Cha-Cha 20: Stream Cipher Based Encryption for Cloud Data Centre Dharavath Ramesh
Rahul Mishra
Bhukya Shankar Nayak
Indian School of Mines Dhanbad 826004, Jharkhand, India +91-3262235795
Indian School of Mines Dhanbad 826004, Jharkhand, India +91-8802584376
Swami Vivekananda Institute of Technology, Hyderabad 500003, Telangana, India +91-9177228815
[email protected]
[email protected]
[email protected]
ABSTRACT In Cloud computing is a paradigm for implementing universal, beneficial and on demand access to shared collection of configurable computing resources. Cloud computing environment has merits of elasticity, pay-per-use model, streamline processes, improved flexibility and accessibility, better resource utilization, help to achieve economic of scale, anywhere - anytime collaboration, disaster recovery etc. Security possesses major threat as data is viably revealed to third party. Virtualization is one of the methods to resolve security issues of cloud environment and also provide adaptability to host multiple OS stacks on single hardware to improve resource utilization. But virtualization model also have major security issues. In this paper, we introduce an efficient stream cipher based cryptographic method to increase security of encrypted data at cloud data center which is time and cost efficient at both encryption and decryption and also maintains integrity of virtual machine or virtual machine’s disks.
Keywords
whose interface is easily available for client‘s site to access it. Apart from these services cloud infrastructure introduced a new service named DAAS that reduces data processing cost or storing data cost. In spite of these features cloud prototype have major security [1] issues to data storage at cloud data center and also loss of control. Some of the major security issues related to cloud computing are hardware, operating system, secure virtualization [2], load balancing, secure VM migration, resource scheduling and transaction, multi tenancy, data integrity, authentication and verification issues etc. Basically, cloud security issues are categorized into three major categories. Integrity: Verification of stored data at cloud data center that prevent modifying and misrepresenting the data without the concern of data owner or cloud owner. Availability: Availability of information or data whenever user demand, but security concern in terms of non –availability at accurate time period .These types of service interruption occurs due to DOS /DDOS attack which causes unpleasant behavior.
Encryption, Cloud computing, Stream cipher, Hash function
1. INTRODUCTION Currently, internet enter at edge of next era where resources are being globally shared. Cloud computing is a major component to attain it. Cloud computing service is based on Pay-per-use model where cloud service providers offers users to turn their data to cloud and also provide service of distantly storing data at cloud data center. Data storage at cloud data center offers high quality of service to enjoy on demand stimulation of data. Cloud services are classified into three categories. IAAS (infrastructure as a service)to access, manage and monitor distant data center infrastructure such as storage, networking etc. PAAS (platform as a service) provides platform to develop application while providing cloud component to software services. AAS (Software as a service) offers to use the web services to deliver application that are managed by third party vendor and ICTCS '16, March 04-05, 2016, Udaipur, India © 2016 ACM. ISBN 978-1-4503-3962-9/16/03…$15.00 DOI: http://dx.doi.org/10.1145/2905055.2905098
Confidentiality: Hides from others, but those who are authorized to see it, easily access it. Confidentiality can be achieved by encrypting data using symmetric or asymmetric keys. But risks concerns in terms of attack to get these key (include side channel attack, timing attacks etc.). Cloud computing has introduced authorized virtualization to remove load balancing issues, which is one of the major issue of cloud environment via secure virtualization, secure virtual machine migration [3] and dynamic stimulation among physical nodes. An operating system on virtual machine is a guest operating system and virtual machine monitor act as management layer between these. Cloud data center have massive virtual machine with large storage disks to store large massive sensitive and crucial data of cloud service users. In virtue of merits, virtualization also have large number of security issues like DOS / DDOS attacks , attacks on virtual machines or virtual machine monitors , VM escape, resource utilization [4], and etc. In this paper, we propose an alternative approach to protect the sensitive data stored at cloud data center in VM disks [5] by ensuring proper integrity and data security at cloud data center. Our contribution with the proposed approach is as follows.
i. ii.
Related security issues to data storage in VM disks at cloud data center. Efficient stream cipher based encryption (Cha-Cha 20) to provide security and also maintain integrity by using SHA-256 Hash Function with Merkle Hash Tree.
