Data Security

in Cloud
Computing using
RSA Algorithm
Joel Kanamugire
St. Cloud State University
Department of Information
Assurance
kanamujo@gmail.com

Abstract— With its ability to reduce the cost of security measures typically rely on user authorization
technology, cloud computing is an emerging and authenticity.
paradigm that has become today's hottest research A cloud model supports availability and is made up of
area. A Technology that offers services to its users 5 key features, 3 Service Models as well as 4
on demand online is the most interesting and Deployment Models. There are three service models
tempting of today's technologies. Security is and four deployment models in the cloud computing
becoming the most important barrier to model defined by the National Institute of Standards
deployment of cloud computing environments, and Technology. Cloud software as a service, cloud
given that Cloud Computing houses data and platform as a service and the cloud infrastructure as a
distributed resources in an open environment. To service are three models of services that have also been
ensure the security of data I have suggested a referred to as SPI. The three service models, also
method based on the RSA Algorithm. called SPI model, are:
Cloud Software as a Service (SaaS), Cloud Platform
Keywords— Cloud Computing, RSA Algorithm, as a Service (PaaS) and Cloud Infrastructure as a
Encryption, decryption, Data Security Service (IaaS). There are four deployment models:
Private cloud, Community cloud, public cloud, and
I. INTRODUCTION
Hybrid cloud. Application data is stored device- and
According to Amazon Web Services “Cloud location-independent. The security of cloud-based
computing is the on-demand delivery of IT resources applications and data is the primary concern of cloud
over the Internet with pay-as-you-go pricing. Instead computing. The principles of security are
of buying, owning, and maintaining physical data Confidentiality, Integrity, and Availability.
centers and servers, you can access technology
services, such as computing power, storage, and Cloud security is a broad term, and any policy,
databases, on an as-needed basis from a cloud provider technology, and controls to safeguard data,
like Amazon Web Services (AWS).” Data security is infrastructure, and services from attacks. Cloud
always a top priority and given the importance of computing is a computer, but also a distributed
cloud computing and the vast amount of complex data architecture, and its main goal is security, speed, and
it conveys; the need is even greater. As a result, data convenience. Data storage and network computing
privacy and security concerns are becoming a major services, with all the computational resources can be
obstacle to the widespread adoption of cloud seen as services and are delivered over the Internet.
computing services. As many organizations migrate
their data to the cloud, the data undergoes numerous RSA is widely known as the RSA algorithm. The name
changes and there are numerous challenges to “RSA” stands for “Rivest Shamir Adleman,” named
overcome. Cloud data security requires more than just after a mathematician and computer scientist who first
the implementation of appropriate data security published the algorithm publicly in 1977.
procedures and countermeasures. Computer-based
My proposed work uses RSA algorithm to encrypt the B. Cloud Deployment Models
data to ensure that only the concerned user can access In this section various Deployment Models are
the data. By encrypting the data, we are preventing Discussed
unauthorized access to the data. First, the user data is a) Private Cloud
encrypted. Then, the data is stored in the Cloud. When
In this model, the cloud owner does not share its
the user requests the data for the cloud provider, the
resources with any third party. Instead, it is hosted and
cloud provider authenticates the user and provides the
managed by an organization. Security can be
data.
implemented very effectively in this model.
Therefore, the Cloud service provider encrypts the data b) Public Cloud
and decrypts it using the Public-Key. The Cloud user Public cloud computing is a form of cloud computing
or consumer decrypts the data using the corresponding in which resources are hosted by a third-party provider
Private-Key. over the internet and distributed to organizations and
individuals for use or purchase.
c) Community Cloud
A. Cloud Infrastructure
Community cloud computing refers to a shared cloud
Cloud computing has been majorly divided into three
computing environment that is targeted at a limited
broad service categories: Infrastructure as a Service
number of organizations or employees, such as banks,
(IAAS), Platform as a Service (PAAS)and Software
Universities, or heads of trading companies.
as a Service (SAAS).
d) Hybrid Cloud
a) Infrastructure as a Service(IAAS)
A hybrid cloud (sometimes referred to as a cloud
IaaS is a cloud computing service that provides
hybrid) is a cloud-based computing environment in
compute, storage, and networking resources on a pay-
which a datacenter is hosted on premises (also known
per-use basis.
as a private cloud), and applications are hosted on a
Moving your organization's infrastructure to IaaS
public cloud.
allows you to cut the cost of maintaining on-premises
data centers, pay less for hardware and gain timely II. DATA SECURITY ISSUES IN THE CLOUD
business insight. IaaS offers flexibility in increasing or
A. Data Availability
reducing the size of your IT resources depending on
demand. They'll also help to provide new applications Customer data is typically stored in chunks on
more rapidly and boost the reliability of your different servers, often located in different locations or
underlying infrastructure. in different Clouds. In this situation, data availability
IaaS providers take full responsibility for securing the becomes a legitimate concern, and providing
infrastructure they provide for your cloud applications. uninterruptible, seamless provisioning becomes a
challenge.
