A Searchable Re-encryption Storage Method in Cloud Environment

Publications

Share / Export Citation / Email / Print / Text size:

International Journal of Advanced Network, Monitoring and Controls

Xi'an Technological University

Subject: Computer Science, Software Engineering

GET ALERTS

eISSN: 2470-8038

DESCRIPTION

7
Reader(s)
16
Visit(s)
0
Comment(s)
0
Share(s)

SEARCH WITHIN CONTENT

FIND ARTICLE

Volume / Issue / page

Related articles

VOLUME 3 , ISSUE 2 (May 2018) > List of articles

A Searchable Re-encryption Storage Method in Cloud Environment

Wang Hui * / Hong Bo / Tang Junyong

Keywords : Cloud Storage, Re-encryption, Decrypt, Reliability

Citation Information : International Journal of Advanced Network, Monitoring and Controls. Volume 3, Issue 2, Pages 89-94, DOI: https://doi.org/10.21307/ijanmc-2018-046

License : (CC-BY-NC-ND-4.0)

Published Online: 07-May-2018

ARTICLE

ABSTRACT

Traditional cloud storage systems do not adapt well to different application environment and does not guarantee the integrity and confidentiality of cloud data. In order to solve the problems brought by the hysteretic and density in the cloud storage system,A Searchable Re-encryption Storage Method (SReCSM) is proposed in this paper. The central idea of the SReCSM is to generate a re-encryption key and decrypte while the keyword matched. Simulation results show that SReCSM introduced in this paper has better security and reliability.

Graphical ABSTRACT

I. INTRODUCTION

In order to meet the various storage demands, cloud storage is designed to store data in cloud and is widely used in the Internet. Compared with traditional data storage, it greatly improves the efficiency of the mass data storage and utilization of network resource. It is essential to reduce user download wait time for a requested file from a network to enhance client quality experience. Therefore, cloud storage faces serious security and efficient problems [1].

Traditional cloud storage systems do not adapt well to different application environment and does not guarantee the integrity and confidentiality of cloud data. Therefore, it’s very dangerous for sensitive data to be stored directly in the cloud. The reliability of the mobile cloud storage depends on the extent of the impact on system storage efficiency while the storage solution fails [2]. Therefore, storing sensitive data on un-trusted server is a challenging issue [3]. Simple encryption techniques have key management issues and which can’t support complex requirements such as query, parallel modification, and fine-grained authorization. To guarantee confidentiality and proper access control of sensitive data, classical encryption is used [4].To solve the problems brought by the hysteretic and density of traditional storage methods in the cloud storage system, in this paper, SReCSM, Searchable Re-encryption Storage Method is proposed.

II. RELATED WORK

Efforts have been taken by researchers, developers, practitioners, and educators to identify and discuss the technical challenges and recent advances related to cloud storage. Han et al. proposed [5] multi-path data prefetching in mobile cloud storage. Wang et al. [6] presented an Optimized Replica Distribution Method (ORDM) in cloud storage system. Chen et al. [7] proposed a new metric called joint response time, which not only considers the waiting time when the requested data are unavailable but also the queuing delay and service time when data become available.

Tysowski et al. proposed several useful schemes in [8]. One scheme is a Manager based Re-encryption Scheme (MReS), which acomplished the security through the proxy re-encryption scheme. And the other cryptographic scheme proposed in [8] is Cloud-based Re-encryption Scheme (CReS). Although MReS and CReS make up for the limitations of the existing schemes, these two schemes are more complex and need more time to re-encrypt. [9] propose proxy re-encryption algorithm to confirm the security of the datain thecloud, which can alleviate the client’s burden, and enhance the confidentiality of cloud data. However, there are two major disadvantages with these techniques. First, for re-encryotion, the data owner must obtain user’s public key before uploading. Second, because the same plaintext is used with different keys gerenated by proxy, therefore, the storage overhead becomes excessive.

III. SEARCHABLE RE-ENCRYPTION METHOD

The central idea of the searchable re-encryption is to generate a re-encryption key and decrypte while the keyword matched. By using searchable re-encryption method, SReCSM may increase the storage requirements because all the encrypted data must be stored. The objective of the proposed searchable re-encryption method is to improve the storage requirements, bring down the security risks, minimize the scheduling time, overhead ratio and the storage cost. This technique will not provide the effective data utilization. The new method SReCSM is easier and faster to implement in the cloud while sorting the matrix by using the searcherable keyword. SReCSM would reduce the cost and the time complexity will be reduced.

