-

1166016512x^15

-

1463812096x^13

-

1628438528x^11

+

1903689728x^9

+

1289422848x^7

-

1842312192x^5

+

69100800x^3

+

28800x With positive factor 1949629952

3. Proposed model

Data security and privacy preserving are two major issues of the traditional cloud security models on the large data. Since, most of the third party service provides are un-trusted and more vulnerable with respect to clients’ confidential information [16, 21]. In order to improve the data security and privacy issues, each cloud users’ data are encrypted by using a novel integrity computation based Q-CPABE before uploading to the remote cloud server.

Proposed model has three procedures: User’s integrity value computation, quantum key generation and integrity based data encryption and data decryption. In the first procedure, user’s attributes are taken as input for integrity computation and these integrity values are used in the quantum key generation and the encryption procedures. In the second procedure, integrity value based quantum key generation procedure is constructed for the attributes, policies and key generation procedures of the CP-ABE model [17, 24]. In the third procedure, computed integrity values and quantum key are used in the setup, key generation, and encryption and decryption steps.

User integrity based QKD-CAPABE is a novel integrity based Quantum CP-ABE algorithm, which is responsible for encryption and decryption in cloud computing. In this model, the quantum key, secret key, public key and master key are based on user’s input attributes list. The cipher text is decrypted using the user’s attributes, access policy structure tree embedded in cipher text as shown in Fig. 4.

Figure 4.

Proposed model.

3.1 Iterative non-linear polynomial curves based integrity algorithm (INPIA)

Let $Z(n^{2},\ast)$ is a multiplicative group with ‘n’ group order such that $\text{Order}(n)\leqslant\text{Order}(Z(n^{2},\ast))$ .

In the proposed approach, a non-linear chaotic polynomial map is used to enhance the security parameters in the key generation process. The basic recursion relation for the non-linear equation is given as

$\displaystyle T_{n}=kx-T_{n-2}$ (1) $\displaystyle T_{0}=1$ (2) $\displaystyle T_{1}=k(1+\lambda^{2})$ (3)

Finally, $\frac{{\rm d}T_{n}}{{\rm d}s}$ represents the non-inear polymomial curves with higher powers where $\lambda$ is the randomized security parameter taken from $Z(n^{2},*)$ .

By solving the recurrence equation we will get the families of nonlinear polynomial curves with absolute higher factors.

Input: Initialization parameters, block size BS, Number of rounds NR, block bits, $h[]$ round hash vector, Data size DS, input data $D, x$ and $K$ are permutation matrices.

Output: Biometric Integrity value.

Step 1: Initialization of input parameters and hash vector. $h[\textit{blockbits}/8]$ $\leftarrow$ 0 //initialize hash vector to zero.

Step 2: Select one of the polynomial equation with secret key $s(k)$ as In order to enhance the overall volatility and stationary of security, a novel chaotic hash based technique is developed. It is basically an integration of Bernoulli Logistic with chaotic systems [18]. Logistic mapping is a traditional chaotic mapping technique which results more complex behaviors from the intervals [0, 1] into [0, 1]. The generation of state occurs according to the given equation

$\displaystyle s(n+1)=\alpha(H_{i})(1+x(H_{i}))$ (4)

Here, $\alpha$ lies in between the range of [3,7.4]. The above map is responsible for producing a pseudo-random state series with the help of chaotic discrete-time dynamic system. Bernoulli’s process can be defined as a discrete time stochastic process.

$\displaystyle P(x)=s(k)*p(x)$ (5)

where $p(x)$ is the curve taken from family of curves. $S(k)$ is the random element taken from group $Z$ .

Step 3: Compute

$\displaystyle\theta=\text{lcm}(r_{1}-1,r_{2}-1)\text{∼{}and∼{}}n=r_{1}\times r% _{2}.$ (6)

where $r_{1}$ and $r_{2}$ are the elements taken from cyclic group $Z$ .

