An Experimental Evaluation of Data ConfidentialityMeasures on the Cloud

Hussain Aljafer, ZakiMalik

Dept. of Computer ScienceWayne State University

Detroit, MI. USA.hussain.aljafer,

zaki@wayne.edu

Mohammed AlodibDepartment of Computer

ScienceQassim University

Buraidah Al Qassim, SaudiArabia.

alodib@qu.edu.sa

Abdelmounaam RezguiDepartment of ComputerScience and Engineering

New Mexico TechSocorro, NM. USA.

rezgui@cs.nmt.edu

ABSTRACTDue to the many advantages offered by the cloud comput-ing paradigm, it is fast becoming an enabling technology formany organizations, and even individual users. Flexibilityand availability are two of the most important features thatpromote the wide spread adoption of this technology. Incloud-based data storage scenarios, where the data is con-trolled by a third party (i.e. the cloud service provider), thedata owner usually does not have full control of its data at allstages. Consequently, this poses a prime security threat, anda major challenge is the development of a secure protocol fordata storage, sharing, and retrieval. In recent years, a num-ber of research works have targeted this problem. In this pa-per, we discuss some of the major approaches for secure datasharing in the cloud computing environment. The goal is toprovide a concise survey of existing solutions, discuss theirbenefits, and point out any shortcomings for future research.Specifically, we focus on the use of encryption schemes, andprovide a comparative study of the major schemes, throughimplementation of some representative frameworks.

Categories and Subject DescriptorsK.6 [Management of Computing and Information Sys-tems]: Security and Protection

General TermsSecurity, Measurement

KeywordsCloud, Security, Encryption

1. INTRODUCTIONIn recent years, interest in cloud computing has gained

considerable momentum. Cloud computing is centered on

Permission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies arenot made or distributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. To copy otherwise, torepublish, to post on servers or to redistribute to lists, requires prior specificpermission and/or a fee.MEDES’14 September 15-17, 2014, Buraidah Al Qassim, Saudi Arabia.Copyright c© 2014 ACM 978-1-4503-2767-1/10/10 ...$10.00.http://dx.doi.org/10.1145/2668260.2668278

the notion of “services”, which are independently developedand deployed artifacts to which clients subscribe on per needbasis, and pay the service providers based on their usage. Aservice can formally be defined as a set of related function-alities that can be programmatically accessed and manipu-lated over the Web using a set of (XML-based) standards..Many organizations are using cloud based systems to storetheir data and important information. Apple’s “iCloud” isa prime example where each user is granted a space on thecloud to store his/her data and retrieve it whenever, andwhere ever (i.e. using a number of devices in potentially dif-ferent geographical locations) needed. Data security in thisnew paradigm is a major concern, as users and organizationswant their data to be secured not only on the cloud but alsowhen uploading the data, retrieving the data when the datais used by some Web services to answer the queries. In thisregard, a major threat is when a third party may monitorthe connections between the services or between the user andthe services to obtain access to confidential data. However,threats do not only come from a third party monitoring theconnections, but sometimes the cloud service provider itselfin not a trusted party. In this case we have to protect thedata that is on the cloud from the cloud service provideralso not only during retrieval but the problem is when wewant to answer queries using the uploaded data.

To prevent the above mentioned forms of security chal-lenges, a number of research works have been proposed andvarious techniques for secure data exchange have been de-veloped. However, most of the existing research works focuson some aspects of the problem, and comprehensive solu-tions seldom exist. Moreover, a number of these solutionshave weaknesses like the efficiency of the algorithm. For in-stance, the schemes for querying over encrypted data ensurethat the cloud service provider is not a threat any more,however, such schemes are not efficient. In the following, weprovide an overview of some of the most prevalent methodsproposed for secure data exchange.

2. OVERVIEW OF ENCRYPTION SCHEMESIn this section we provide a brief overview of some encryp-

tion schemes used in cloud data confidentiality management.A number of variants of the following security schemes havebeen proposed, i.e., most works implement some of theseencryption techniques and/or are based on them.

- 117 -

2.1 AES ( Advanced Encryption Standard )AES is a Symmetric Key Cryptography algorithm that

converts the data files from plaintext format into an in-comprehensible format that is called ciphertext which can-not be read by humans to prevent the unauthorized usersfrom gaining access to the data files [23]. In AES, encryp-tion and decryption use the same key which converts e.g.a 128 bit data block to the same size of encrypted con-tent. The key size can be adjusted on per need basis. AEShas four main operations/functions: SubByte scrambles eachdata byte, ShiftRows scrambles the data rows, MixColumnsscrambles each data column, and AddRoundKey does theencryption [8].