A. Symbol Definitions

Symbols in the Searchable Re-encryption method are defined in the in Table I.

TABLE I.

SYMBOL DEFINITION

10.21307_ijanmc-2018-046-tbl1.jpg

B. Keyword Editing

The keyword can be edited in three cases while searching. We can edit the keyword while inserting, deleting or substituting. Let us suppose that n is this notation and the keyword edited is ED(Key).

10.21307_ijanmc-2018-046-f005.jpg

These three different cases can help us edit the keywords easily. The user handles some of the wrong situations by using the keyword. And we can edit the keyword to recover errors through these three different situations.

C. Searchable Re-encryotion

The core of the searchable re-encryption method is to generate a re-encryption key only when the keyword matches to the character. Re-encryption operates over two groups G1 and G2 of prime order q with a bilinear map e : G1×G1G2. The parameters of the cloud system are random generators gG1 and Z = e(g, g)∈G2. The Searchable Re-encryption can be defined in the following algorithms.

Next, the algorithm 2 is described in detail. In algorithm 2, the keywords should be searched first. The file would be decrypted with this keyword only when the keyword matches. And then the data can be received, stored, and accessed in the cloud.

10.21307_ijanmc-2018-046-f006.jpg

The keywords are included in the private key and will be searched in the database. Keyword contained in the private key should be validated in the cloud storage database. In the cloud system, the data will be transmited to the servers and then be stored in the database. Data can be accessed from the database through this keyword. The mode of “Keyword Editing” can be used to insert, delete, and replace when the keyword does not match. On the contrary, the data will be received from the cloud server once the keyword matches.

10.21307_ijanmc-2018-046-f007.jpg

The data may be shared between the owners and the users through the cloud server, which is introduced in detail in algorithm 3. First, the public key and the private key will be created by the data owners. Next, the public key is shared to the cloud server and the private key is shared to the data receiver. There is the keyword in each private key and public key, and the data users can retrieve data through this keyword. Finally, the data will be transfered by the cloud server only when the keyword of the public key and the keyword of the private key is matched.

10.21307_ijanmc-2018-046-f008.jpg

Algorithm 4 introdeces the scheme of data encryption, in which the data will be encrypted through the RSA algorithm. First, the two prime numbers are multiplied together, and then compute the product. Each data may be encrypted with Euler’s function of E(r). Keyword of the public key and private key are contained in encrypted data. And each data is modeled by using function of E(r).

10.21307_ijanmc-2018-046-f009.jpg

Algorithm 5 introdeces the scheme of data re-encryption, in which the data will be encrypted through the AES algorithm. The re-encryption keys for authorized user’s list will be generated by the user ‘M’. The public key and private key of the users’ can be used by ‘V’.

PU(Key)Re=PR(Key)Re=(gxi)1xM,νiV

The CSReSM generates the vIZq* and encrypts the data through the following steps randomly:

ZnewvI=ZvIPU(Key)(EN(Dat)ZnewvI)=(ZvIM)EN(C)=ZvIM,   EN(CM)=gvIxM

The encrypted data ‘EN(C)’ will be uploaded through CSReSM and ‘EN(CM)’ represents the mobile user ‘M’. The CSReSM transforms ‘EN(CM)’ into ‘EN(CM)Re’ using the re-encryption key PU(Key)Re and EN(CM) as shown in the following equation:

EN(CM)Re=e(PU(Key),EN(CM))=e(gxixM,gxMvI)=e(g, g)xivI

10.21307_ijanmc-2018-046-f010.jpg

Algorithm 6 introdeces the scheme of data decryption, in which the data will be decrypted through the steps described above. First, the decryption key will be used by the user, and the decryption key contains the keyword of the private key. After selecting the number of files, the data will be decrypted through modulo function.

D. Security analysis

Assuming that the reliability of the cloud storage system is identified by symbol A. The time of encryption through different encryption algorithms is At, the encryption time At is reversed first, and after the normalization processing, Aj, is got from At. The storage cost of the different node is normalized to be the value Ak. The number of the storage states for the cloud storage is the value n the reliability model of the system is shown in formula (1).

(1)
A=[1(1Aj)n][1(1Ak)n]

It can be concluded from the analysis of the reliability model. When the vale t tends to be infinite, which means t →∞, the storage cost of the node in the cloud system also tends to a certain stable value, and the state of storage strategy tends to be stable. When the value of Aj and Ak are more closer to 1, and the value of n is more large, the cloud storage system will be more reliable and with higher security.

