Integrity veriﬁcation for an optimized cloud architecture

Cloud computing has signiﬁcantly beneﬁted today’s environment of IT industry through its mobility, sustainability, security, cost savings and several other important features. The risk of data loss on cloud in case of dealing with hardware and software is relatively small. However, the issue of data security becomes imminent when we are storing personal data on the cloud which is not transparent to users. In this paper, we introduce a new entity in terms of a virtual machine that provides services and assurance beyond service level agreement (SLA). In the proposed model, a role of data handling and security is assured with association of third party auditor (TPA) by the virtual machine. We further demonstrate the applied technique for encryption, decryption and integrity veriﬁcation modules. We also upgrade the entropy of the advanced encryption standard (AES) with a variant of secret sharing scheme in the environment of cloud simulator. This is an open access article under the CC BY-SA license.

INTRODUCTION Cloud computing has become a tremendous means of technology in the IT industry by offering several important benefits. It allows us to set up what is essentially a virtual office and gives us the flexibility of connecting to us anywhere, any time. Instead of purchasing and installing expensive equipment, we can use the resources of our cloud computing service provider to reduce the cost of system upgrades such as new hardware and software. On cloud, it is also easier to scale up or scale down our storage needs quickly to suit our situation, therefore allowing flexibility as our requirements change. In case of unexpected crisis, such as power failure, having the data stored in the cloud guarantees that it is properly backed up and minimize the loss of productivity. Using cloud services is also cost effective as users pay for the services that are being used by them either fully or partially, e.g. pay per use model [1][2][3].
Cloud computing provides the interaction between clients and the server with different layers. Software as a Service (SaaS) [4] provides different applications as a service but user is not allowed to make any changes in the service, for example, google Apps, sales force.com. Platform as a Service (PaaS) [5] provides a platform so that customer can run their application on the cloud platform. However, user cannot make any changes to the platform as their control are limited to the application only. Infrastructure as a Service (IaaS) [6] provides the set of hardware and software, storage devices, CPU cycles and other components that make it easier to use the above services. In this way, users gain full control over the structure as they can modify or update it according to their requirements [1,7,8]. Cloud computing provides three deployment models: private, public and hybrid (as show in Figure 1). Public clouds are the most popular way of cloud deployment in which the cloud resources are owned and operated by a third-party service provider and can be shared between different business enterprises and organizations [9]. Clients access services and manage their individual accounts using a web browser, e.g. Microsoft Azure. A private cloud consists of computing resources used exclusively by one client and cannot be shared with external parties. It is completely managed by internal policy schemes which ensure that the hardware and software are dedicated solely to the client's organization. Hybrid clouds combine on-premises private clouds infrastructure with public clouds so that organizations can acquire the advantages of both by moving the data and applications between private and public clouds for better flexibility and new deployment options [1,10]. In a cloud architecture, it is very important to ensure data integrity which guarantees that data can only be accessed and modified by appropriate authorized entities. It is a possibility that sometimes, the cloud service providers may discard or alter the data without saving in the storage space or keeping backups or replicas. It is also possible that cloud service providers may hide any accidental data loss and claim that the clients' data are still stored in the cloud storage [11][12][13][14]. As a result, data integrity verification at untrusted servers remains as one of the biggest concerns with cloud data storage [15].
The proposed work is going to identify a simplified methodology to reconstruct a secret that is distributed using Shamir's Secret Sharing Scheme [16,17], and to use the derived results to investigate implications on Advanced Encryption Standard (AES) [8,18] and examine the computation integrity of the data that is outsourced from the local storage to decentralized servers on the clouds. In reality, the users no longer have physical possession of possibly large size of outsourced data which makes the integrity protection in the cloud computing a very challenging and potentially formidable task.
We studied different algorithms that are efficiently working in cloud communication decentralized environment. But there is a great deal of chances of improvement. Specifically, we can focus on the following: (a) In decentralized cloud communication, security is not assured with each participating virtual machines [19]. (b) Consistency of data or compromise in the length of data is another major security issue in cloud communication. (c) Communication overhead is increased when we have to communicate with number of machines for retrieving the data. (d) Storing the short password on the cloud is challenging. (e) Due to low security, trust factor is also decreased.

PROBLEM FORMULATION
We analyzed and concluded that when data is encrypted with stronger algorithms like AES [20] and others, AES works in 64 bit, 128 bit, 256 bit key length and provides a stronger encryption [8]. The limitations of AES are only the lack of implementation and key management [10]. That makes it vulnerable to brute force attack. Secret sharing scheme is working in multicast group where a number of users are sharing sensitive information and trying to perform the complete information confidential [17,21]. Encryption and multicast group communication can be used together to improve the performance of both. Integrity of the cloud data is to be enhanced by mentioned technique.

BACKGROUND 3.1. Secret sharing algorithm
Secret sharing scheme (SSS) is used when we want to divide our key into number of persons and we require all of the persons to be together at one place to get the unlock [16,22]. There is variant of secret sharing called Threshold secret sharing integers [17]. We present the list of steps of the secret sharing scheme in Algorithm 1.

Algorithm 1 Secret Sharing Scheme (SSS) Algorithm
2. D secretly and randomly selects t − 1 elements p 2 , . . . , p t of the field F .