The approach taken by Prabhakar and Joseph [18] is rep-resentative of AES that protects the data for the entire life-cycle from the beginning to the end in the cloud environ-ment. The approach uses AES-256 for encryption along withSSL (Secure Socket Layer) for the sharing and transfer part.The data owner encrypts the data with AES symmetric keyencryption to provide data security and then uploads thedata to the cloud using SSL. The proposed scheme [18] isclaimed to be structured to provide complete security for thedata during all stages. It is divided into two phases. Phaseone deals with data encryption and secure upload to thecloud. Phase two has to do with the data retrieval which in-cludes authentication process by the data owner and by thecloud service provider and decryption. In the first phase,users register with the data owner so they have the abilityto sort and retrieve data files. Authentication process is usedhere to check for valid users. When the user is authenticated,then that user is provided with a secret key and decryptionkey. The data owner in this phase also encrypts the datausing AES-256 encryption scheme. The encryption is doneiteratively and this iteration is based on the encryption key.SSL is then used to protect the data files during the transferto the cloud. In the second phase, to access the data the usermust be authenticated, using a username/password scheme.When authenticated, the user then sends a request to thecloud server. The cloud server verifies the user details andstarts the process of data retrieval. When the user receivesthe data then the data is decrypted in iterations similar tohow it was encrypted. The AES encryption scheme protectsthe data from tampering and for the decryption AES is alsoused since it is very difficult to guess the key. Since the dataremains encrypted and the cloud provider has no knowledgeof the key, data confidentiality is guaranteed. For Bruteforce attacks or exhaustive key searches AES provides am-ple protection also. However, a major drawback is efficiencyand privacy protection.

2.2 Homomorphic EncryptionIn Homomorphic encryption, the plaintext is manipulated

with algebraic manipulation like multiplication and addi-tion. These operations behave in a consistent way whichmeans the plaintext is changed according to operations inthe ciphertext. This type of encryption is central, and hasbeen in existence since the advent of public key cryptog-raphy [9]. There are some known encryption schemes thatfall under the homomorphic encryption paradigm such asRSA [20] and Paillier [15]. These schemes are half homomor-phic (i.e., support only one operation: either multiplicationor addition). Fully homomorphic encryption (FHE) schemessupport both operations, i.e. multiplication and addition

to the data. In [13] a scheme to perform algebraic queryprocessing over encrypted data is proposed. The proposedscheme is intended to protect the data during all stages ofthe sharing process based on FHE. It consists of an Evaluatealgorithm, KeyGen, Encrypt and decrypt algorithms. Sinceoperators that are normally used in database computationdo not work over encrypted data, the paper introduces anextension to the data model. Suppose that a table calledR (is in plaintext) with A columns. The scheme representsthis as (R’, pk) where pk is the encryption public key, andthen the table is defined as R’(A, p) with all of A and onemore column p which takes the value 0 or 1 to representthe presence of the row in the table. The scheme also pro-vides algorithms for the database operators to work on theencrypted table R’; with bitwise operators, arithmetic andcomparison operators, operations on a bit and a word andalso implementation for relational algebra. The purpose ofthese operators is to allow the service providers to performdatabase operations and get the results while the data is stillencrypted. For returning the results to the client, the sys-tem cannot simply send the whole result table, as this mightbe a very large data block. A proposed solution states thatthe user can specify an estimation of the number of the rowsin the output table. The cloud server then sends the outputaccording to the specified number where the sent output hasthe highest probability of being in the result of the query.This approach can result in a query estimation and not send-ing the exact query result. The proposed scheme providesan alternative solution by a two-step process for sending theresults to the client. In the first step, the service providercomputes the sum of the columns of the p value in the resulttable and this number is sent to the client. The client thendecrypts the number (lets call the decrypted number n) thenhe/she decides on how many rows are needed in the resultand asks the service provider for n’ rows in the result table.The service provider then sorts the rows of the result on thep while trying to maintain the other order if the query spec-ifies a certain order. The service provider then sends thetop n’ rows and the client verifies the sum p that should beequal to the sum n. This process provides exact query resultto the client. However, a number of issues in the proposedapproach are left unanswered, such as practicality of FHE,building indexes, and user authentication.

