Enhancing Data Security in Multi-Cloud Environments: A Product Cipher-Based Distributed Steganography Approach

In the digital landscape of today's interconnected world, our reliance on the internet has grown exponentially, permeating diverse facets of our lives through online services. However, this widespread interconnectivity has exposed us to heightened security risks, compelling the development of innovative tools to protect sensitive information. In response, the synergy of cryptography and steganography has emerged as a formidable defense. Cryptography involves the intricate transformation of data into an unreadable format using complex algorithms, while steganography conceals information within other data, reducing its detectability.

The enduring significance of cryptography in ensuring data confidentiality and integrity is undeniable. Nevertheless, steganography offers a captivating approach by obfuscating hidden data and embedding confidential messages within innocuous cover messages guided by cryptographic keys. The essence of steganography lies in the formidable challenge it poses to unauthorized entities attempting to retrieve hidden messages without the proper key, adding an additional layer of security [1-7].

The potency of steganography hinges on several critical factors, encompassing the effectiveness of message concealment within cover data, the data's capacity to seamlessly host concealed messages, and the technique's resilience against potential adversarial attacks. The selection of an appropriate carrier medium is paramount in steganography. The ubiquity, transparency, and accessibility of cloud computing position it as an optimal candidate for this role [8].

Cloud computing, a cornerstone of distributed computing, provides access to versatile computational resources, boasting advantages such as cost-efficiency, enhanced data accessibility, and accelerated computational speeds [9-14]. Despite these benefits, the paramount challenge of ensuring data security within cloud environments persists. To confront this challenge, the amalgamation of cryptography and steganography has emerged as a robust approach, enhancing the security of sensitive information and mitigating potential threats [15-17].

Steganography's operation involves covertly embedding crucial information within different data types, such as images or audio files. This covert process ensures that even if visible data undergoes minor alterations, hidden information remains secure and retrievable. The steganography realm can be broadly categorized into two primary classifications: classical and distributed steganography [18]. Classical steganography conceals data within a single cover medium, while distributed steganography fragments and disseminates data across multiple mediums, substantially amplifying the complexity of detecting or accessing the concealed message.

In the historical context of classical steganography, an intriguing analogy was introduced by Simmons in 1984—the "prisoner's problem." This analogy depicts a scenario where two individuals, Alice and Bob, communicate secretly under close surveillance [19]. This metaphor underscores the intricate challenge of establishing covert communication channels that evade detection. Classical steganography employs sophisticated techniques to conceal confidential messages within various media types, leveraging Secret keys for clever insertion and extraction. The primary objective is utmost discretion, thwarting potential adversaries from deciphering the process and exposing the messages. However, as adversaries become more sophisticated and capable of detecting hidden messages and meticulously analyzing exchanged data, the necessity to establish robust defenses intensifies. This interplay between secrecy and detection holds critical importance, particularly in the context of cloud computing, where secure information exchange fuels the evolution of steganography techniques. Advanced statistical tools are employed to reveal intricate patterns of data concealment and revelation in the digital realm [20, 21].

The realm of distributed steganography introduces a novel paradigm, building on classical steganography's foundations [22-26]. This approach involves fragmenting sensitive messages into discreet segments, which are then distributed across an array of covert communication channels. This strategy adds a layer of complexity, significantly enhancing the challenge of detecting and reconstructing the concealed message [27-32]. This technique finds utility in scenarios where multiple independent parties collaborate covertly. For instance, Liao et al. [33] introduced a model wherein different participants possess distinct covert messages, with the intended recipient having all hidden messages to reconstruct the original content. This Secret-sharing strategy entails three main steps: creating a target key, distributing share keys, and ultimately reconstructing the Secret. The delicate balance between security and accessibility is at the core of this process.

Distributed steganography's security is fortified by distributing the Secret across various media types. However, introducing subtle changes to accommodate a hidden message may inadvertently arouse suspicion, exposing the risk of steganalysis [34-36]. Amid these complexities, the potential for complete loss of secrecy due to media tampering necessitates careful consideration. The challenge in distributed steganography is striking the right balance between complexity for safety and durability in a dynamically changing digital realm.