Step 4: Select a number which is relative prime to $\theta$ as $p_{1}$ and compute $p_{2}$ as

$\displaystyle p_{2}=\frac{\theta}{(p_{1}+1)}$ (8)

Step 5: Select random values $a, b, c, d$ from $Z(n,\ast)$

Step 6: Compute $k_{1},k_{2},k_{3},k_{4}$ as

$\displaystyle K_{1}=1+b\ast(p_{1}\times p_{2})$ (9) $\displaystyle K_{2}=K_{1}^{a}\bmod(n^{2})$ (10) $\displaystyle K_{3}=c^{m_{1}}.k_{1}^{a_{2}}\bmod(n^{2})$ (11) $\displaystyle K_{4}=c^{m_{1}}.d^{p_{1}.(r_{1}\times r_{2})}\bmod(n^{2})$ (12)

Step 7: Round key permute $R_{1}=\{k1,k_{2},k_{3},n_{1},$ $g_{1}.g_{2},P(x)\}$ .

Step 8: Round key permute $R_{2}=\{m,r_{1},r_{2},\theta,$ $s(k)\}$ .

Step 9:While (DS $>$ BlockBits/8)

Do $P\leftarrow$ First 4 bytes of sub block For each partition block PBlock Do For ( $r=$ 0 to NR) Do Choose $R_{1}$ and $R_{2}$ keys as $x$ and $K$ as random permutation box.

$\displaystyle x_{1}=(K^{T}.x)\bmod(\max\{x.\text{eigenvalues}()\})$ $\displaystyle y=\text{K.Kronproduct}(x_{1}).\text{scale}(256)$ $\displaystyle C_{i}=P[i]+c[\max(0,i-1)]$ $\displaystyle C_{i}=\text{Max}\{R_{1},R_{2}\}\oplus C_{i}\oplus y_{i}$

Done

$\displaystyle P[i]\leftarrow\text{LeftReverse}(P[i])$ $\displaystyle P[i]\leftarrow\text{RightShift}(P[i],3)$

If ( $r+1<$ NR) Then

$\displaystyle P[i]\leftarrow\text{RightShift}(P[i],3)$ $\displaystyle P[i]\leftarrow\text{Leftshift}(P[i],6)$ $\displaystyle P[i]\leftarrow\text{RightshiftR}(P[i])$

End if Done

$\displaystyle H=h_{0}+h_{1}+\ldots+h_{\text{NR}}$

Done

3.2 Bilinear pairing

Let us consider $G_{0}$ and $G_{1}$ are two separate multiplicative cyclic groups of prime order $q$ . Here, $<$ $g$ $>$ is the producer of $G_{0}$ . Bilinear map can be represented by $e$ . This implies $G_{0}\times G_{1}\to G_{1}$ .

There are two important conditions which are required to be satisfied for occurrence of bilinear pairing

For every individual $a,b\in Z_{q}^{+}$ and < $g$ > in $G_{0}$ . Here, $e(g^{a},g^{b})=e(g,g)^{ab}=e(g^{b},g^{a})$ .

$e(g,g)\neq$ 1 (in case of non-degenerated).

If and only if the above two conditions will be satisfied, then only bilinear map can be evaluated. This technique is effectively integrated with Bernoulli’s mapping in order to enhance the overall randomness and performance.

3.3 Quantum key distribution for key setup and generation

Proposed quantum key distribution (QKD) requires communication channels such as quantum channel and a normal data channel [19, 23]. The sender and receiver both require random generators from the cyclic group and a set of basic and polarizing qubits. In this model, we have used BB84 authentication protocol to prevent the quantum channel being attacked during communication by the man-in-the-middle attacks [20, 22]. The shared key generated from the QKD are distributed to authorized users for QKB based CPABE model. The QKD based CP-ABE scheme also involves four basic algorithms like KeyGen, Decrypt, Setup, and Encrypt which are described below

3.4 Setup scheme

Let $G$ be the bilinear group with prime order $p$ and generator $k$ , which statisfies bilinear property and non-degeneracy property such that $\theta_{1},\theta_{2}\in G_{p}$ . The public key and master key can be generated as