2.3 Attribute Based EncryptionAttribute Based Encryption (ABE) proposed in 2005 con-

tains three main tenants: authority, data owner and dataend users (consumers) [3]. Each party has assigned roles inthe system. The authority is responsible of generating keysfor the data owners and end users to encrypt and decrypt thedata files according to certain attributes. The data ownerencrypts the data using the keys generated by the authority.The users use their assigned private keys to decrypt the datafiles in which they are authorized to do so. The attributesof the user trying to decrypt a file are checked and matchedwith the attributes in the ciphertext. If they do not match,the user is not allowed to decrypt the files even if he/she hasthe appropriate key.

A secure multi-owner data sharing scheme that supportsdynamic groups efficiency where the size and computationoverhead of encryption are independent of the number ofrevoked users is presented in [12]. The focus of the work isto enable sharing data in a multi-owner manner while still

- 118 -

preserve data privacy and identity privacy even in untrustedclouds. One basic solution is encrypting the data files andthen upload the encrypted data into the cloud. However,this is not entirely practical, due to identity privacy andsince any member in the group should be able to manipu-late or store the data, and be able to use the services in thecloud. Another reason is that groups are usually dynamic,i.e., users or members in the group change from time to time.These membership changes make it more difficult to securedata sharing. Several approaches or schemes have been pro-posed for secure data sharing but in these schemes one userstores the encrypted data and distributes the decryption keyto the rest of the group members. The problem arises hereas the number of data owners and revoked users increase.The technique presented in [12] is able to share and storedata files in the cloud, the complexity of encryption is in-dependent of the number of revoked users, user revocationcan be done without the need to update the private key forthe other users, and a new group member can decrypt storedfiles directly. Group Signatures are also supported that allowany member of the group to sign messages while keeping theidentity secret and it can be revealed by the group manager.Similarly, dynamic broadcast encryption enables the broad-caster to transmit the encrypted data to the users such thatonly a set of authorized users can decrypt this data. Thisscheme also allows the group administrator to dynamicallyadd or remove group members while keeping the same oldinformation like the decryption keys and does not need torecompute the keys.

The cloud is operated by cloud service providers (CSP)and provides web services. This entity is not fully trustedby cloud users because usually CSP is not a group memberor out of the users’ trusted domain. The group manageris in charge of the system and controls system parameters,user registration, user revocation and revealing the identityof data owner. The group manager is fully trusted entity.Group members are the set of the registered users that usethe cloud and register their data into the cloud server andshare them with the group. To be able to achieve a securedata sharing for the dynamic groups in the cloud, Monacombines the group signature and dynamic broadcast en-cryption techniques. The group signature enables users toanonymously use the cloud resources and dynamic broad-cast encryption allows data owners to share their data in asecure manner. The group manager is responsible for sys-tem initialization. To register a user the group managerrandomly selects a number and registers the user accordingto a known equation [12]. For the user revocation the groupmanager has a public revocation list that is based on whichgroup members can encrypt their data files and ensure theconfidentiality against the revoked users.

Taeho Jung et.al proposed an encryption scheme basedon ABE that provides anonymous privilege control to ad-dress the user identity privacy issues [7]. Similarly, a novelpatient-centric framework and a suite of mechanisms fordata access control in Personal Health Records (PHR) storedin semi-trusted servers is proposed in [10]. The scheme con-siders a PHR system with multiple PHR owners and users.The owners in this case are the patients and the users area variety of people like friends or researchers. The schemesupposes the cloud server to be semi-trusted i.e. the serverwill fetch for secret information in the PHR but follows ageneral protocol. The problem arises if some users collude

with the server to get the information. Another assumptionis that each party in the system is preloaded with the pub-lic/private key pair. The main idea behind the frameworkis to divide the system into multiple security domains ac-cording to different user’s data access requirements. Thesedomains are named public domains and personal domains.The public domains consist of users who have access to thedata based on their professional role such as doctors. Thepersonal domains contain users that are associated with thedata owner such as family and these gain access rights as-signed by the data owner. In both domains, ABE is utilized.The system is noticed to have some limitations for practi-cality of using ABE and MA-ABE in building PHR systemsso a suggestion for future work is to use ABBE (Attribute-Based Broadcast Encryption) scheme to try in resolving theissue. Another thing is the expressibility of the enrcyptor’saccess policy is limited by MA-ABE since it only supportsconjunctive policies across multiple AAs. The authors be-lieve that there might be a need to use distributed ABEscheme and that might resolve the issue.