To address limitations in traditional steganography, a new concept has been proposed where the cover media remains unchanged and serves as a pointer to fragmented data stored in a multi-cloud environment. This approach makes locating and extracting the Secret message difficult for attackers. Leonel Moyou Metcheka and Ndoundam [37] employ steganography to protect the password. It is claimed that the existing covert channel's new steganography idea makes it difficult for an attacker to figure out how to extract the hidden message. Two technical contributions served as the foundation for the current system's architecture. First, the cover media are not altered; rather, they function as a link to fragmented data. Second, the multi-cloud storage environment contains a Secret message. Cover media is chosen and uploaded into the cloud based on the message that communicating entities desire to keep hidden. Here, the method uses files as the cover media and uploads them directly into the cloud. Using the Secret message and key will allow you to upload the files. The key includes the following details: number of clouds, in the following order: $\mathrm{C}_0, \mathrm{C}_1, \ldots . . \mathrm{C}_{\mathrm{n}-1}$ and their login information, file list, such as $\mathrm{L}^0, \mathrm{~L}^1, \ldots \ldots \mathrm{L}^{\mathrm{k}-1}$, each list consisting of a set of files, such as $\left(L^0{ }_0, L^0{ }_1, \ldots . L^0{ }_{B-1}\right)$ are composed in $\mathrm{L}^0$ and $\left(L^1{ }_0, L^1{ }_1, \ldots . L^1{ }_{B-1}\right)$ are composed in $\mathrm{L}^1$ and so on with the encoding base values. Work presupposed that the communication entities would safely share the key information.

To secretly store the Secret in the cloud, the sender transcodes the Secret in a certain base and splits it into K blocks, i.e., $b_0, b_1, \ldots . . b_{K-1}$ with each block consisting of n values. The sender then sends these K blocks to the cloud. Before the block is uploaded to the cloud for storage, the procedure is repeated for a greater number of blocks, during which time one of the files from the file lists is substituted for each value included inside the block. Each block has its own unique file list that has been allocated to it. In addition, copies of these are stored in the cloud. The receiver, who has access to the cloud, looks through the files to determine how to get the data and then produces the Secret by exchanging the information in the files with values.

Despite its suitability for protecting Secrets across multiple clouds from unauthorized access, this mechanism has a limitation, i.e., file selection and storage follow a predictable serial order. This vulnerability exposes the possibility of intruders cracking the Secret. Attackers could exploit this sequential pattern to deduce the concealed message through multiple attempts. Recent work examines this approach's security strength against brute force attacks [1]. The analysis concludes that despite an attacker's attempts to retrieve the Secret value via brute force attacks, the computational effort required for unauthorized access is smaller than exponential computations. In response, the paper seeks to develop a mechanism to make brute-force attacks computationally exponential, proposing "Product Cipher-Based Distributed Steganography".

Selecting a product cipher as the underlying mechanism introduces complexity and security to address concerns in cloud-based communication. The product cipher, a cryptographic construction combining multiple substitution and transposition methods, offers a robust and multi-layered defense against potential attacks. By leveraging this approach, the system aims to counter various intrusion forms, including brute-force attacks - a significant concern in cloud security.

Although the paper doesn't explicitly compare the chosen product-cipher-based distributed steganography with other techniques, it primarily focuses on presenting and validating this novel approach. It highlights the unique contributions, such as maintaining unchanged cover media, leveraging multi-cloud storage, and addressing traditional steganography limitations. Further research could delve into comparative studies, evaluating the strengths of the product cipher-based method in contrast to other steganography approaches. Such comparisons would provide insights into the specific advantages and trade-offs of this technique, situating it within the broader landscape of secure cloud communication steganography methods.

The proposed steganography method, termed "Product Cipher-Based Distributed Steganography" (PCDS), introduces several distinctive features that set it apart from existing methods. The unique aspects of PCDS in contrast to traditional and distributed steganography approaches are:

1. Unchanged Cover Media as a Reference:

• Traditional Steganography: In conventional methods, data is hidden in different cover media, introducing the risk of detection as alterations to cover media may leave traces.
• Distributed Steganography: Existing distributed methods fragment the Secret message across various cover media, enhancing security but still susceptible to suspicion or loss of the entire Secret in case of modifications.
• PCDS Approach: PCDS innovatively employs unchanged cover media as a reference for fragmented data. This departure from tradition minimizes the risk associated with modifying cover media, reducing the potential for detection by attackers.

2. Multi-Cloud Storage Security:

• Traditional Steganography: The shift towards cloud usage has prompted individuals to hide private information in images, but concerns remain about the security of sensitive data in the cloud.
• Distributed Steganography: While distributed methods enhance security, they may still face challenges such as potential detection and loss of the entire Secret.
• PCDS Approach: PCDS utilizes multi-cloud storage to store the hidden message securely. This safeguards against unauthorized access and introduces mathematical complexity, making it computationally infeasible for attackers to retrieve the concealed data.