$\displaystyle\text{PublicKey}(P_{k})=\{\text{ProposedHash}$ $\displaystyle(\text{Quantumkey}|\text{attributes}),(g\in G_{1}(H[i]),$ $\displaystyle g_{p}\in G_{2}(H[i])/G_{1},G_{2}\in\text{Integrityvalues}(H[i]),$ $\displaystyle h\in Z_{r},g=e(g,g_{p})\}$ (13) $\displaystyle\text{MasterKey}(M_{k})=\{\alpha\in P_{k}(g_{p}),\beta\in$ $\displaystyle\text{Hash}(\text{secretkey}(\text{HAtr1}[0]\text{\^{}}\text{% HAttr}2[1]\text{\^{}}\ldots$ $\displaystyle\text{HAtr1}[n])),Z_{r},e(\alpha,\beta)^{\theta_{2}}\}$ (14)

It generates the master key ( $M_{k}$ ), QKD shared key and public key parameters ( $P_{k}$ ).

3.5 Encrypt scheme

The encryption algorithm takes the original plain text message $(M)$ as input and generates the desired cipher text. The encryption technique encrypts the message $M$ using the access tree structure $T$ . Starting with the root node, this technique selects a random number $r$ in $p$ -integer modulo $Z$ and sets $q(R,0)=r$ . For the intermediate nodes $x$ , it sets $q(x,0)=q(\text{parentnode}(x,\text{index}))$ . Let $L$ be the set of leaf nodes in access tree structure, then the cipher text is generated based on the given access tree structure $T$ as.

$\displaystyle\text{CipherText}(C)=\{C^{1}=M.e(k,k)^{\Theta_{1}.r},$ $\displaystyle T,C^{2}=m^{r},\forall x\in X:C_{x}=k^{q(x,0)},$ $\displaystyle C_{x}^{1}=H(A(x))^{q(x,0)}$ (15)

Checking the homomorphic property for data encryption:

Homomorphism encryption and decryption uses $\psi(i)_{0}$ , $\psi(i)_{0}^{\prime}$ as input.

Additive Homomorphic Encryption

$\displaystyle\text{EncD}(I_{1}+I_{2})=\text{EncD}(I_{1})+\text{EncD}(I_{2});$

Multiplicative Homomorphic Encryption

$\displaystyle\text{EncD}(I_{1}.I_{2})=\text{Enc}(I_{1}).\text{Enc}(I_{2});$ $\displaystyle\psi(i)_{0}=\text{EncD}(I_{1}):=\text{EncD}(I_{1})=(I_{1}+\gamma*% \beta)\bmod n$

where $n=\alpha*\beta$ .

$\displaystyle\psi(i)_{0}^{\prime}=\text{EncD}(I_{2}):=\text{Enc}(I_{2})=(I_{2}% +\gamma*\beta)\bmod n$

where $n=\alpha*\beta$ .

$\displaystyle\text{EncD}(I_{1}+I_{2}):=\text{Enc}(\psi(i)_{0})+\text{Enc}(\psi% (i)_{0}^{\prime});$ $\displaystyle\text{EncD}(I_{1}+I_{2}):=(I_{1}+\gamma*\beta)\bmod(n)+(I_{2}+% \gamma*\beta)\bmod\;n$ $\displaystyle\text{EncD}(I_{1}.I_{2}):=\text{EncD}(\psi(i)_{0}).\text{EncD}(% \psi(i)_{0}^{\prime});:=(I_{1}+\gamma*\beta)\bmod n.+(I_{2}+\gamma*\beta)\bmod n;$

3.6 KeyGen scheme

The KeyGen algorithm generates private key (PrK) using the attributes’ set (A). The KeyGen algorithm takes set of attributes A, QKD (sharedkey) as input and generate secret key as output. This algorithm selects a random number r and rand ${}_{j}$ for each attribute $A_{j}$ and these random numbers are selected as the factor of QKD (sharedkey) and holds in $Z_{p}$ .