IV. EXPERIMENT

The proposed scheme SReCSM Searchable Re-encryption Storage Method was developed and verified through Python. The real-time ability, security and reliability of SReCSM was evaluated through a series experiments. In this part, we analyzed the prediction, the searching time, searching efficiency and storage space while performing moving, copying, encryption, re-encryption, storing and decryption. The final experimental results are comparative analyzed with the existing technologies including CReS and MReS, and the results show that SReCSM has better security and reliability.

A. Uploading and Downloading of SReCSM

The data response tests are performed on file upload, file copy and file movement, for large files and small files respectively.It can be known that 94 percent of transactions in a mobile cloud storage system can be implemented quickly within two seconds. The experimental results show that the system responds fast. Table II and Table III are the test result.

TABLE II.

THE PERFORMANCE OF THE MOBILE END UPLOAD THE DATA

10.21307_ijanmc-2018-046-tbl2.jpg
TABLE III.

THE PERFORMANCE OF THE MOBILE END DOWNLOAD THE DATA

10.21307_ijanmc-2018-046-tbl3.jpg

The ratio of CPU occupancy to upload speed is shown in table II, which the data on the mobile side are tested before the encryption and after the encryption respectively.

The ratio of CPU occupancy to download speed is shown in table III, which the data on the mobile side are tested before the decryption and after the decryption respectively. It can be known from the table II and the table III, if the encryption and decryption mechanism are used for transmission, then the CPU utilization will be increased by an average of 22% ∼ 25% and the overall file transfer rate will be reduced by 30% ∼ 35%. As we can see, when the encryption and the decryption mechanism are used, more than three times the performance loss can be caused on the mobile end side.

B. Encryption and Re-Encryption SReCSM

The keyword can be set and searched in proposed method SReCSM. Only if the value of the keyword just matches, data can be received. Suppose that the number of the users in proposed method SReCSM is 600 users, and the available number of the searching keywords range from 600 to 6000. The cloud server store the keywords and all encrypted data through the database.

There are two questions to be considered: One is the impact of encryption and decryption on file speed.The other is the impact of encryption and decryption on the performance of the client host. The experimental data are listed in Table IV, which includes the time spent on encrypting the different sizes or different type files by using SReCSM and the time spent on transmitting the file.

TABLE IV.

TIME COMPARISON ON ENCRYPTION AND DECRYPTION BY USING SRECSM

10.21307_ijanmc-2018-046-tbl4.jpg

It can be concluded from the above test data, the time spent on encryption or decryption by using SReCSM is regardless of the file type.

The same size files are encrypted by different CReS, MReS, or SReCSM algorithms and then the re-encryption time is different, as shown in table V and Figure 1. The 167.58 MB file in table V is the test case.

Figure 1.

Comparison of Re-encryption time

10.21307_ijanmc-2018-046-f001.jpg
TABLE V.

TIME COMPARISON FOR DIFFERENT ALGORITHM ENCRYPTION

10.21307_ijanmc-2018-046-tbl5.jpg

In the SReCSM proposed in this paper, the time of encryption or decryption is relatively short. It may take a relatively long time to encrypt files by using the CReS, which cause a significant additional time overhead for HDFS. However, the encryption time that MReS encrypting the file was not significantly increased compared to SReCSM. Besides the impact on overall transmission rates, the impact of encryption and decryption on mobile performance is also important.

The comparison of the storage space required in different schemes is shown in Figure 5a. As the number of keywords increase, the storage space required by the cloud system also becomes larger. More storage space have been required by the existing schemes such as CReS and MReS. However, we can see in figure 2a that SReCSM utilize the data transfer effectively and moreover reduce the storage space requirements in the system.

Figure 2.

Comparison while increasing the number of keywords

10.21307_ijanmc-2018-046-f002.jpg

It can be observed from the trends presented in Figure 2b that the searching time varies according to the number of keywords. The available number of the searching keywords range from 600 to 6000. As the number of keywords increases, searching time required by the system also increase. More searching time have been need by CReS and MReS. And we can see in Figure 2b that lesser time was need to search using SReCSM. If the searching keyword does not match, SReCSM will immediately use the edit function.

MReS, CReS, and SReCSM offload the re-encryption operations in cloud system. And then in the following experiment, we examined the energy consumption and turnaround time while the re-encryption operation were performed. The experimental results are shown in Fig. 3.

Figure 3.