3. Computational Infeasibility for Attackers:

• Traditional and Distributed Steganography: The comment alludes to concerns raised in recent research [1] regarding the efficiency of retrieving Secret data from multi-cloud storage. Existing methods may face vulnerabilities to computational attacks.
• PCDS Approach: PCDS addresses these concerns by introducing a Product Cipher-Based Distributed Steganography scheme. The computational complexity involved in determining the appropriate sequence of Secret distribution and file numbering makes brute-force attacks computationally exponential, ensuring a significantly higher level of security.

Consider a practical example of the PCDS methodology in operation. Consider that Alice wishes to transmit a confidential message to Bob via cloud storage in a secure manner. By employing conventional steganography, she would pose a risk of detection if the image is altered while concealing the message within it. Message fragmentation across multiple images would result from distributed steganography; however, suspicion or alterations could still result in the disclosure of the complete Secret. Using PCDS, Alice can now securely store the fragmented message in a multi-cloud environment while referencing an unchanged image. Thus, in the event of a single cloud compromise, the assailant will not possess the entirety of the information, and the cover media remains unaltered, providing an additional level of security.

The PCDS method not only overcomes traditional and distributed steganography limitations by leveraging unchanged cover media and multi-cloud storage but also establishes a higher level of security through its unique product cipher-based approach. The following sections of the paper will delve deeper into the specifics of PCDS, highlighting its advantages and demonstrating how it effectively addresses the identified shortcomings in existing steganography methods.

In today's digital landscape, the need for secure and covert communication has become increasingly essential. However, ensuring the confidentiality of sensitive information in a distributed manner presents significant challenges. Traditional encryption techniques provide a level of security but are vulnerable to attacks due to their distinguishable patterns and metadata. This necessitates the exploration of novel methods that go beyond conventional encryption. Covert communication involves the exchange of information without arousing suspicion from unintended observers. Steganography, a subset of covert communication, focuses on hiding Secret data within innocuous cover media, such as images or audio files. The challenge lies in developing techniques that not only embed the data effectively but also ensure that the embedded data remains undetectable.

The prevalence of cloud computing has introduced new possibilities for distributed data storage and retrieval. Multi-cloud environments offer benefits such as increased availability and fault tolerance. However, these advantages are accompanied by security concerns, including potential breaches and unauthorized access. Ensuring the confidentiality of data stored across multiple clouds while achieving covert communication further complicates the problem. Existing methods for distributed covert communication often rely on covert channels, which exploit the communication paths not originally intended for data exchange. While effective to a certain extent, these methods have limitations such as susceptibility to detection and difficulty in dynamically adapting to changes in the cloud environment. address these challenges, we propose the Product Cipher-Based Distributed Steganography (PCDS) technique. PCDS aims to securely embed and retrieve data in a multi-cloud environment using steganography, providing both covert communication and resistance against unauthorized access. The approach leverages the concept of product ciphers, combining substitution and permutation operations to achieve secure data hiding. The primary objectives of our research are as follows:

Secure Data Hiding: Develop a technique to dynamically embed Secret data into files distributed across multiple clouds while maintaining the cover media's authenticity.

Covert Communication: Ensure that the embedded data remains undetectable, achieving covert communication between communicating entities.

Resistance to Attacks: Design the PCDS technique to withstand attacks such as statistical analysis and pattern recognition, enhancing the security of the covert communication.

Dynamic Adaptability: Create an approach that adapts to changes in the cloud environment, providing a reliable and secure covert communication channel even in dynamic scenarios.

The proposed Product Cipher-Based Distributed Steganography (PCDS) is an extension of the existing covert channel-based distributed data hiding mechanism [27], which hides the Secret dynamically in the multi-cloud environment in a distributed manner. PCDS is transparent to Secret communication between the communicating entities. PCDS uses multi-clouds to store the files which are derived from the corresponding Secret, and further files are uploaded without any modification.

PCDS is a steganographic approach where files are used as covert media to carry the Secret information that is to be securely shared with the destination. To achieve the goal, communication entities agree on the key. The key agreement procedure is out of the scope of our work. The key consists of a set of information, i.e., a Cloud list and their credentials to access them, a Base value, a session key for permutation, and the number of files indexed in different lists for substitution, Eq. (1) shows the key and its information.

Key $=\left\{\right.$ Cloud' $^{\prime} s=C_0 C_1 . . C_n$, Base value $=$ $B_i$, where $i=2,4,8 . .$, Session Key $=K_s$, Lists $=$ $L_0 L_1 L_2 L_3 \ldots L_n$, and Files in $n^{\text {th }}$ list $=$ $\left.L_n^0, L_n^1, L_n^2 \ldots \ldots L_n^B,\right\}$             (1)

where,

1. C₀C₁…C_n are the number of clouds where Secret need to be stored
2. B_i is the base value, to which secrete value is to be converted
3. Session key (K_s), which is used for applying the permutation
4. $L_0 L_1 L_2 L_3 \ldots \ldots L_n$ are the lists, where each list consists of B files

$L_n^0, L_n^1, L_n^2 \ldots \ldots L_n^B$ are the number of files in the n^thlist. These files are in the different format.