$\displaystyle\text{SecretKey}(S_{k})=\{D=k^{(\Theta_{1}+\text{rand})/\Theta_{2% }},$ $\displaystyle D(j)=k^{\text{rand}*H(j).\text{rand}_{j}},D(j)=k\text{ rand}_{j}\}$ (16)

3.7 Decryption scheme

It accepts private key (Sk, attributes’ set (A)), cipher-text (C, embedded with the access structure (T)), and public key (PK) as input. Decryption process is executed recursively. A recursive procedure is executed with three parameters cipher text, secret key, attributes set A and the node x from access tree T. Checking the homomorphic property for data decryption:

Consider M.e ( $\text{EncD}(I_{1}+I_{2})$ ), Enc( $I_{1}.I_{2}$ ).e( $C(i)_{1}$ , $K_{1,i}$ ).e( $C(j)_{2}K_{1,j}$ ).e( $C(k)_{3}$ , $K_{1,k}$ ) to extract added pattern policy.

$\displaystyle\text{EncD}(I_{1}+I_{2})=\text{Enc}(\psi(i)_{0}+\psi(i)_{0}^{% \prime})=\text{Enc}(\psi(i)_{0})+\text{Enc}(\psi(i)_{0}^{\prime});:=(\psi(i)_{% 0}+\gamma*\beta)\bmod n+(\psi(i)_{0}^{\prime}+\gamma*\beta)\bmod n\text{EncD}(% I_{1}.I_{2})$ (18) $\displaystyle:=\text{Enc}(\psi(i)_{0}.\psi(i)_{0}^{\prime})$ (19) $\displaystyle:=\text{Enc}(\psi(i)_{0}).\text{Enc}(\psi(i)_{0}^{\prime});:=(% \psi(i)_{0}+\gamma*\beta)\bmod n.+(\psi(i)_{0}+\gamma*\beta)\bmod n;Dec(\text{% EncD}(I_{1}+I_{2}))$ (21) $\displaystyle:=(\text{EncD}(\psi(i)_{0}+\psi(i)_{0}^{\prime}))\bmod\alpha:=((% \psi(i)_{0}+\gamma*\beta)\bmod n+(\psi(i)_{0}^{\prime}+\gamma*\beta)\bmod n)\bmod\alpha$ (22) $\displaystyle:=I_{1}+I_{2}\to(1)Dec(\text{EncD}(I_{1}.I_{2})):=(\text{EncD}(% \psi(i)_{0}.\psi(i)_{0}^{\prime})$ (23) $\displaystyle:=\text{EncD}(\psi(i)_{0}).\text{Enc}(\psi(i)_{0}^{\prime}))\bmod% \alpha;:=((\psi(i)_{0}+\gamma*\beta)\bmod n.+(\psi(i)_{0}^{\prime}+\gamma*% \beta)\bmod n)\bmod\alpha;$ (24) $\displaystyle:=I_{1}.I_{2}$ (25)

4. Experimental results

All the experiments are executed on the real time Amazon AWS cloud storage with client configurations as Intel (R) CPU 2.13 GHz, 8-GB RAM. This framework requires third party libraries Amazon Java SDK, Jama, Apache commons and Apache Math.

Table 1
Comparison of the proposed model to the existing models in terms of different computing properties

Properties	MD5	SHA-256	SHA512	SHA-1024	Whirlpool	Proposed integrity algorithm
Static key	Yes	High	Yes	Yes	Yes	Yes
Dynamic key	No	No	No	No	No	Yes
Keysize	Fixed	Fixed	Fixed	Fixed	Fixed	Variable
Large data	No	No	No	No	No	Yes
Communication overhead	High	High	High	High	High	Low

Table 2

Efficiency of the proposed model to the traditional hash approaches

Cloud medical data	MD5	SHA-1024	Whirlpool	Proposed integrity algorithm
Efficiency	$O(n^{2k})$	$O(nk\log(n))$	$O(n\log(nk))$	$O(n\log(k))$

