A Novel Key Management Mechanism Using Elliptic and Diffie-hellman for Handling Users in Cloud Environment

A Novel Key Management Mechanism Using Elliptic and Diffie-hellman for Handling Users in Cloud Environment

K. Santhi SriN. Veeranjaneyulu

Department of CSE, Vignan’s Foundation for Science Technology & Research, Vadlamudi, Guntur 522213, Andhra Pradesh, India

Department of IT, Vignan’s Foundation for Science Technology & Research, Vadlamudi, Guntur 522213, Andhra Pradesh, India

Corresponding Author Email: 
17 April 2018
| |
5 June 2018
| | Citation



Cloud computing provides many number of services to the users but the major and crucial service is cloud storage. Cloud storage is one of the most popular services in cloud computing environment. But the data stored in cloud will have a problem of protecting the data from the third party and also address the unauthorized access.  For solving such issues encryption provides a better solution but access given to the cloud users is a problem. In order to address this problem we propose a group key management technique using Diffie-Hellman and elliptic curve cryptograph. Which handles the user authentication and also give the group access, and role based access to the user.


cloud computing, elliptic curve, data owner, cloud user, data storage

1. Introduction
2. Literature Survey
3. Proposed Method
4. Experimental Setup
5. Results and Discussions
6. Conclusion

[1] Institute FR. (2010). Personal Data in the Cloud: A Global Survey of Consumer Attitudes. 

[2] From Hype to Future: KPMG’s 2010 Cloud Computing Survey. http:// www.kpmg.com/ES/es/ActualidadyNovedades/ArticulosyPublicaciones/, accessed in 2010.

[3] Armbrust M, Fox A, Griffith R, Joseph AD, Katz RH, Konwinski A, et al.(2010). A view of cloud computing. Commun. ACM 53(4): 50–58.

[4] Global Survey: Has Cloud Computing Matured. http://www.avanade.com/Documents/Research%20and%20Insights/, accessed in 2011.

[5] Delerablée C. (2007). Identity-based broadcast encryption with constant size ciphertexts and private keys. In ASIACRYPT Lecture Notes in Computer Science 4833: 200–215.

[6] Zhou L, Varadharajan V, Hitchens M. (2011). Enforcing role-based access control for secure data storage in the cloud. Comput. J. 54(13): 1675–1687.

[7] Zhu Y, Hu H, Ahn GJ, Wang H, Wang SB. (2011). Provably secure role-based encryption with revocation mechanism. J. Comput. Sci. Technol. 26(4): 697–710.

[8] Akl SG, Taylor PD. (1983). Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1(3): 239–248.

[9] Atallah MJ, Frikken KB, Blanton M. (2005). Dynamic and efficient key management for access hierarchies. In Proc. ACM Conf. Comput. Commun. Sec. 190–202.

[10] Hassen HR, Bouabdallah A, Bettahar H, Challal Y. (2007). Key management for content access control in a hierarchy. Comput. Netw. 51(11): 3197–3219.

[11] Di Vimercati SDC, Foresti S, Jajodia S, Paraboschi S, Samarati P. (2007). Over-encryption: Management of access control evolution on outsourced data. In Proc. VLDB 123–134. 

[12] Blundo C, Cimato S, Di Vimercati SDC, Santis AD, Foresti S, Paraboschi S, et al. (2009). Efficient key management for enforcing access control in outsourced scenarios. In SEC (IFIP) 297: 364–375.

[13] Samarati P, Di Vimercati SDC. (2010). Data protection in outsourcing scenarios: Issues and directions. In Proc. ASIACCS 1–14.

[14] Gentry C, Silverberg A. (2002). Hierarchical ID-based cryptography. In ASIACRYPT (Lecture Notes in Computer Science) 2501: 548–566.

[15] Boneh D, Boyen X, Goh EJ. (2005). Hierarchical identity based encryption with constant size ciphertext. In EUROCRYPT Lecture Notes in Computer Science 3494: 440–456.

[16] Goyal V, Pandey O, Sahai A, Waters B. (2006). Attribute-based encryption for fine-grained access control of encrypted data. In Proc. ACM Conf. Comput. Commun, 89–98. 