A one-to-many (one uploader and several retrievers) en-cryption system is presented in [11]. The encrypted data filecan be decrypted by more than one authorized user or re-cipient. The ABE-based scheme supports monotonic accessformulas that contain AND, OR, or threshold gates. Thepaper proposes a hierarchal identity based architecture incloud computing to embody the user hierarchy in the securecloud storage services sharing. The root private key gener-ator (PKG) delegates the upper level user as the lower levelPKG and the use of this is generating the secret keys forall low level users. The secret key transmission is done in adomain for the users to guarantee secure transmission. Thesender needs to encrypt the file once only and store just onecopy of the ciphertext in a cloud that communicate withno users. This cloud is used by the other users to recoverthe files using their private keys. The scheme is constructedusing bilinear map and is presented using five algorithms.(1) RootSetup: given a large security parameter, the rootruns BDH (Bilinear Diffie-Hellman) [2] parameter generatorto generate a prime number and 2 groups and then choosesa random number form the first group and chooses 2 cryp-tography hashes and sets the parameters. (2) DomSetup: isused to generate the secret keys for a certain user by tak-ing the public key as parameter. (3) One2ManyEnc: this isthe encryption algorithm that is used to transfer the plain-text into ciphertext such that multiple users can encryptthe data files using their keys. (4) UserDec: this is the de-cryption algorithm that is used to recover the file by theuser given the ciphertext. (5) RecipientsDec: this is the de-cryption algorithm which transforms the ciphertext back toplaintext. The thing missing in the scheme is the idea toenable lower-level users to send a short trapdoor to a CSPbefore retrieving the files. This should prevent informationleakage during the transmission process. Yu et al. proposeda scheme based on CP-ABE (Ciphertext-Policy AttributeBased Encryption) to provide the authority with the abilityto revoke the attributes of the system users with minimaleffort [25]. To resolve the flexibility and scalability issuesin ABE schemes, Pandian et al. proposed a scheme basedon CP-ABE in 2013 that also provides fine-grained accesscontrol for cloud applications [16]. Similarly, Goyal et al.proposed a scheme for secure sharing and storage of clouddata based on KP-ABE (Key Policy ABE) [11].

- 119 -

2.4 Proxy Re-EncryptionProxy re-encryption was proposed in 1998 by Bluemer,

Blaze and Strauss to enable re-encryption of some ciphertextencrypted by one user such that another user will be able todecrypt it [6]. Usually it is used on top of ABE schemes. Oneof the applications in which proxy re-encryption is useful iswhen some user wants to forward some encrypted data toanother user without the need of key forwarding.

Samanthula et al. proposed a data sharing scheme thatis both secure and efficient based on Homomorphic encryp-tion combined with proxy re-encryption [21]. Their maincontributions can be summarized as follows. Efficient userrevocation: the revocation of the user does not require re-encrypting all the data or new key distribution, Efficientand secure rejoin for revoked users: in the case a revokeduser wants to rejoin the system either with the same accessrights or different access rights, all the data owner needs todo is registering the entry just like registering a new user,Preventing collusion between users and CSP: the encrypteddata and authorization token list can be outsourced to sep-arate CSPs and hence prevents any collusion between theusers and CSP, and Preventing collusion between a revokeduser and authorized users: the authorized users can onlydecrypt the data files in which they are given access rightsform the data owner. The proposed framework is a genericscheme where any method in the homomorphic encryptionor proxy re-encryption schemes are applicable. The frame-work consists of five steps as follows: (1) Key Generation andDistribution: here the data owner generates and distributestwo types of key pairs based on homomorphic encryptionand distributes these keys to the system users. The dataowner also generates the proxy re-encryption key for eachauthorized user. (2) Data Outsourcing: In this stage, thedata owner encrypts the data files and generates authoriz-ing tokens for each data file. The next step is uploading thedata files to the cloud. (3) Data Access: upon data accessrequest, the CSP checks whether the user is authorized ornot and takes the appropriate action accordingly. (4) UserRevocation: the data owner performs the actions requiredfor secure revocation of certain user’s access rights. (5) UserRejoin: the data owner generates a new authorization to-ken with the desired access rights to the user. The schemeassumes that the user can collude with at most one of theclouds in the system. So for each data record the data ownerexports a ciphertext and a list of pairs of proxy re-encryptionkeys and the corresponding userID for all authorized usersto the first cloud denoted as primary cloud and also pairsof the users and ciphertext to the secondary cloud. Duringthe data access, the users send the request to the primarycloud and the cloud does some verification and then sendsthe request to the secondary cloud that will, in turn, do thehomomorphic operations and send the result to the user. Soaccording to the assumption that the user can collude onlywith one cloud, the collusion will not affect the system andwill be useless.