Figure 1 shows the overview of the proposed Product Cipher-Based Distributed Steganography (PCDS) approach, where the sender converts the Secret into files and dynamically embeds the files into multi-cloud.

In Figure 1, we present a comprehensive overview of the Product Cipher-Based Distributed Steganography (PCDS) approach, illustrating the process of securely storing and retrieving Secret information within a multi-cloud environment. The diagram is designed to provide a visual representation of the key steps involved in the PCDS technique. To facilitate covert communication, the sender initiates the process by converting the Secret information into a series of files. This conversion involves employing a combination of substitution and permutation techniques, transforming the original Secret into a format suitable for embedding.

Once the files are converted, the sender employs dynamic embedding strategies. These strategies involve utilizing both substitution and permutation operations to ensure that the converted files are embedded securely and discreetly across multiple cloud platforms. Upon successful embedding, the receiver, possessing authorized access to the multi-cloud infrastructure, undertakes the process of retrieving the embedded files. The retrieved files are then subjected to the reverse of the conversion process, where permutation and substitution operations are applied in the opposite order to reconstruct the original Secret information.

The working procedure of PCDS, i.e., securely stores the Secret to multi-cloud and retrieves the Secret from multi-cloud, is explained as follows On the other hand, the receiver with access to the cloud retrieves the files from the cloud and converts them back to Secret by applying substitution and permutation techniques in reverse order.

The proposed PCDS aims to store and retrieve Secrets in/from multi-cloud securely. To achieve the goal, PCDS split into two phases, i.e., 1). Secure Secret storage in the multi-cloud environment, and 2). Secure Secret retrieval from the multi-cloud environment. Consider the two communicating entities, where one entity wants to store the Secret securely, and another wants to retrieve it with the help of the PCDS algorithm securely. To achieve the goal, both entities agree on the key. The key elements are given in Eq. (1). The First phase of the PCDS, i.e., Secure Secret storage in the multi-cloud environment, is explained as follows.

1. Secure Secret storage in the multi-cloud environment

Secure Secret storage in the multi-cloud environment aims to store the Secret in multi-cloud securely by following the steps.

1. Base Conversion: - The Secret is converted in the base value B.
2. Permutation choice 1: The Secret represented in base B undergoes the permutation.
3. Substitution: Permuted output of the Secret represented in base B is substituted with the files available in the different lists. Thus, each Secret value is represented by different files.
4. Permutation choice 2: The Secret represented by various files undergoes the permutation.
5. Allocation: Permuted output is allocated to different clouds.

This initial step involves the user providing the Secret key 'S' that needs to be securely stored. Additionally, the user specifies the number of clouds involved, which is a critical parameter for distributing the Secret information effectively.

Consider communicating entity-1, who wants to securely store the Secret S=1111101101000001 in a multi-cloud environment, with a pre-agreed key between communicating entities is:

$\begin{gathered}\text { Key }=\left\{\text { Cloud's }=C_0, C_1, C_2, C_3 . \text { Base value }\left(B_i\right)=\right. \\ B_2 \text { Session Key }=\left(\begin{array}{ll}3 1254\end{array}\right), \text { Lists }=L_0 L_1 L_2 L_3 \ldots . L_n, \\ \left.\quad \text { and Files in nth list }=L_n^0, L_n^1, L_n^2 \ldots \ldots L_n^B,\right\} .\end{gathered}$

Entity-1 has the Secret value $S=1111101101000001$ and wants to securely store into four clouds, say $C=C_0, C_1, C_2, C_3$. with base value $B=2$ and $\operatorname{Session} \operatorname{Key}\left(K_s\right)=\left(\begin{array}{llll}3 & 1 & 2 & 5& 4\end{array}\right)$ for permutation and a list of files for substitution, which are shown in Table 1. To store the Secret in the cloud securely, entity-1 applies algorithm-1. The working of algorithm-1 is composed of the following steps.

• Base conversion

The Secret key 'S' undergoes a conversion process utilizing a specified base value 'B.' This conversion is a fundamental aspect of the key agreement between communicating entities, adding an extra layer of security to the process

Initially, algorithm 1 sets the base value (B) as per the agreed pre-shared key information, here, base value B=2 and applies base conversion to the Secret value. The output of the base conversion is placed into an array list L₁[N] as shown in Table 1.