[17] Sahai A, Waters B. (2005). Fuzzy identity-based encryption. In Proc. EUROCRYPT, 457–473. 

[18] Yu S, Wang C, Ren K, Lou W. (2010). Achieving secure, scalable, and fine-grained data access control in cloud computing. In Proc. IEEE INFOCOM, 534–542.

[19] Zhu Y, Ma D, Hu C, Huang D. (2013). How to use attribute-based encryption to implement role-based access control in the cloud. In Proc. Int. Workshop Sec. Cloud Comput., 33–40.

[20] Goh EJ, Shacham H, Modadugu N, Boneh D. (2003). SiRiUS: Securing remote untrusted storage. In Proc. NDSS, 1–15. 

[21] Ateniese G, Fu K, Green M, Hohenberger S. (2005). Improved proxy re-encryption schemes with applications to secure distributed storage. In Proc. NDSS, 29–43.

[22] Shamir A. (1984). Identity-based cryptosystems and signature schemes. In CRYPTO (Lecture Notes in Computer Science) 196: 47–53.

[23] Barreto PSLM, Libert B, McCullagh N, Quisquater JJ. (2005). Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. in ASIACRYPT (Lecture Notes in Computer Science) 3788: 515–532.

[24] Boneh D, Crescenzo GD, Ostrovsky R, Persiano G. (2004). Public key encryption with keyword search. In EUROCRYPT (Lecture Notes in Computer Science) 3027: 506–522.

[25] Golle P, Staddon J, Waters BR. (2004). Secure conjunctive keyword search over encrypted data. In ACNS (Lecture Notes in Computer Science) 3089: 31–45.

[26] Boneh D, Waters B. (2007). Conjunctive, subset, and range queries on encrypted data. In TCC (Lecture Notes in Computer Science) 4392: 535–554.

[27] JAX-WS Reference Implementation. http://jax-ws.java.net/, accessed in 2013.

[28] HyperSQL Database. http://hsqldb.org/.

[29] Silverman JH. (2009). The Arithmetic of Elliptic Curves (Graduate Texts in Mathematics), 2nd ed. New York, NY, USA.

[30] Miyaji A, Nakabayashi M, Takano S. (2001). New explicit conditions of elliptic curve traces for FR-reduction. IEICE Trans. Fundam. E84-A(5): 1234–1243.

[31] Barker E, Barker W, Burr W, Polk W, Smid M. (2011). Recommendation for key management—Part 1: General (revision 3). NIST, Gaithersburg, MD, USA, Tech. Rep. SP800-57.

[32] Jenkins RJ. (1996). ISAAC. In FSE (Lecture Notes in Computer Science) 1039: 41–49.

[33] SOAP Message Transmission Optimization Mechanism. http://www.w3.org/TR/soap12-mtom/, accessed in 2005.

[34] Pudovkina M. (2001). A known plaintext attack on the ISAAC keystream generator. Dept. Cryptol. Discrete Math., Moscow Eng. Phys. Inst., Moscow, Russia, Tech. Rep. 2001/049.

[35] Aumasson JP. (2006). On the pseudo-random generator ISAAC. FHNW, Windisch, Switzerland, Tech. Rep. 2006/438. 

[36] Caro AD, Iovino V. (2011). Java Pairing Based Cryptography Library. http://libeccio.dia.unisa.it/projects/jpbc/, accessed in 2011.

[37] Lynn B. (2007). Pairing-Based Cryptography Library. http://crypto.stanford.edu/pbc/

[38] Bouncy Castle Cryptography Library. http://www.bouncycastle.org/, accessed in 2013.

[39] Canetti R, Halevi S, Katz J. (2004). Chosen-ciphertext security from identity-based encryption. In EUROCRYPT (Lecture Notes in Computer Science) 3027: 207–222.

[40] Boneh D, Katz J. (2005). Improved efficiency for CCA-secure cryptosystems built using identity-based encryption. In CT-RSA (Lecture Notes in Computer Science) 3376: 87–103.