2.5 Hierarchical Identity Based EncryptionHierarchical Identity Based Encryption (HIBE) is an en-

cryption scheme that is used to restrict users who are unau-thorized or partially authorized and might share their keywith some unauthorized users which will lead to unautho-rized data access. Major works in this regard include [22],[1], and [17]. HIBE consists of five main steps or operations:

Setup generates the public parameters and the master se-cret, Encrypt takes the plaintext, the public parameter andthe set of identities and outputs the ciphertext which is theencrypted content, KeyGen generates the secret key for theprovided identity vector w. Decrypt restores the ciphertextinto its original plaintext content, and Delegate outputs thesecret key for w’ which is a concatenation of the identityvector w.In 2011 , Wang, Liu, and Wu aimed to propose a scheme

that achives fine-grained access control with a high perfor-mance, full key delegation and flexibility. Their proposed ap-proach combines both HIBE (Hirarchical Identity Based En-cryption) with CP-ABE (Ciphertext Policy Attribute BasedEncryption) [24]. The scenario in which the proposed sys-tem is based is a company where the company owner uploadsthe data on the cloud server and the employees retrieve thedata from that server. The scheme has multiple keys andeach key has a different usage purpose. These keys and theirusage are summarized in the following table:

Figure 1: Keys and their usage [24]

The proposed scheme consists of seven algorithms withpolynomial run-time. Setup: this algorithm takes a largenumber of security parameters (k) as input and then out-puts system parameters and the root master key MK0. Cre-ateDM: this algorithm is used to generate the Master keysfor the DMs by using params and the master key. Cre-ateSK: this algorithm is used to generate the private key forthe user using param and the master key if and only if theuser is eligible. If not, then it will output “NULL”. Crea-teUser: this algorithm generates the secret key of the userIDas well as the user attribute secret key. Encrypt: this is theencryption algorithm to transfer the message from plaintextto ciphertext. RDecrypt: this is the decryption algorithmthat decrypts the ciphertext to original plaintext messageusing the user’s private key if the userID belongs to the re-cipients set. ADecrypt: this is another decryption algorithmthat depends on the users attributes( whether they satisfythe jth conjunctive clause in the attribute based access con-trol policy). The scheme is proved to be secure and at thesame time collusion resistant. However, an open issue inthe scheme or something for future scheme enhancement isimplementing more expressive encryption scheme so we canhave full security under standard model but enhance theperformance of the scheme.

In 2013, Dong et al. proposed “SECO” [4] which is a se-cure and efficient collaboration scheme based on HIBE toensure the data confideniality on the untrusted clouds. Thescheme employs a two-level HIBE to ensure the confiden-tiality of the data files in untrusted clouds. The proposed

- 120 -

scheme is considered the first attempt to explore the securedata collaboration service which prevents leakage and en-ables one-to-many encryption. It also enables data writingoperation and fine-grained access control. SECO realizesone-to-many encryption paradigm such that the encrypteddomain data can have many authorized users that are ableto decrypt the data files. The private key generator (PKG)manages a number of D-PKGs (domain private key genera-tor) while D-PKG manages a number of domain users. Thedata owner encrypts the data with multiple users in the do-main using the public key and stores the data on the cloudserver. Users outside the recipients list will not be able todecrypt the data or even learn any information from thedata files. The following is the set of algorithms or stepsthat are the components of the scheme. Root Setup: TheR-PKG (root private key generator) takes a security param-eter K as input and outputs the system parameters an aroot master key. Domain Setup: Each D-PKG obtains thesystem parameters from the R-PKG and randomly picks amaster key that will be used to generate the private keysfor the domain users. Key Generator: R-PKG uses its mas-ter key to generate private keys for D-PKGs while D-PKGsuse the system parameters and their secret keys to generatethe private keys for all domain users. Encryption: The dataowner inputs the system parameters, plaintext message andID-tuples of the intended data authorized users to generatethe ciphertext. Decryption: The user or D-PKG inputs thesystem parameters, ciphertext and the private key to recoverthe original plaintext data from the encrypted data file.