Table 1. Array L₁[N]

1.png

Figure 1. Product cipher based Secret storage in multi-cloud

• Permuted choice-1

Permutation choice-1 is applied to the converted Secret key using a session key $' K_s^{\prime}$. It's crucial that the session key's length surpasses the number of clouds involved, enhancing the resistance against potential cryptographic attacks.

Algorithm-1 applies permuted choice-1 on an array L₁[N]. It selects the session key $' K_s^{\prime}$ from the pre-shared key. It ensures that the session key length is greater than the number of clouds. If not, increase the key length size. The session key value in the pre-shared key is, i.e., K_s=31254. To apply permuted choice 1, the values of an array L₁[N] converted into the table, as shown in Table 2. If the last row is left with empty cells, fill it with agreed bogus values, i.e., in the example filled with ${ }^{\prime} 0^{\prime}$. For permutation, read the column-wise as per increment order of key $' K_s^{\prime}$.

Table 2. Permuted choice –1

The permuted output is $S^{\prime}=[11001100100111101000]$.

• Substitution

The permuted output is divided into groups, and substitution is applied to each group based on corresponding lists. These lists play a key role in determining which files represent each value, adding a layer of complexity to the encryption process. The permuted output is divided into groups, each assigned to the list. The list information is available in the pre-shared key, and here, it is shown in Table 3. Eq. (2) is used to form the groups from the permuted output S^'. Then each group's values are substituted with lists; each list index values are substituted with files.

$L_n{ }^{S^{\prime}[n C]} \leq L_n\left[m<L_n{ }^{S^{\prime}[(n+1) C]}\right]$       (2)

where,

$\begin{aligned} & n=0,1,2, \ldots . \text { Ceil }\left(\frac{S \prime}{C}-1\right), \\ & C=\text { No.of Clouds, } \\ & S^{\prime}=\text { Length of permuted output of Secret key } \\ & L_n=n^{\text {th }} \text { list } \\ & m=(n+1) C\end{aligned}$

$m=(n+1) C$

$L_n[m]=$ nth group, which consists of $m$ values

$n^{\text {th }}$ group: $L_n[m]=\left\{L_n^{S^{\prime}[n C]}, L_n^{S^{\prime}[n C+1]}, L_n^{S^{\prime}[n C+2]} \ldots \ldots L_n^{S^{\prime}[((n+1) C)-1]}\right\}$

Here, $C=4, S^{\prime}=20$, and if we apply Eq. (2) then it divides the Secret into groups.

$S^{\prime \prime}=\left\{L_0[4], L_1[4], L_2[4], L_3[4], L_4[4]\right\}$

If we apply the corresponding values of each group then, we get:

$\begin{aligned} S^{\prime \prime}= & \left\{L_0^1, L_0^1, L_0^0, \boldsymbol{L}_{\mathbf{0}}^{\mathbf{0}}, L_1^1, L_1^1, L_1^0, \boldsymbol{L}_{\mathbf{1}}^{\mathbf{0}}, L_2^1, L_2^0,\right. \\ & \left.L_2^0, L_2^1, L_3^1, L_3^1, L_3^1, \boldsymbol{L}_3^{\mathbf{0}}, L_4^1, L_4^0, L_4^0, \boldsymbol{L}_4^{\mathbf{0}}\right\}\end{aligned}$

As per Eq. (2), four lists are created. Those lists names as $L_0[], L_1[], L_2[], L_3[]$. Each list contains a group of four values, i.e..

$\begin{gathered}L_0[4]=\left\{L_0^1, L_0^1, L_0^0, \boldsymbol{L}_{\mathbf{0}}^{\mathbf{0}}\right\} \\ L_1[4]=\left\{L_1^1, L_1^1, L_1^0, \boldsymbol{L}_{\mathbf{1}}^{\mathbf{0}}\right\} \\ L_2[4]=\left\{L_2^1, L_2^0, L_2^0, L_2^1\right\} \\ L_3[4]=\left\{L_3^1, L_3^1, L_3^1, \boldsymbol{L}_3^{\mathbf{0}}\right\} \\ L_0[4]=\left\{L_0^1, L_0^0, L_0^0, \boldsymbol{L}_{\mathbf{0}}^{\mathbf{0}}\right\}\end{gathered}$

$L_4[4]$ is converted as $L_0[4]$ as the pre-shared key consist of 4 lists. Further, these array values are substituted with files from the corresponding list based on the index values. The files substitution is shown as follows.