4.1 Cloud environment

In the proposed cloud environment Amazon cloud servers are used to simulate the results of the proposed model on medical data security. In the proposed cloud server, Amazon ec2 instances and S3 are used to simulate the data security using the integrity and encryption algorithms. Amazon Elastic Compute Cloud (Amazon EC2) provides variable-sized computation capacity in the cloud. EC2 gives straightforward and simple web-scale calculation for designers. An easy to understand interface is accessible for setup of equipment limit expected to the best detail, with a next to no measure of exertion. The above interface is in charge of consideration and deletion of occasions. EC2 occasions are set in Virtual Private Cloud (VPC) by allowing the client to figure out which examples ought to be revealed to web. With the end goal to deal with both inbound and outbound system get to, security gatherings and system ACLs are executed. To screen and monitoring these EC2 cases, Amazon presents CloudWatch [2] web benefit. CloudWatch is in charge of productive asset usage, request designs and operational performance. Elite registering (HPC) offered by Amazon handles clients having complex computational remaining burdens. In the event of Amazon EC2, clients are allowed to pick a working framework, stack it with a conventional application, setting system get to rights, cloning that occasion and including processing power.

Figure 5.

Performance analysis of key generation for the proposed model to the existing models.

Figure 5 describes the comparison of the proposed model to the existing models in terms of change bit of hash value and its variation. In the table, it is clear that the proposed model has better change bit hash value as compared to the traditional models.

Figure 6.

Comparative analysis of proposed model to existing models in terms of average computational time.

Figure 6 illustrates the comparison of the proposed model to the existing models for runtime computation. In the experimental study, different data sizes are used to find the average computational time. From the figure, it is clear that the proposed model has high computational efficiency for cloud security.

Figure 7.

Comparative study of proposed model to the existing models in terms of dynamic key generation time and number of attributes.

Figure 7 describes the computational time of the proposed model to the existing models for the key generation process. In the proposed model, the computational time of the dynamic key generation is better than the existing models.

Table 1 describes the comparison of the proposed cloud computing metrics to the traditional models. In the table, proposed Integrity approach hash different properties such as static key, large data and dynamic key generation process. Also, proposed model has variable key size and supports low communication overhead compared to the traditional methods.

Table 2 illustrates the efficiency of the proposed integrity verification model to the traditional verification approaches in terms of sensitivity and hash computation. From the Table 2, it is observed that the present integrity approach is better than the traditional approach for hash generation. Here, $n$ represent bit size, $k$ represents key size.

5. Conclusion

This paper presents a novel integrity based quantum key CPABE with enhanced dynamic key generation. In this model, a set of polynomial curves are generated using the complex chaotic function. Traditional attribute based encryption models difficult to process large amounts of cloud data using the dynamic key generation process. Also, traditional attribute based encryption models are independent of integrity value due to minimal computing resources. To overcome these issues, a novel integrity based chaotic quantum CP-ABE model was implemented in cloud environment. In the proposed model, user’s attribute are secured using the dynamic chaotic map function for key initialization, data encoding and decoding process. Practical simulation results show that the presented model has better accuracy in terms of cloud data encryption and decryption time and computed memory compared to the existing attribute based encryption and decryption techniques. Experimental results proved that the proposed model has high computation speed, storage overhead and secured key distribution compared to traditional CPABE, KPABE and CQ-CPABE models.

References

Chen

Yang

Guo

and Wang

, Dual-server public-key encryption with keyword search for secure cloud storage, in: IEEE Transactions on Information Forensics and Security 11(4) (2016), 789–798.

Tseng

F.K.

Chen

R.J.

and Lin

B.S.P.

, iPEKS: Fast and secure cloud data retrieval from the public-key encryption with keyword search, 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, VIC, (2013), 452–458.

Yang

Chen

and Du

, Improving privacy and security in decentralizing multi-authority attribute-based encryption in cloud computing, in: IEEE Access PP(99) (2011), 1–1.

Song

and Wang

, Homomorphic cloud computing scheme based on hybrid homomorphic encryption, 3rd IEEE International Conference on Computer and Communications (ICCC), Chengdu, China (2017), 2450–2453.

Hamdi

N.M.

and Kim

T.H.

, A new biometric-based security framework for cloud storage, 13th International Wireless Communications and Mobile Computing Conference (IWCMC), Valencia (2017), 390–395.

Sabri

H.M.

Ghany

K.K.A.

Hefny

H.A.

and Elkhameesy

, Biometrics template security on cloud computing, International Conference on Advances in Computing, Communications and Informatics (ICACCI), New Delhi (2014), 672–676.