3. LOGGING AND AUDITINGEncryption schemes (as the ones mentioned above) usually

do not offer user accountability [14]. In these cases, someform of logging or auditing mechanism is needed. Auditingschemes usually consist of two main components: the loggerand the log harmonizer. The logger records the system login a file (e.g. JAR) and the log harmonizer is resposible ofproviding the log files to the system manager/data owner,to take further actions if needed. [5]. The following is anexample of a scheme that clarifies the auditing and loggingmechanism.

The Cloud Information Accountability (CIA) system [19]performs automated logging and distributed auditing for rel-evant access that are performed by entities in the cloud sys-tem. This is supposed to add more security to the cloudinfrastructure. The CIA consists of two major components,these are the logger an log harmonizer. A JAR file containsa set of rules for access control to specify the authority ofeach party in the data access. The integrity of JRE on thesystem is also going to be checked on which the logger isinitiated via oblivious hashing. The scheme converts theJAR file into obfuscated code for more infrastructure secu-rity. The main problem here is when the cloud asks for user’spersonal and confidential data that are sometimes necessaryto perform a certain task. This data need to be securedfrom sharing with a third unauthorized party. The issuehere is not sharing the data only but also at certain pointsboth the data owner and the cloud service provider mightloose control over the data while the data is processed in achain of interaction between parties. The system design isas follows. JAR Generation: This JAR file contains the setof access roles. The JAR file provides usage control to per-form logging based on the configuration settings that were

defined at the creation time. Obfuscation: Obfuscation insoftware development refers to creating obfuscated code de-liberately that is the machine language that can not be readby humans. This is used to avoid tampering and reverseengineering to get the source code. The code is generatedusing obfuscator that are programs to convert the code intoobfuscated code. Logging Mechanism: The JAR file is re-sponsible of handling authentication of entities which wantto access the data. Log Record Generation: Log records aregenerated using the logger component. Logs are generatedwhenever some party tries to access the data and these logsare appended to the JAR file. Provable Data Possession(PDP): The PDP system can be generated in two phases,setup and challenge. This provides security and catches dif-ferent kinds of attacks. Auditing Mechanism: Data ownerswill get a frequent update of the access record to their data.Accountability Mechanism: After the log file is sent to thedata owner by the log harmonizer, the data owner can thencheck the log file and take appropriate actions. Open Is-sues include adding the JRE verification mechanism to thescheme and enhancing the PDP architecture at the user-endto allow an efficient usage for the PDP.

4. SOLUTION REQUIREMENTSIn light of the above discussion, to see what scheme suits

best as a solution of the problem we need to have some eval-uation criteria to compare the available encryption mecha-nisms. This will also help in figuring out what is neededto be added (if needed) to the best scheme or mechanismwe get as a result of the comparison. The following are theevaluation requirements to be considered for the schemes:

1. Data Confidentiality: Any unauthorized party (in-cluding the cloud server) should not learn any infor-mation about the encrypted data files.

2. Fine-Grained Access control: For users in the samegroup or different groups, each user can be associatedwith different access rights which will make the schememore reliable and efficient as a real life solution.

3. Scalability: The system should have the ability towork efficiently even when the number of authorizeduser increases.

4. User Accountability: When an authorized user be-comes dishonest and shares his/her attribute privatekey with some unauthorized users, he/she should beheld accountable.

5. User Revocation: If a user quits the system, theuser’s access rights should be revoked, and the user isdenied access to the data. This should be done withouteffecting other users or needing to change the keys.

6. User Rejoin: This refers to the ability of getting theuser back into the system after revocation, withouteffecting other users or keys.

7. Collusion Resistant: The system’s users should notbe able to combine their attributes to decrypt the en-crypted data files.

8. Ciphertext Size: This refers to the size of the gen-erated file after running the encryption algorithm onthe original plaintext data file.