$L_0[4]=\{$ Thesis. docs, Thesis. docs, art.docs, art.docs $\}$

$L_1[4]=\{$ sheet1. $x l s x$, sheet1. $x l s x$, report. $x l s x$, report. $x l s x\}$

$L_2[4]=\{$ file.pptx, document.pptx, document.pptx, file.pptx $\}$

$L_3[4]=\{$ linear. $p d f$, linear. $p d f$, linear. pdf,publication. $p d f\}$

$L_0[4]=\{$ Thesis. docs, art.docs, art.docs, art.docs $\}$

Later substituted file are placed into an array L₂[N] as:

$L_2[N]=$ Thesis. docs, Thesis. docs, art.docs, art.docs, sheet1. xls $x$, sheet1. $x l s x$, report. $x l s x$, report. $x l s x$, file.pptx, document.pptx, document.pptx, file.pptx, linear. $p d f$, linear. $p d f$, linear. $p d f$, publication. $p d f$, Thesis.docs, art.docs, art.docs, art.docs $\}$

Table 3. Substituted files in array L₂[N] with corresponding indexes

Table 4. Array O[N] after permuted choice – 2

Table 3 is the array L₂[N] representation in the tabular form.

• Permuted choice-2

Another permutation operation is applied to the substituted values, providing an additional level of security to the process. This step contributes to the robustness of the algorithm against various cryptographic vulnerabilities

Further, algorithm-1 Applies permuted choice-2 on an array L₂[N] same as the permuted choice-1

Table 4 filled in a rectangle row-wise from an array L₂[N]. For permutation, read the column-wise as per increment order of key $' K^{\prime}$ the permuted output

$O[n]=[$ Thesis. docx, report. xlsx, file.pptx, Thesis.docs, art.docs, report. xlsx, linear.pdf, art.docs, Thesis. docx, sheet1. xlsx, document.pptx, publication. pdf, sheet1. xlsx, document.pptx, linear. pdf, art.docs, art.docs, file.pptx, linear.pdf, art.docs].

Compare with Table 5 indexes remain the same, but files are changed, which is shown in Table 5.

• Allocation

The allocated permuted output is distributed across different clouds based on pre-shared key information. This strategic allocation is designed to ensure that the Secret information is dispersed securely across multiple clouds, preventing a single point of compromise. The final step of algorithm 1 is to allocate the O[N] values into the four clouds $C_0, C_1, C_2, C_3$, as per the pre-shared key cloud information. Eq. (3) is used to allocate the O[N] values into the different clouds.

Position allocation : $O[N]=C_{i, j}$      (3)

where,

$\begin{aligned} & j=N \bmod C, \\ & i=\frac{N-j}{C} \\ & N=0,1,2 \ldots \operatorname{length}(S) .\end{aligned}$

If $N$ equal to 0 indexed value, then after substituting in Eq. (3) the position of a 0 indexed value, i.e., Thesis. docx is allocated in $C_{0,0}$ of $n^* n$ matrix. Similarly, all the indexed file positions are computed and allocated their respective positions. Here is the example of 0 indexed valued file and 19 indexed file:

$\begin{gathered}O[0]=C_{0,0} \rightarrow j=0 \bmod 4=0, i=\frac{0-0}{4}=0 \\ O[19]=C_{4,3} \rightarrow j=19 \bmod 4=3, i=\frac{19-3}{4}=4\end{gathered}$

Table 5. Permuted output array O[N] with modified files from array L₂[N]

Table 6. n*n matrix for cloud allocation

Table 7. Column-wise files allocation into multi-clouds

Table 8. Files reallocation in n*n matrix

Algorithm-1: Multi-Cloud Secret Key Storage

Step 1: Submit the Secret key $'S^{\prime}$  and set the no. of clouds.

Step 2: Secret key $'S^{\prime}$ converted through Base value $'B^{\prime}$.

$B_2 B_4 B_9 B_{16} \ldots . B_n$

Step 3: After conversion into $'B^{\prime}$, ‘S’ values placed in array $L_1[N]$ and apply permutation.

Step 4: Choose key $'K^{\prime}$  for permutation, where $'K^{\prime}$ length size is greater than no. of clouds.

Check key length $K>$ No. of Clouds if $K$ length size $<$ number of clouds then $K$ length size ++

Step 5: Substitute a group of permuted results with corresponding lists. The group formed by using $n C<L_n \leq(n+1) C$,

$\begin{gathered}\text { where, } n=0,1,2, \ldots . \text { Ceil }\left(\frac{S}{C}-1\right), C=\text { No. of Clouds, } S =\text { Length of Secret key } \\ \text { Group's: } L_0[] L_1[] L_2[] L_3 \ldots L_n[] \\ \text { Group: } L_n[m]=\left\{L_n^0, L_n^1, L_n^2 \ldots \ldots L_n^{m-1}\right\} \text { where } m =\text { no.of values in a single list or group }\end{gathered}$

Step 6: Grouped lists are substituted with corresponding files $f_1 f_2 f_3 \ldots \ldots f_n$.