D calculate the shares
4. When different parties want to compute secret, they interpolate and compute S using Lagrange interpolation mechanism:

Limitations of SSS
There is no provision applied for verifying integrity at each participating virtual machine. If threshold value is very low then security can be breached, if threshold value is high then computational complexity of overall system is will be increased. In classical secret sharing, shares are not produced randomly with time. No default encryption scheme is applied with the algorithm; it has to be embedded with any of the encryption technique [17,21,23].

Entropy calculation
Low entropy means that our source probably is not really random. In particular, if we have a random variable X that takes on values x 1 , x 2 , . . . , x n with probabilities p(x 1 ), p(x 2 ), . . . , p(x n ) respectively, then the entropy of X is: This value is maximized when all of the probabilities are the same. If we have 2 n different symbols, that maximum value will be n bits of entropy per symbol. That is the theoretical maximum level of entropy that we can get.

PROPOSED MODEL
AES is a widely adopted, highly efficient and secure encryption algorithm, used in cloud communication encryption [8,11,18]. In our proposed model, we applied AES technique and modified it to secure the cloud communication. We generalized the steps of AES encryption algorithm as follows: (a) Generate the number of rounds from the cipher key length (b) Initialize an array with data blocks i.e plain text (c) Add the first round key to initial state of array (d) Implement nine rounds of state manipulation (e) Perform last and second last round of state manipulation (f) Use final state array as encrypted data Set (cipher text).
We will now present two set of procedures that will elaborate the steps of our proposed model. At first, we will present the system setup process, followed by introducing the modified integrity enhancement module.

Phase 1: System setup
In the first phase, we present the system setup steps that contain the process of how to convert an input message to the corresponding hexadecimal form and how we apply polynomial interpolation process to generate number of shared for each virtual machine [24,25]. The system setup steps are listed in Algorithm 2.

Phase 2: Integrity enhancement module
In phase 2, we represent the integrity enhancement module of our proposed system for each participating virtual machine. We applied the proposed module to enhance the adaptability of default encryption techniques. We present the basic steps of the integrity enhancement module in Algorithm 3.

PROPOSED CLIENT-SERVER ARCHITECTURE
In this section, we will discuss the client-server architecture that we have integrated into our proposed model. The proposed client-server architecture is presented in Figure 2. machine. Following the request from the client, the CSP acknowledges the client and grants access of the virtual machine of the cloud by providing user login and authentication code information. These secret information are generated randomly. After obtaining access, clients transfer plain text to Virtual machine. (b) Virtual machine (VM):-At this stage, high level of security is required for the data stored in the cloud sent from the client. In spite of the CSP being trustworthy, an efficient key encryption method is applied for securing the data that is stored in the private area of cloud. After encryption is adopted, the encrypted stream of data is passed to the CSP. (c) Cloud Service Provider: CSP passes the all data to TPA for storage. Here TPA is working as secured storage system by providing a transparent method for ensuring trust between the data owner (client) and the cloud server. This will not only help the clients to evaluate the risk of their subscribed service of the cloud server, but also will benefit the CSP to improve their cloud based service platform. (d) TPA: Stores all encrypted data

6.
SYSTEM FLOW OF PROPOSED ALGORITHM In the above section we discussed the problem of integrity in cloud environment and proposed two different algorithms that are working as the basic model of the proposed system. We designed an optimized integrity verification algorithm with variant of both. We ensured effective security by converting the input message to corresponding hexadecimal form and applied efficient polynomial interpolation process. Our proposed module also ensures integrity enhancement and verification for each individual virtual machines. The advantage of this scheme can be viewed in terms of achieving more security because of use of random function, reducing the length of the code using Huffman technique and finally ensuring transfer of long message between communicating parties using simple polynomial interpolation calculations.
The proposed technique is working on increasing the strength of shares for secured distribution and construction. System is completely working on attack proof model. Strength of encryption data calculated is approximately 7.9. That is the maximum calculated results achieved till now. We present the flow of our proposed system in Figure 3.

RESULTS AND DISCUSSION
In this section, we present the experimental results on our proposed system and discuss our findings accordingly. Here is the compilation of the basic or standard approach 6.47 out of 8 and in the designed optimized approach it's approximately 7.9. The screenshots of the entropy calculation by the standard AES and the polynomial AES are shown in Figure 4 and Figure 5 respectively. We present the comparison between the standard AES and the polynomial AES in Table 1. Our proposed system upgrade the entropy of AES with a variant of SSS in the cloud simulator environment. The standard AES algorithm showed entropy value of 6.47. In computing, a lack or lower of entropy can have a negative impact on performance and security. However, the proposed designed optimized approach gave entropy value of 7.94, which means improved performance and enhanced security in the cloud computing. Therefore, the AES-poly 1305 performance is improved by 22% than the standard AES algorithm.

CONCLUSION
In this paper, we presented a model that effectively address the issue of the data loss on cloud in case of dealing with storing personal data which is not transparent to users.We introduce a new entity in terms of a virtual machine that provides services and assurance beyond service level agreement (SLA). In the proposed model, a role of data handling and security is assured with association of third party auditor (TPA) by the virtual machine. We further demonstrate the applied technique for encryption, decryption and integrity verification modules. We also upgrade the entropy of the advanced encryption standard (AES) with a variant of secret sharing scheme in the environment of cloud simulator. Experimental results suggested that the proposed model has a great potential in addressing complicated security issues on the cloud.