2. Related Literature Recently, major works have been proposed in the field of sensitive data security and integrity at cloud data center. Some works have been formulated for integrity issues related to virtual machine‘s disk images and secure data storage at cloud data center. Privacy related issues in cloud paradigm have been deeply discussed in [6 - 8]. An exhaustive cloud security risk assessment have been presented by Takabi et al. [9] and protection of virtual machine at cloud center by cloud visor concept [10]. In cloud visor method, Cheng has introduced symmetric key based encryption technique with AES -128 bit to secure data storage at cloud data center by using the methodology of Merkle hash tree. Disadvantages: - limitation of this scheme lies in the AES -128 bit encryption scheme by side channel scheme and differential cryptanalysis of MD5 Hash function. Deswarte et al. [11] defined RSA based hash function, uses RSA hash function to verify the data or file stored at cloud data center. In that scheme, multiple challenges can be performed by client on same Meta data. So, this scheme has high computational complexity at server site, which should be exponent -ate all the blocks into files. Schwarz et al. [12] described a method to ensure- the data stored at remotely across multiple sites. This scheme is based on algebraic signature. This scheme store fingerprints of stored data and verifies during authentication process. Despite of this merit, this scheme has high computational complexity at both sites client and server respectively. Also have security related issues. Pardeshi et al. [13] proposed scheme based on Merkle hash tree with sha-1 hash function to ensure integrity of stored data at data center and AES 128 bit encryption scheme to maintain security of sensitive data. This scheme based on SHA- 1 Hash function to find hash values of data blocks at leaf node level of Merkle Hash Tree, MHT has used to maintain hash values of all data blocks at cloud data center. But, in spite of these features, this scheme has drawbacks of differential cryptanalysis of SHA -1 hash function and cryptanalysis of AES 128 bit scheme by side channel attacks. A scheme [14] called POR (Proofs of Retrievability) is proposed for static authentication of big data files. This scheme defines spot checking and error correcting codes to ensure data proprietorship and retrievability, also have special blocks called sentinels are randomly encapsulated into files for detection, Hash tree defined to maintain out of order of these sentinels blocks .POR scheme basically used for confidential data, not for public data. This scheme has the demerits in the absence of public data authentication and due to presence of sentinels’ nodes, dynamic updating is not possible. Erway, C. Chris, et al. [15] introduced a method based on dynamic auditing protocol that can perform dynamic operations of data on cloud data center. In this scheme, a third party auditor verifies integrity of dynamic sensitive data at cloud data center-i.e. for data modification. This proposed scheme requires linear combination of data blocks by third party auditor from server site for verification process. But, due to requirement of linear combination of data blocks for verification, it will leak crucial data to auditor.
3. Proposed methodology The elementary target of our proposed method to provide vitreous integrity and strength to virtual machine’s disk data, under alive virtual environment at cloud data center. Our method based on Stream-cipher based encryption and SHA-256 hash function along with Merkle Hash Tree to achieve integrity and protection to data stored on virtual machine‘s disk at cloud data center. Usually cloud service providers such as –Amazon provide their services have resources at virtual machine. Finally, protection at Virtual machine level.
3.1 Stream –Cipher based Encryption Scheme In this paper, we introduced CHA-CHA 20 [16], [17] which is a member of SALSA 20 e-stream family for encryption purpose. Stream cipher takes plaintext and produces ciphertext by combining pseudo randomly generated keystream. In stream cipher, bitwise operation of plaintext with corresponding digit of keystream gives a digit of ciphertext. Although CHA-CHA 20 stream is based on SALSA 20, but CHA-CHA 20 has better permutation or diffusion round and assumes to increase resistance in cryptanalysis. CHA-CHA 20 has merits of; Better security – This proposed method is immune to padding oracle attacks and also to timing attacks. High processing speed - This method has better performance than AES -128 bit approx 3 times faster. CHA-CHA is referred as “matrix” or “vector”, where matrix notation is used due to better jocularly convenient and also give suitable notation to “column round” and “diagonal round”, input matrix(Input Words) of size -16 words formed as constant value of size 4 words, key of size 8 words, block counter of size 2 words and nonce of size 2 words (managed outside of cha-cha 20), i.e. 20 rounds are performed on original input matrix by transformation of column and diagonal matrix on every 16 words of new plaintext, each word updates twice. Quarter round on 4 words are performed in following manner; a+=b
d^=a
d