Comparison while re-encryption and decryption

10.21307_ijanmc-2018-046-f003.jpg

We can see from Figure 3a and 3b, while re-encryption operations were performed in mobile terminal, the turnaround time and energy consumption will increase according to the file size increases.In the same way, Figure 3c and 3d show that, while decryption operations were performed in mobile terminal, the turnaround time and energy consumption will increase according to the file size increases.

Using the reliability model formula (1) of the cloud storage system proposed in 3.4, combine the time required for processing the same size of file in table III, when a different algorithm CReS, MReS and SReCSM is used, the encryption time required for encrypting file, after that the encryption time is reversed, Aj then be got after the encryption time is normalized.In the same way, after normalizing, storage cost Ak is got. If both Aj and Ak are closer to 1, and the number of storage state in the cloud storage system is larger, then the reliability of the system is higher. According to the above analysis, the data in one hour is sampled continuously, combined with the data in table III and table IV, the reliability contrast diagram for SReCSM is shown in figure 4.

Figure 4.

The reliability contrast diagram

10.21307_ijanmc-2018-046-f004.jpg

It can be know the reliability of the system through different algorithm by comparing the data in figure 4. The reliability of the system is relatively high. That is, it has little impact on file transfer and user experience by using CreS re-encryption. It may take a relatively long time to re-encrypt files by using the MReS.However, the re-encryption time that MReS combined with CReS for re-encrypting the file was not significantly increased compared withCReS. The value of the reliability is consistent with the use of CReS, which can be maintained around one. It is concluded that the system is relatively reliable by using SReCSM encryption.

Through these simulation experiments, it is verified that SReCSM has a good user experience. It is also verified that the mechanism of SReCSM can effectively improve the efficiency of the cloud storage.When a mobile terminal makes a request, the optimal node is selected and then the time can be saved effectively. In the SReCSM presented in this paper, the re-encryption and decryption has the following characteristics:transport security and storage security of the user data are guaranteed.

V. CONCLUSIONS AND FUTURE WORK

The existing schemes such ascloud-based re-encryption scheme CReS and manager-based re-encryption scheme MReS re-encrypts the keyword to transmit safety. But these two schemes are more complex and need more time to re-encrypt. In order to reduce the computational complexity, enhance the secure transmission,a new scheme SReCSM is proposed.SReCSM has high reliability proved through a series of simulation experiments. Turn around time and energy consumption of different size of files are compared and analyzed through these experiments. When the file size increases, proposed SReCSM can achieve accurate predictions, reduce the storage space requirement and the re-encrypting time. Finally, it is concluded that the SReCSM proposed in this paper has better security and reliability.

ACKNOWLEDGMENT

Foundation item: The Industrial research project of Science and Technology Department of Shaanxi Province(Grant No. 2016KTZDGY4-09); Laboratory fund of Xi’an Technological University (GSYSJ2017007); Research project on teaching reform of education in Shaanxi province (Grant No. 17JY015); Characteristic disciplines in Education department of Shaanxi province (Grant No. 080901); Research project on teaching reform of Xi’an Technological University (Grant No. 17JGZ10); The principal fund of Xi’an Technological University (Grant No. XGYXJJ-0528).

References


  1. Jung, Kye-Dong, Moon, Seok-Jae, Kim, Jin-Mook: ‘Data access control method for multimedia content data sharing and security based on XMDR-DAI in mobile cloud storage’. Multimedia Tools and Applications, v 76, n 19, October 1, 2017, pp 19983-19999
    [CROSSREF]
  2. Chekam, T.T., Zhai, E., Li, Z., Cui, Y., Ren, K.: ‘On the synchronization bottleneck of OpenStack Swift-like cloud storage systems’. In: IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications, 2016, pp. 1–9
  3. Li, L., Li, D., Su, Z., Jin, L., Huang, G.: ‘Performance analysis and framework optimization of open source cloud storage system’. China Commun. 13(6), 2016, pp. 110–122
    [CROSSREF]
  4. Iliadis, I., Sotnikov, D., Ta-Shma, P., Venkatesan, V.: ‘Reliability of geo-replicated Cloud storage systems’. In: 2014 IEEE 20th Pacific Rim International Symposium on Dependable Computing, 2014, pp. 169–179
  5. Han, Lin; Huang, Hao; Xie, Chang-Sheng: ‘Multi-path data prefetching in mobile cloud storage’. In: Proceedings - 2014 International Conference on Cloud Computing and Big Data, CCBD 2014, March17, 2014, pp. 16-19
  6. Wang, Yan; Wang, Jinkuan: ‘An Optimized Replica Distribution Method in Cloud Storage’. Journal of Control Science and Engineering, v 2017
  7. Chen, Ming-Hung; Tung, Yu-Chih; Hung, Shih-Hao; Lin, Kate Ching-Ju; Chou, Cheng-Fu: Availability Is Not Enough: Minimizing Joint Response Time in Peer-Assisted Cloud Storage Systems. IEEE Systems Journal, v 10, n 4, December 2016, pp. 1424-1434
    [CROSSREF]
  8. Tysowski, P.K., Hasan, M.A.: ‘Re-encryption-based keymanagement towards secure and scalable mobile applica-tions in clouds’. IACR Cryptology e Print Archive 668, 2011
  9. Purushothama, B.R; Shrinath, B.; Amberker, B.B.: ‘Secure cloud storage service and limited proxy re-encryption for enforcing accesscontrol in public cloud’. International Journal of Information and Communication Technology, v5, n2, 2013, pp.167-186
    [CROSSREF]
XML PDF Share

