2014 IEEE Conference on Systems, Process and Control (ICSPC 2014), 12 - 14 December 2014, Kuala Lumpur, Malaysia

A Framework Based on RSA and AES Encryption

Algorithms for Cloud Computing Services
Nasrin Khanezaei Zurina Mohd Hanapi2
Faculty of Computer Science and Information Technology Faculty of Computer Science and Information Technology
University Putra Malaysia (U.P.M.) University Putra Malaysia (U.P.M.)
Selangor, Malaysia Selangor, Malaysia
nasrin.khanzaei@gmail.com zurinamh@upm.edu.my

Abstract— Cloud computing is an emerging computing model are aligned within the CIA triad that is Confidentiality,
in which resources of the computing communications are Integrity and Availability [1].
provided as services over the Internet. Privacy and security of
cloud storage services are very important and become a challenge • Confidentiality, described as the assurance that data is be
in cloud computing due to loss of control over data and its kept secret.
dependence on the cloud computing provider. While there is a
huge amount of transferring data in cloud system, the risk of • Integrity, which refers to the inability to alter or destroy
accessing data by attackers raises. Considering the problem of data by accident or malfeasance.
building a secure cloud storage service, current scheme is
proposed which is based on combination of RSA and AES • Availability, which is the ability to access that data
encryption methods to share the data among users in a secure whenever it is needed [2].
cloud system. The proposed method allows providing difficulty
Hence there is a need for a mechanism to handle the
for attackers as well as reducing the time of information
transmission between user and cloud data storage. security issues. In this paper, a framework has been proposed
by using cryptography encryption algorithm RSA and AES
Index Terms — Cloud Computing, Data Security, encrypted methods to ensure the security of users’ data in the
Cryptography, RSA, AES. cloud.
The Rest of this work is organized as follows:
background of securing cloud computing specially cloud
I. INTRODUCTION storage services has been reviewed in section II. The
Cloud computing is an emerging computing model and proposed model is given in section III. The 4th section,
highly demanded advanced technology throughout the world proposed method has been discussed via implementation
in which resources of the computing communications are together with benefits and limitations of using current
provided as services over the Internet. It provides a cheaper approach. The last section, conclude the research and discuss
and better processors, together with the software as a service about future works of this criteria.
(SaaS) computing architecture that transforming data into pool
of computing service on large scale. The increasing network
and flexible network connections make it even possible that II. BACKGROUND
users can now use high quality services from data and
There are many studies and researches performed to
provides remote on data centers.
enhance the security of cloud computing storage and
Storing data into the cloud offers great help to users since environment using encryption techniques and other methods.
they do not need to deal with the complexities of direct However, there has been a slight improvement in the results of
hardware management. Although clouds services provide these works comparing with the rapid growth of cloud
storage more powerful and reliable compared to our personal computing communications. Typically, security models in
computing devices nevertheless it is still open to security cloud-based environments are divided to authentication
threat and risk since user depend solely to cloud service models such as [3], data protection models such as [4], and
providers (CSP) to handle their data. access management models such as [5].
In cloud storage services, data protection is regards as Using a combination of cryptography encryption
critical issue within cloud computing environment. The algorithms such as RSA and AES is one of the possible
flexibility to gain access to data anywhere in the world as long protection solutions for securing cloud storage services.
the users has the technologies and ways to access it has raises
Kamara et al. [6] introduced a secure cloud storage for
serious security concern. The basic types of security concern
enterprise and personal purposes by using non-standard