- 121 -

5. EXPERIMENTSA number of schemes have been proposed for secure cloud

data sharing. In this section we present a brief comparison ofsome of the encryption schemes discussed earlier. We ran theproposed schemes on a small application (JAVA-based) forcomparison purposes.The application takes plaintext files asinput and provides encrypted files along with the encrptiontime as output. The computer used on the execution wasa mac running OS X on 2.5 GHz Intel core i5 processorand 8GB 1600 MHz DDR3 Memory. In these experimentswe provided some files with different sizes to be encryptedusing different encryption schemes. The code has a timerthat gives the exact time from right after reading the fileuntil right before starting the writing ( this period is wherethe encryption process happens). We performed repeatedtests to get averages and to eliminate errors. One of themain things we got out from the experiments other thanthe encryption performance is the size of the encrypted fileafter getting the ciphertext from the plaintext file. This isan important parameter since the larger the file, the morethe overhead.

The comparison between some of the major available en-cryption schemes according to the evaluation criteria dis-cussed earlier is shown in Figure 5. The table comparesthe schemes based on the security requirements mentionedabove as well as the encryption time complexity, which isthe time, needed to encrypt the file where �indicates theexistence of the criteria and x indicates the absence of it.ACT is the attributes associated with the data, G1 and G2are two bilinear groups of prime order p. In FHE, t is thesecurity parameter. In HIBE l is the levels of the Hierarchyand T is Time Slices. Cipertext size in the table refers tothe size of the file that is generated as a result of runningthe encryption process on the plaintext (input file).

Figures 3 through 6 show the performance of encryptingthe files using the mentioned encryption schemes:

Figure 3: Performance of AES Encryption

We can clearly see from the figures that AES starts witha very short encryption time but as the file size grows, thetime increases rapidly. We can thus concluded and that AESworks best with small input files. For Homomorphic Encryp-tion, it starts with a higher timing than AES for small files,but then at larger files it gives the results faster than AESwhich makes it better for large files in terms of performance.Attribute Based Encryption, as can be seen from the figureis affected by the number of attributes associated with thefile to be encrypted. As the number of attributes grows,

Figure 4: Performance of Homomorphic Encryption

Figure 5: Performance of Attribute Based Encryp-tion

Figure 6: Performance of HIBE

the time needed for encryption also increases. Similarly, forHierarchical Based Encryption the file size gives approxi-mately a linear increase in the encryption time, but it ismostly affected by the number of the levels in the hierarchy.

6. CONCLUSIONCloud computing is an emerging paradigm, and security

is the most important factor in cloud data sharing since inmany cases the data being shared is sensitive and unautho-rized access might be harmful to the data owner. This re-quires finding a secure data sharing scheme to deploy in theenvironment where the data is being shared. Many schemeshave been proposed in the literature depending on encryp-tion mechanisms to provide data security. In this paper,we have presented a survey of major secure data sharing

- 122 -

Figure 2: Comparison Table According to the Evaluation CriteriaSybmols in the table :

** Usually combined with other tech. to provide it.*** Since same key is used for Encryption / Decryption.

**** Since attributes are added to the encrypted content then the size will grow depending on the number of attributes.

+ Need to Encrypt again removing the user ID. So has encryption overhead.

schemes for the cloud environment. The focus of the surveyis to show how encryption is used in each of the covered tech-nique, and to discuss the corresponding open issues (if any).The brief survey also provides a comparison to make discus-sion clear. From the comparison table we could infer thatthe best schemes (schemes that cover the most security re-quirements) are Fully Homomorphic Encryption (FHE) andHierarchical Attribute Based Encryption (HABE). In ourfuture work, we aim to propose a scheme that will containthe security features in these while overcoming any deficien-cies/open issues in them.

7. REFERENCES[1] Joonsang Baek, Jan Newmarch, Reihaneh

Safavi-Naini, and Willy Susilo. A survey ofidentity-based encryption. 2005.

[2] Dan Boneh and Matt Franklin. Identity-basedencryption from the weil pairing. In Advances inCryptologyaATCRYPTO 2001, pages 213–229.Springer, 2001.

[3] Pei-Shan Chu, Cheng-Chi Lee, Pei-Shan Chu,

Pei-Shan Chung, ezCæYOcee, Min-Shiang Hwang,et al. A survey on attribute-based encryption schemesof access control in cloud environments. 2013.

[4] Xin Dong, Jiadi Yu, Yuan Luo, Yingying Chen,Guangtao Xue, and Minglu Li. Achieving secure andefficient data collaboration in cloud computing. InQuality of Service (IWQoS), 2013 IEEE/ACM 21stInternational Symposium on, pages 1–6. IEEE, 2013.