FIGURES & TABLES

Figure 1.

Comparison of Re-encryption time

Full Size   |   Slide (.pptx)

Figure 2.

Comparison while increasing the number of keywords

Full Size   |   Slide (.pptx)

Figure 3.

Comparison while re-encryption and decryption

Full Size   |   Slide (.pptx)

Figure 4.

The reliability contrast diagram

Full Size   |   Slide (.pptx)

TABLE I.

SYMBOL DEFINITION

Full Size   |   Slide (.pptx)

TABLE II.

THE PERFORMANCE OF THE MOBILE END UPLOAD THE DATA

Full Size   |   Slide (.pptx)

TABLE III.

THE PERFORMANCE OF THE MOBILE END DOWNLOAD THE DATA

Full Size   |   Slide (.pptx)

TABLE IV.

TIME COMPARISON ON ENCRYPTION AND DECRYPTION BY USING SRECSM

Full Size   |   Slide (.pptx)

TABLE V.

TIME COMPARISON FOR DIFFERENT ALGORITHM ENCRYPTION

Full Size   |   Slide (.pptx)

REFERENCES

  1. Jung, Kye-Dong, Moon, Seok-Jae, Kim, Jin-Mook: ‘Data access control method for multimedia content data sharing and security based on XMDR-DAI in mobile cloud storage’. Multimedia Tools and Applications, v 76, n 19, October 1, 2017, pp 19983-19999
    [CROSSREF]
  2. Chekam, T.T., Zhai, E., Li, Z., Cui, Y., Ren, K.: ‘On the synchronization bottleneck of OpenStack Swift-like cloud storage systems’. In: IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications, 2016, pp. 1–9
  3. Li, L., Li, D., Su, Z., Jin, L., Huang, G.: ‘Performance analysis and framework optimization of open source cloud storage system’. China Commun. 13(6), 2016, pp. 110–122
    [CROSSREF]
  4. Iliadis, I., Sotnikov, D., Ta-Shma, P., Venkatesan, V.: ‘Reliability of geo-replicated Cloud storage systems’. In: 2014 IEEE 20th Pacific Rim International Symposium on Dependable Computing, 2014, pp. 169–179
  5. Han, Lin; Huang, Hao; Xie, Chang-Sheng: ‘Multi-path data prefetching in mobile cloud storage’. In: Proceedings - 2014 International Conference on Cloud Computing and Big Data, CCBD 2014, March17, 2014, pp. 16-19
  6. Wang, Yan; Wang, Jinkuan: ‘An Optimized Replica Distribution Method in Cloud Storage’. Journal of Control Science and Engineering, v 2017
  7. Chen, Ming-Hung; Tung, Yu-Chih; Hung, Shih-Hao; Lin, Kate Ching-Ju; Chou, Cheng-Fu: Availability Is Not Enough: Minimizing Joint Response Time in Peer-Assisted Cloud Storage Systems. IEEE Systems Journal, v 10, n 4, December 2016, pp. 1424-1434
    [CROSSREF]
  8. Tysowski, P.K., Hasan, M.A.: ‘Re-encryption-based keymanagement towards secure and scalable mobile applica-tions in clouds’. IACR Cryptology e Print Archive 668, 2011
  9. Purushothama, B.R; Shrinath, B.; Amberker, B.B.: ‘Secure cloud storage service and limited proxy re-encryption for enforcing accesscontrol in public cloud’. International Journal of Information and Communication Technology, v5, n2, 2013, pp.167-186
    [CROSSREF]

EXTRA FILES

COMMENTS