978-1-4799-6106-1/14/$31.00 ©2014 IEEE 58

 2014 IEEE Conference on Systems, Process and Control (ICSPC 2014), 12 - 14 December 2014, Kuala Lumpur, Malaysia

encryption techniques such as attributed-encryption and remote data. The method using RSA a public key
searchable encryption. Using this technique at first the data cryptography to provide strong security that can ensure the
will be indexed then it will be encrypted using symmetric data storage correctness and also identification of misbehaving
algorithms (AES) with a unique key. Then the unique key and server with high probability. Vairagade et al. [11] introduced a
index are encrypted by attribute-encryption scheme and method using RSA algorithm to provide data storage and
searchable encryption. Chow et al. [7] has also proposed a security of the data in cloud computing system. The method
secure cloud storage system by the properties of data origin also supports security services including key generation,
and supporting the dynamic users by the terms of encryption and decryption that are provided in cloud
cryptography. This model also supports the traceability, computing system.
confidentiality, and anonymity.
Fatemi Moghaddam et al. [8] presented an efficient and
scalable user authentication scheme in 2014. In the suggested
model, various tools and techniques were introduced and used
by using the concept of agent. Therefore, a client-based user
authentication agent was introduced to confirm identity of the
user in client-side. Furthermore, a cloud-based software-as-a-
service application was used to confirm the process of
authentication for un-registered devices. Moreover, there are
two separate servers for storing authentication and
cryptography resources from main servers to decrease the
dependency of user authentication and encryption processes
from main server. Cryptography agent was also introduced to Fig. 3. Illustration of cloud computing model. (Al-Hasan et al., 2013)
encrypt resources before storing on cloud servers. In overall,
the theoretical analysis of the suggested scheme showed that, AI-Hasan et al. introduced a novel approach in data security
designing this user authentication and access control model for Smartphone in cloud computing architecture. The method
will enhance the reliability and rate of trust in cloud used RSA and DES algorithm to ensure secure communication
computing environments. system and information hiding. The model used for [12] is
shown in Fig. 3. Fatemi Moghaddam et al. [13] compares 6
Zarandioon et al. [9] proposed a user-centric privacy asymmetric key algorithms in cloud computing environment
preserving cryptographic access control protocol which is to investigate functionality and efficiency of each algorithm.
called K2C, key to cloud that used attributed-based encryption The analysis of this comparison was done based on time, key
and signature scheme. The mentioned protocol allows end- size, and security parameters. According to the nature of data
users to store securely, share and manage their personal and encryption service, three factors were considered to choose the
sensitive data in a cloud storage which is untrusted most appropriate data encryption method in client side:
anonymously. The overview of majors participants in K2C are acceleration, accuracy, and security. The key generation
shown below in Fig. 2. process is done in keys cloud server and it was completely
separated from the encryption and decryption process, but the
cryptography processes are done in a client side with limited
processors and memories, and various software.
In overall, the main aim of all researches is to investigate
possible ways to enhance the security of cloud computing
services. Therefore, in this work, a secure framework has been
proposed for more securing confidential tasks being stored in
cloud systems using hybrid of AES and RSA encryption
methods.

III. PROPOSED MODEL

As the most of the proposed solutions and methods for data
encryption in cloud systems are based on symmetric
encryption method, and the key uses in symmetric encryption
Fig. 2. Illustration of majors participants in K2C (Zaranddioon et al., 2012)
method is secret key and it can be stolen by attackers, So the
framework proposed for cloud storage system in this project is
Venkatesh et al. [10] introduced RSA based storage using a combination of asymmetric and symmetric keys with
security (RSASS) technique by improving existing RSA based use of RSA and AES encryption methods to share the data
signature generation to use on the public auditing of the among users in a secure cloud system.

59
 2014 IEEE Conference on Systems, Process and Control (ICSPC 2014), 12 - 14 December 2014, Kuala Lumpur, Malaysia

public key and after that the cloud service generates the
private key (PK),the file identifier (ID), the public key (PB)
and a bid random number (RB). After this, cloud service sends
the created public key and the ID of file to the user. And then,
sender sends the encrypted file and its ID to the system, which
all the process of sending file is encrypted by RSA algorithm.
Encryption by RSA algorithm helps to increase the security of
all processes of file transfer, key exchange and security of
Fig. 1. Cloud storage service architecture. cloud storage service.
The second part of this system is sending file from cloud
A. Model storage system to the receiver. For this purpose, receiver sends
Overview of network architecture for cloud storage service a request for the list of files and then cloud system will send
architecture is illustrated in Fig 1. Two different network the list of files to the user. Here, receiver can choose the file
entities can be identified as follows: he is going to download from the cloud system and after
making the download request, the user sends the name of file
• User: an entity, which is used to retrieve the data from to cloud system and user sends his public key to the system as
cloud server. well. The use of this public key is to encrypt the secret key of
the symmetric encryption algorithm.
• Cloud Server (CS): an entity, which is managed by cloud
service provider (CSP) to provide data storage service and The last part is finding the requested file by cloud storage
has significant storage space and computation resources system (CSS) and then encrypting this file using AES
(differentiate of CS and CSP hereafter is not discussed) encryption algorithm. AES got a secret key which is the RB
[14]. already generated when the cloud was generating the private
key and public key. Then, the cloud storage system encrypts
the RB with the public key which the receiver sent it
B. RSA previously and CSS will send both RB and also the requested
RSA is an asymmetric (or public key) cryptographic file to the user. RSA encryption algorithm is used to encrypt
algorithm invented by Rivest, Shamir and Adleman of MIT. It the RB.
is mostly used over the internet. RSA is capable to support Encrypting the big random number (RB) makes it
encryption and digital signatures. It gives the best security impossible for attackers to attack the file while it is
policy by encrypting the data which is confidential. This is the transferring to the receiver, and attackers cannot see the
reason why the big service providers like Google mail, Yahoo content of the sent packet.
mail etc. are using this algorithm to give their users the
insurance of confidentiality in using their services.
IV. RESULTS AND DISCUSSION
C. AES
In this section, the proposed method has been discussed via
Advanced Encryption Standard (AES) is symmetric
implementation together with benefits and limitations of using
cryptographic algorithm. It is one of the most commonly used
proposed approach.
and most secure encryption algorithms available today. The
algorithm is based on several substitutions, permutations and The proposed method is simulated in .net framework as two
linear transformations. It said that up until today, no different applications which are server and client. The main
practicable attack against AES exists. Thus, governments, process of this work is generating PB, PK which was done by
banks and high security systems around the world are RSA Crypto Service Provider classes and generating RB was
preferred using AES for the encryption standard. done by RNG Crypto Service Provider class.
An overview of the proposed framework is shown in Fig. 4. Also, a single protocol proposed to make a communication
The entities of the system are: Sender, Receiver and Cloud between cloud and the clients which is shown in algorithm 1.
Storage System (CSS). To make the cloud storage service
secure enough, at first, sender requests from cloud system its