Step 7: Files are placed in an array $L_2[N]$ and apply permutation.

$L_2[N]=\left[f_1 f_2 f_3 \ldots \ldots f_n\right]$

Step 8:  Permuted files, i.e., $O[N]=\left[f_1 f_2 f_3 \ldots \ldots f_n\right]$ are placed in $n *$ $n$ matrix by computing the position.

$\begin{aligned} & \text { Position allocation : } O[N]=C_{i, j} \\ & \text { where } j=N \bmod C, i=\frac{N-j}{C}, N(\text { files indexed numbers }) =0,1,2, \ldots . \text { length }(S)\end{aligned}$

Step 9: Each column of $n * n$ matrix is stored in the selected cloud.

$C_1 C_2 C_3 C_4 \ldots \ldots C_n$

Algorithm 1. Multi-Cloud Secret Key Storage Algorithm

Table 6 shows the position of each Secret key value allocation in the n*n matrix by indexing with different files. Attackers are unable to notice that Secret values are covered with the file. After file position allocation, select the four clouds C₀C₁C₂C₃ to store the part of the Secret key. Each column of n*n matrix is stored in the selected cloud, and it is shown in Table 7.

The step-by-step working procedure of secure Secret storage in a multi-cloud environment is shown in Algorithm 1 and Figure 2.

2. Secure Secret retrieval from the multi-cloud environment

The algorithm initiates by identifying and selecting the multi-cloud storage where the Secret information is distributed. This step is critical for initiating the retrieval process. Secure Secret retrieval from the multi-cloud environment aims to retrieve the Secret in the multi-cloud securely by following the steps.

1. Extraction: - Retrieve the files from multiple clouds and place them into the array.
2. Inverse Permutation choice-2: The Secret represented in the array undergoes the inverse permutation with the help of the session key.
3. Substitution: The files available in the output of Inverse Permutation choice-2 are substituted with the list and index values.
4. Inverse Permutation choice-1: The outvalue of the substitution phase undergoes the Inverse Permuted Choice 1 with the help of the session key.
5. Decoding: The Secret value retrieved from Inverse Permutation choice-1 is decoded by the agreed base value from the pre-shared key.

• Extraction

Retrieve the files from multiple clouds and organize them in a matrix form. Each file occupies its designated location in the matrix, forming the basis for subsequent decryption steps.

The information available in the multi-clouds in a matrix form, with size n*m. The user browses the multi-clouds and fetches the stored information from the cloud, and stores it in the array O[N]. The location in which the fetched information is stored in array O[N], is computed by Eq. (4).

$N=i * C+j$      (4)

where,

$\begin{aligned} & j=\text { column number } \\ & i=\text { row number } \\ & C=\text { number of clouds }\end{aligned}$

In our example, the extracting entity (entity-2) browses the multi-clouds i.e., $C_0 C_1 C_2 C_3$, where the files are stored in a matrix form of size $5^* 4$, as shown in Table 8 . The files are stored in the matrix with index values $(i, j)=$ $(0,0)(0,1)(0,2) \ldots \ldots \ldots \ldots(4,3)$. Then entity- 2 pic files one by one from the matrix and computes the index value using the Eq. (4), and then placed them into the array $O[N]$.

$O[N]=[$ Thesis. docx, report. xlsx, file. pptx, Thesis. docs, art. docs, report. xlsx, linear. pdf, art. docs, Thesis. docx, sheet1. xlsx, document. pptx, publication. pdf, sheet1. xlsx, document. pptx, linear. pdf, art. docs, art. docs, file. pptx, linear. pdf, art. docs $\rceil$

• Inverse permuted choice-2

Apply the inverse of permutation choice-2 to the retrieved files. This step involves reversing the permutation operation applied during the storage phase, an essential part of the decryption process.

Apply inverse permuted choice-2 on an array O[N] using K_s=31254. In the process of inverse permutation, array values O[N] placed in the column-wise as per increment order of key $' K^{\prime}$ by using Eq. (5)

Column length $=\frac{\text { array } O[N] \text { length }}{\text { Key length }}=\frac{S}{K}$     (5)

Table 9. Inverse permuted choice-2

2.png

Figure 2. Flowchart of the Secret key storage in multi-clouds

3.png

Figure 3. Secret key extraction in multi-clouds

Column length $=\frac{20}{5}=4$

In our example, the length of array O[N] is 20 from 16 length of key K=5. Column length is computed by substituting the values of array length, and key length in Eq. (5), and obtained depth of the column is 4.