[41] Mell P, Grance T. (2011). The NIST Definition of Cloud Computing. National Institute of Standards and Technology, 1-3. 

[42] A. Merrihew, Cloud Computing: How to explain it to others in your organization [DB/OL]. 

[43] B. Butler, “Are Community Cloud Services the Next Hot Thing”, [DB/OL]. 

[44] Samuels M. Community Clouds: Why they’re a step too far for Organisations. [DB/OL]. 

[45] Linthicum D. SaaS is Cloud Computing’s quiet killer app [DB/OL]. 

[46] Chriss A. Intuit Customer Solution Case Study [DB/OL]. 

[47]http://www.salesforce.com/assets/pdf/misc/WP_Forcedotcom-Security.pdf (2010-07-06) 

[48] Juengs D. What is Platform as a Service [DB/OL]. 

[49]file:///C:/Users/staff/Downloads/CloudSecurityConsiderations_MicrosoftOffice365.pdf (2011-07-06) 

[50] https://cloud.google.com/files/Google-CommonSecurity-WhitePaper-v1.4.pdf (2012). 

[51] Todorov D, Ozkan Y. (2013). http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf. 

[52] http://www.questsys.com/cloudServices.aspx (2013-11-04) 

[53]http://www.gemalto.com/press/Gartner_Magic_Quadrant_2013.html (2013-03-05) 

[54]http://www.terremark.com/uploads/documents/WP14970.a.Online_Identity_Mgmt_03_PrePress.pdf (2012-10-23)

[55] Baize E. Cloud and Virtualization: Surpassing Current levels of security [DB/OL]. 

[56] http://www.druva.com/documents/Druva-inSync-Security-Q115-R54-10062.pdf (2014) 

[57] Barr J, Narin A, Varia J. (2011). Building Fault-Tolerant Applications on AWS. Amazon Web Services, 1-15. 

[58] Khalid U, Ghafoor A, Irum M, Awais Shibli M. (2013). Cloud Based Secure and Privacy Enhanced Authentication and Authorization Protocol. Procedia 22: 680-688. 

[59] Zissis D, Lekkas D. (2012). Addressing cloud computing security issues. Future Generation Computer Systems 28(3): 583-592. 

[60] Acar T, Belenkiy M, Kupcu A. (2013). Single Password Authentication. Computer Networks 57(13): 2597-2614. 

[61] Oracle, Private Database Cloud [DB/OL]. 

[62] Bernabe JB, Marin Perez JM, Alcaraz Calero JM, Garcia Clemente FJ, Perez GM. (2014). Semantic- Aware – multitenancy-authorization system for cloud architectures. Future Generation Computer Systems, (2014) 32: 154-167. 

[63] Chadwick DW, Fatema K. (2012). A privacy preserving authorization system for the Cloud. Journal of Computer and System Sciences 78(5): 1359-1373. 

[64] Saldhana A, Marian R, Barbir A, Jabbar SA. OASIS Cloud Authorization (CloudAuthZ) TC [DB/OL]. 

[65] http://www.vmware.com/files/pdf/partners/vmware-public-cloud-security-wp.pdf?src=vcld-2012-1-blog-PCSA%20whitepaper-ex-41 (2012) 

[66] http://www.dell.com/learn/us/en/04/campaigns/dell-data-protection-solutions, (2013-11-06) 

[67] http://www.wuala.com/en/learn/technology, (2014-01-03) 

[68] Wang G, Liu Q, Wu J, Guo M. (2011). Hierarchical attribute based encryption and scalable user revocation for sharing data in cloud servers. Computers and Security 30(5): 320-331. 

[69] Fan CI, Huang SY. (2013). Controllable privacy preserving search based on symmetric predicate encryption in cloud storage. Future Generation Computer Systems 29(7): 1716-1724. 

[70] http://www.onlinetech.com/cloud-computing-hosting/overview (2014) 

[71] Popa L, Yu M, Ko SY, Ratnasamy S, Stoica I. (2010). Cloud Police: taking access control out of the Network. ACM Sigcomm Workshop.