[5] M Epuru Madhavarao and Chikkala JayaRaju. Datasharing in the cloud using distributed accountability.

[6] Kevin Fu and Susan Hohenberger. proxy

re-encryption. 2005.

[7] Taeho Jung, Xiang-Yang Li, Zhiguo Wan, and MengWan. Privacy preserving cloud data access withmulti-authorities. In INFOCOM, 2013 ProceedingsIEEE, pages 2625–2633. IEEE, 2013.

[8] Nikita Kangude, Priyesh Wani, and Sanil Raut.Advanced encryption standard.

[9] Mohammed Golam Kaosar, Russell Paulet, and XunYi. Fully homomorphic encryption based two-partyassociation rule mining. Data & KnowledgeEngineering, 76:1–15, 2012.

[10] Ming Li, Shucheng Yu, Yao Zheng, Kui Ren, andWenjing Lou. Scalable and secure sharing of personalhealth records in cloud computing usingattribute-based encryption. Parallel and DistributedSystems, IEEE Transactions on, 24(1):131–143, 2013.

[11] Qin Liu, Guojun Wang, and Jie Wu. Efficient sharingof secure cloud storage services. In Computer andInformation Technology (CIT), 2010 IEEE 10thInternational Conference on, pages 922–929. IEEE,2010.

[12] Xuefeng Liu, Yuqing Zhang, Boyang Wang, andJingbo Yan. Mona: secure multi-owner data sharingfor dynamic groups in the cloud. Parallel andDistributed Systems, IEEE Transactions on,24(6):1182–1191, 2013.

[13] Murali Mani, Kinnari Shah, and Manikanta Gunda.Enabling secure database as a service using fullyhomomorphic encryption: Challenges andopportunities. arXiv preprint arXiv:1302.2654, 2013.

[14] SS Naqvi, SR Naqvi, SA Khan, and SA Malik.Application specific scalable architectures for advanced

- 123 -

encryption standard (aes) algorithm. WSEASTransactions on Electronics, 5(10):427–436, 2008.

[15] Pascal Paillier. Public-key cryptosystems based oncomposite degree residuosity classes. In Advances incryptologyaATEUROCRYPTaAZ99, pages 223–238.Springer, 1999.

[16] C Muthu Pandian and K Seenivasan. Flexible andfine-grained access control in cloud computing usinghierarchical based encryption scheme. InternationalJournal of Engineering, 2(4), 2013.

[17] Sai Krishna Parsha. Mohd. khaja pasha,” enhancingdata access security in cloud computing usinghierarchical identity based encryption (hibe).International Journal of Scientific & EngineeringResearch, 3(5), 2012.

[18] D MANOJ PRABHAKAR and K SURESH JOSEPH.A new approach for providing data security and securedata transfer in cloud computing.

[19] T Praveenkumar and K Narsimhulu. Secure andaccountable data sharing in the cloud.

[20] Ronald L Rivest, Adi Shamir, and Len Adleman. Amethod for obtaining digital signatures and public-keycryptosystems. Communications of the ACM,21(2):120–126, 1978.

[21] Bharath K Samanthula, Gerry Howser, YousefElmehdwi, and Sanjay Madria. An efficient and securedata sharing framework using homomorphicencryption in the cloud. In Proceedings of the 1stInternational Workshop on Cloud Intelligence, page 8.ACM, 2012.

[22] Jae Hong Seo and Jung Hee Cheon. Fully secureanonymous hierarchical identity-based encryption withconstant size ciphertexts. IACR Cryptology ePrintArchive, 2011:21, 2011.

[23] Abhishek Tripathi and Md Sarfaraz Jalil. Data accessand integrity with authentication in hybrid cloud.Oriental International Journal of InnovativeEngineering Research (OIJIER), 1(1):pp–030, 2013.

[24] Guojun Wang, Qin Liu, and Jie Wu. Achievingfine-grained access control for secure data sharing oncloud servers. Concurrency and Computation: Practiceand Experience, 23(12):1443–1464, 2011.

[25] Shucheng Yu, Cong Wang, Kui Ren, and WenjingLou. Attribute based data sharing with attributerevocation. In Proceedings of the 5th ACM Symposiumon Information, Computer and CommunicationsSecurity, pages 261–270. ACM, 2010.

- 124 -