Insert the first four files of the array O[N] into the column of the key labeled 1, next four files of the array O[N] are inserted into the column of the key labeled 2, and so on, as shown in the Table 9.

The output values of inverse permuted choice-2 are stored in an array L₂[N]. The values of L₂[N] are fetched from Table 9 as left to right and top to bottom.

$L_2[N]=\{$ Thesis. docs, Thesis. docs, art. docs, art. docs, sheet1.xlsx, sheet1. xlsx, report. xlsx, report. xlsx, file. pptx, document. pptx, document. pptx, file. pptx, linear. pdf, linear. pdf, linear. pdf, publication. pdf, Thesis. docs, art. docs, art. docs, art. docs\}.

• Substitution

Substitute the files with list and index values based on pre-shared key information. This step is a reversal of the substitution process applied during the storage phase, restoring the original representation of the Secret information.

The files available in the output of inverse permutation choice-2 are substituted with the list and index values from the pre-shared Secret key. The values of L₂[N] array, i.e., files are substituted by the list numbers and index numbers from Table 1 as follows.

$\begin{aligned} L_2[N]=\{ & L_0^1, L_0^1, L_0^0, \boldsymbol{L}_0^{\mathbf{0}}, L_1^1, L_1^1, L_1^0, \boldsymbol{L}_1^{\mathbf{0}}, L_2^1, L_2^0 \\ & \left.L_2^0, L_2^1, L_3^1, L_3^1, L_3^1, \boldsymbol{L}_3^{\mathbf{0}}, L_4^1, L_4^0, L_4^0, \boldsymbol{L}_{\mathbf{4}}^{\mathbf{0}}\right\}\end{aligned}$

Further, the elements in the L₂[N] the just index values replace array, i.e., remove the lists information and store it in the array L₁[N] as follows.

L₁[N]=[11001100100111101000]

• Inverse permuted choice-1

Apply the inverse of permutation choice-1 to further decrypt the retrieved information. This step is crucial for unraveling the encryption layers applied during the storage phase.

Apply inverse permuted choice-1 on an array L₁[N] using session key K_s=31254. In the process of inverse permutation, array values of L₁[N] are placed in the column-wise as per increment order of key $' K^{\prime}$ by using Eq. (5), as follows; and shown in Table 10.

Table 10. Inverse permuted choice-1

The output of the inverse permuted choice-2 are stored in list S. The values of list S are fetched from Table 10 as left to right and top to bottom, as follows:

S=11111011010000010000

Remove agreed-on bogus values and place the values in row-wise order from the Table 10 to get the Secret key.

S=1111101101000001

• Decoding:

Decode the retrieved information using the agreed base value from the pre-shared key. This final step transforms the information back to its original form, completing the secure retrieval process. The agreed base value decodes the Secret value retrieved from Inverse Permutation choice-1. The agreed base value is B=2. Thus the decoded value is S=1111101101000001.

The step-by-step working procedure of secure Secret extraction in a multi-cloud environment is shown in Algorithm 2 and Figure 3.

Algorithm:2 Multi-Cloud Secret Key Extraction

Step 1: Browse and find selected multi cloud storage.

Step 2: Extract all permuted files from multi clouds and allocate them in their respective locations in $n * n$ matrix

$\begin{gathered}\text { location : } C_{i, j}=O_{i, j} \text { where }\{i, j\}=(0,0)(0,1)(0,2) \ldots \ldots \ldots \ldots(p, q) \\ \text { where } i=\frac{N-j}{C}, j= N \bmod C, N(\text { files indexed numbers })=0,1,2, \ldots . \text { length }(S) \\ N=i * C+j\end{gathered}$

Step 3: Select the files row wise from n*n matrix and place into array L₂[N].

Step 4: Apply inverse permutation on L₂[N].

Step 5: Group of files $\left[f_1=L_n^0, f_2=L_n^0, f_3=L_n^0 \ldots . f_n=L_n^B\right]$ substitute in a list.

$L_n[B]=L_n^0, L_n^1, L_n^2 \ldots \ldots L_n^B$

Step 6: Arrange list L_n[B] in a row wise by

$n C<L_n \leq(n+1) C$

$\begin{gathered}\text { where } n=0,1,2, \ldots . \text { Ceil }\left(\frac{S}{C}-1\right), C=\text { No. of Clouds, } \\S =\text { Length of Secret key }\end{gathered}$

Step 7: Indexed files are replaced with corresponding values and placed into array L₁[N] and apply inverse permutation for decryption.

L₁[N]=B values

Step 8: B values convert into base value S.

Algorithm 2. Multi-Cloud Secret Key Extraction Algorithm.