Gan

Xiao

and Zhao

, A novel secure data transmission scheme using chaotic compressed sensing, in: IEEE Access 6 (2018), 4587–4598.

Tan

C.C.

Wang

Zhong

and Li

, IBE-lite: A lightweight identity-based cryptography for body sensor networks, in: IEEE Transactions on Information Technology in Biomedicine 13(6) (2009), 926–932.

Von Solms

S.H.

Tait

B.L.

, Solving the problem of replay in biometrics-an electronic commerce example, in: Proceedings of 5th IFIP Conference on Challenges of Expanding Internet: E-commerce, E-business, and E-government (I3E 2005), Poznan, Poland (2005), 468–479.

10.

Wang

Ren

and Lou

, Enabling public verifiability and data dynamics for storage security in cloud computing, Proc 14th European Symp Research in Computer Security (ESORICS ’09) (2009), 355–370.

11.

Ateniese

Burns

Curtmola

Herring

Kissner

Peterson

and Song

, Provable data possession at untrusted stores, Proc 14th ACM Conf Computer and Comm Security (CCS 07) (2007), 598–609.

12.

Juels

and Kaliski

B.S.

, Jr, Pors: Proofs of retrievability for large files, Proc 14th ACM Conf Computer and Comm Security (CCS’07) (2007), 584–597.

13.

Shacham

and Waters

, Compact proofs of retrievability, Proc 14th Int’l Conf Theory and Application of Cryptology and Information Security: Advances in Cryptology (ASIACRYPT ’08) (2008), 90–107.

14.

Bowers

K.D.

Juels

and Oprea

, Proofs of retrievability: Theory and implementation, Report (2008)/175, Cryptology ePrint Archive (2008).

15.

Naor

and Rothblum

G.N.

, The complexity of online memory checking, Proc 46th Ann IEEE Symp Foundations of Computer Science (FOCS ’05) (2005), 573–584.

16.

Chang

E.-C.

and Xu

, Remote integrity check with dishonest storage server, Proc 13th European Symp Research in Computer Security (ESORICS ’08) (2008), 223–237.

17.

Shah

M.A.

Swaminathan

and Baker

, Privacy-preserving audit and extraction of digital contents, Report (2008)/186, Cryptology ePrint Archive (2008).

18.

Oprea

Reiter

M.K.

and Yang

, Space-efficient block storage integrity, Proc 12th Ann Network and Distributed System SecuritySymp (NDSS ’05) (2005).

19.

Schwarz

and Miller

E.L.

, Store, forget, and check: Using algebraic signatures to check remotely administered storage, Proc 26th IEEE Int’l Conf Distributed Computing Systems (ICDCS ’06) (2006), 12.

20.

Wang

Ren

Lou

and Zhang

, Dependable and secure sensor data storage with dynamic integrity assurance, Proc IEEE INFOCOM, (2009), 954–962.

21.

Kumar

S.K.

and Naidu

P.S.

, Secure key management in cloud environment using quantum cryptography, Ingenierie des Systemes d’Information 23(5) (2018), 213.

22.

Kumar

S.K.

and Naidu

P.S.

, A novel integrity-verification based secured ABE model for cloud computing, International Journal of Research 5(11) (2018), 372–378.

23.

Kumar

S.K.

and Naidu

P.S.

, IBLIND quantum computing and HASBE for secure cloud data storage and accessing, Revue d’Intelligence Artificielle 33(1) (2019), 33–37.

24.

Kumar

S.K.

Naidu

P.S.

and Kumar

P.V.S.

, Efficient quantum cryptography technique for key distribution, Journal Europeen des Systemes Automatises 51(4-6) (2018), 283.

An improved dynamic polynomial integrity based QCP-ABE framework on large cloud data security

Abstract

Keywords

1. Introduction

1.1 Requirements of biometric-based cryptographic key generation

1.2 Threshold secret sharing systems

2.1 Traditional QKD using cryptographic models

3.3 Quantum key distribution for key setup and generation

3.4 Setup scheme

Table 1 Comparison of the proposed model to the existing models in terms of different computing properties

References

Table 1
Comparison of the proposed model to the existing models in terms of different computing properties