b) Platform as a Service(PAAS)
B. Privacy and Confidentiality
PaaS stands for Platform as a Service. It’s a cloud-
based model that offers a full cloud platform—from There should be some assurance of granting access
hardware to software to infrastructure—for the only to authorized users when the client's data is
development, deployment, and management of hosted in the cloud. Inappropriate access by Cloud
applications, without the costs, complexities, and staff to customer sensitive information is another risk
rigidities that come with building and managing an on- that poses a threat to data stored in the Clouds. To
premises platform. provide clients with assurance that the data security of
A PAAS provider hosts the software and hardware on cloud users is being ensured, and to make sure
its own infrastructure. This means that users don’t processes and privacy policies are in place. Cloud
need to install internal hardware and software to create seekers should be confident that the data stored in the
or run new applications. A PAAS provider, on the cloud will be kept confidential.
other hand, supports all the core computing and C. Data location and relocation
software; users just need to log in and start using the
Cloud Computing provides a high level of data
platform – usually through a Web browser interface.
mobility. Consumers don’t always know where their
c) Software as Service(SAAS) data is stored. However, if an enterprise has sensitive
Software as a Service SaaS provides customers with data stored on a storage device within the Cloud, it
access to and use of cloud apps on the Internet. In may want to know the location of that data. It may also
addition to email, calendaring and office tools like want to specify a preferred location for that data (for
Microsoft Office 365, there are a lot of common example, data to be stored in India). This requires a
examples. contractual agreement between the cloud provider and
the consumer that the data should be stored in a
specific location or on a specific known server. Cloud
providers should also take responsibility for the the user concerned can access the data. By encrypting
security of their systems (including the data) and the data, we are not allowing unauthorized access to
provide strong authentication to protect the customer’s the data. User data is encrypted first and then stored in
information. Another problem is data movement. the cloud. When user places are required, the Cloud
Initially, data is stored at the appropriate location provider verifies the user and delivers the data to the
decided by the cloud provider, but then it is often user. RSA is a block cipher in which each message is
moved from location to location. Cloud providers have map to an integer. RSA consists of Public - Key and
agreements with each other, and they use each other’s Private-Key. In our Cloud environment, the Public-
resources. Key is known to all, whereas the Private-Key is only
known to the original owner of the data. Therefore,
D. Data Integrity
encryption is done by the cloud service provider and
In addition to providing the security of the data, the decryption is performed by the cloud user or
cloud service provider should implement mechanisms consumer. Once the data is encrypted using the public-
to guarantee the integrity of the data and provide key, it can only be decrypted using the corresponding
information on what happened to the data set and at private-key.
what point. The cloud service provider should ensure The following is a description of how RSA is used:
that the client is aware of the type of data that is hosted  The RSA is a block cipher whereby the plaintext
in the cloud, where it originates and what integrity and ciphertext are integers between 0 and n-1, for
mechanisms are in place. some n.
E. Storage, Backup and recovery  A typical size for n is 1024 bits.
When you move your data into the cloud, the cloud  In the RSA algorithm, one party uses a public
provider should provide adequate data resilience key, and the other party uses a secret key, known as
storage systems. At the very least, you should be able the private key. Each station randomly and
to provide RAID storage systems, although most cloud independently chooses two large primes p and q
providers will store your data in several copies across number and multiplies them to produce n=pq. This is
many independent servers. Most cloud providers the modulus used in the arithmetic calculations of the
should also be able to provide options for backup RSA algorithm (Rivest, Shamir, & Adleman, 1978).
services, which are crucial for businesses that run  The process of the RSA algorithm is as described
cloud-based applications, so that in case of a serious below:
hardware failure, they can rollback to an earlier state. 1. Select p and q (both should be prime numbers)
2. Calculate n=pq
III. DATA SECURITY APPROACHES 3. Calculate z=(p-1) (q-1)
A. Protection of data 4. Select integer D which is relatively prime to 2.
Gcd φ(n) D=1(φ9n) =z)
Security keys, such as private keys, can be used to
5. Calculate ED-1 mod(φ(n))
protect data from outside users.
6. For Encryption: C=PE mod n
B. Integrity of data 7. Where P is Plaintext, C is Cipher text
(encryption)
When the data is being uploaded, the user can check
8. For Decryption: P=CD mod n
that the integrity principles are correct.
 Public key encryption algorithm uses a public key
C. Accessing the data of PU=(e,n) and private key of PR=(d,n).
Encryption and Decryption techniques make it possible
A. Encryption Algorithm
to access data safely.
Encryption is the process of converting original plain.
D. Data Loss Prevention text (data) into cipher text (data). Here are the
Ensures that policies and tools are in place to track, following steps:
identify, and prevent unauthorized external transfers of  The cloud service provider should provide or
sensitive information, whether intentionally or transfer the Public-Key (n) e to the user that
inadvertently. wishes to store the data with the cloud service
E. Authentication provider.
Authentication allows only authorized user to access Data in
 User data is now mapped to an integer by
cloud. using an agreed upon reversible protocol,
known as padding scheme.
IV. THE PROPOSED METHODOLOGY  Data is encrypted and the resultant cipher
RSA is a Public-Key algorithm. It is named after Ron text(data) C is C = me (mod n).
Rivest, Adi Shamir, and Len Adleman who first  This encrypted text or data is now stored with
published it in 1977. In our proposed work, we are the Cloud service provider.
using RSA algorithm to encrypt the data so that only
B. Decryption Algorithm  This encrypted data i.e. cipher text is now
Decryption is the process of converting encrypted data stored by the Cloud service provider.
or ciphertext back into its original and readable form, C. Decryption Part:
known as plaintext. Here are the following steps for
decryption:  When a user requests the data, the Cloud
service provider verifies the user and sends the
 The cloud user asks the cloud service provider
encrypted data (provided the user is
for the data.
authorized).
 The cloud service provider verifies the identity
 The cloud user then decrypts the data by
of the user and provides the encrypted data.
computing, m = Cd(mod n) = 27902793(mod
 The Cloud user then decrypts the data by
3233) = 65.
computing m = Cd(mod n)
 Once we get the m value, the user will be
 Once m is found, the user can retry the
returned to the original data.
padding scheme to restore the original data.
VI. CONCLUSION
V. EXPERIMENTAL RESULTS AND ANALYSIS
Cloud Computing is still in its early stages of
In this section, we are taking some sample data and
development, where computing is considered as an on-
implementing the RSA algorithm over it.
demand service, and once an organization decides to
A. Key Generation Part: migrate to the cloud, they lose control of the data.
Therefore, the level of protection needed to protect the
 We have chosen two distinct prime numbers data is directly related to the value of the data. The
a=61 and b=53 security of the Cloud depends on trusted computing
 Compute n=a*b, thus n=61*53 = 3233. and cryptography. In our proposed work, the data can
 Compute Euler’s totient function, Ø(n)=(a-1) only be accessed by the authorized user. Even if an
*(b1), Thus Ø(n)= (61-1) *(53-1) = 60*52 = unauthorized user accidentally or intentionally
3120 captures the data, he cannot decrypt it and retrieve the
 Chose any integer e, such that 1 < e < 3120 original data from it. We have assessed its
that is coprime to 3120. Here, we chose e=17 performance based on various parameters like space
 Compute d, d = e-1 (mod Ø(n)), thus d=17- complexity, time complexity and throughput, and we
1
(mod 3120) = 2753. have observed each of these parameters in detail by
 Thus, the Public-Key is (e, n) = (17, 3233) and varying the message packet length and private key
the Private- Key is (d, n) = (2753, 3233). length in our encryption scheme. By analyzing the
This Private-Key is kept secret, and it is known only to obtained results, we can conclude that RSA encryption
the user. algorithm is a viable solution for secure
communication in cloud computing.
B. Encryption Part:
VII. FUTURE WORK
 The Public-Key (17, 3233) is given by the
There is a slight difference in decryption time as the
Cloud service provider to the user who wish to
size of the file increases. The Chinese remainder
store the
theorem will be used in decryption process in the
data.
future.
 Let us say that the user mapped the data to an
integer m=65.
 Data is encrypted now by the Cloud service
provider by using the corresponding Public-
Key which is shared by both the Cloud service
provider and the user. C = 65^17(mod 3233) =
2790.
.

References

1. Google. (n.d.). What is Cloud Data Security? benefits and solutions | google cloud. Google.
https://cloud.google.com/learn/what-is-cloud-data-security
2. Weinhardt, C., Anandasivam, A., Blau, B. et al. Cloud Computing – A Classification,
Business Models, and Research Directions. Bus. Inf. Syst. Eng. 1, 391–399 (2009).
https://doi.org/10.1007/s12599-009-0071-2
3. Kalpana, P., & Singaraju, S. (2012, September). Data Security in Cloud Computing using
RSA Algorithm. Hyderabad; International Journal of Electronics Communication and
Computer Engineering.
4. P. Yellamma, C. Narasimham and V. Sreenivas, "Data security in cloud using RSA," 2013
Fourth International Conference on Computing, Communications and Networking
Technologies (ICCCNT), Tiruchengode, India, 2013, pp. 1-6, doi:
10.1109/ICCCNT.2013.6726471.
5. Wickramasinghe, S. (2023, May 15). RSA algorithm in cryptography: Rivest Shamir
Adleman explained. Splunk. https://www.splunk.com/en_us/blog/learn/rsa-algorithm-
cryptography.html