60
 2014 IEEE Conference on Systems, Process and Control (ICSPC 2014), 12 - 14 December 2014, Kuala Lumpur, Malaysia

Fig. 4. Framework of secure Cloud Storage System (CSS)

ALGORITHM.1. THE PROCESS OF GENERATING PB, PK AND RB The sent file will be stored in cloud as a RB encrypted,
PB:#344:{PUBLICKEY}:#344:{ID} when a receiver wants to collect this data he can go to “file
There is an index record number of the file which will be list” and download the file from there.
saved on cloud with the file, this works as a digital signature
of the file.
LIST:#344:(ID#FILENAME\N …)
Sending the list of the stored files of cloud to the client.
FILE:#344:{ENCRYPTED_FILE}:#344:{FILENAME}:#34
4:{RB}
Sending the encrypted file and secret key to the client.
CY:#344:{ID}:#344:{FILENAME}:#344:{DATA}
Encrypted file for storing in cloud that sent by client.
FILENAME:#344:{PASSWORD}:#344:{PUBLICKEY}:#34
4:{FILENAME}:#344:{ID}

Requested file by client that is encrypted by AES

symmetric encryption algorithm and using R_B as secret key.
Fig. 5. Captured interface of connectivity.
“:#344:” has been used as a separator between each parts.
A. Benefits
For each file is requested and sent by the user to the cloud
there will be a new record in the database which is including • Secure Transmission of file between users and cloud
this information: ID, PK, PB, filename, and RB. The file • Less chance of finding the symmetric secret key
received by cloud will be stored on the storage service by RB
index. • Using asymmetric encryption algorithm makes it difficult
for attackers to read the files. Even if they have the
To download a file, the user sends its request to cloud, the
PUBLIC KEY
system searches in database first by the requested ID and then
retrieves the RB and then it will find requested file by sending • Less time of transmission because of using symmetric
RB to the storage service if it requires and it is successful, and algorithm
the encrypted file will be decrypted using PK and then again
encrypted by AES encryption algorithm and RB secret key.
By running the program as shown in Fig. 5, it checks the
incoming connections, generating the signature, generating the
session key and verifying the signature. After all it shows the
connectivity of the system that it works properly.
In this experiment, the cloud storage service contains of the
list of files shared between client and server. Fig. 6 is the
storage of system which the user can send the data or file with
“send file”, the experiment parameter for the size of file is
consider not more than 256 bytes for this research, because of
using the RSA encryption algorithm and public key is 2048 bit
and the maximum size that can be encrypted is 256 byte.

61
 2014 IEEE Conference on Systems, Process and Control (ICSPC 2014), 12 - 14 December 2014, Kuala Lumpur, Malaysia

Fig. 6. Captured interface of user. [3] F. Fatemi Moghaddam, N. Khanezaei, S. Manavi, M. Eslami,
and A. Samar, “UAA: User Authentication Agent for Managing
V. CONCLUSION User Identities in Cloud Computing Environments,” in IEEE 5th
Despite the considerable benefits of cloud computing such Control and System Graduate Research Colloquium (ICSGRC),
as reduction of time and energy consumption, there are several 2014, pp. 208–212.
challenges that have affected the reliability and efficiency of [4] S.K. Sood “A Combined Approach to Ensure Data Security in
this newfound technology [15]. Security concerns are the most Cloud Computing,” Journal of Network and Computer
Applications, vol.35, no.6, pp. 1831-1838, 2012.
challenging issues in cloud-based environments that have been
divided to several sub-issues. [5] C. Wang, Q. Wang, K. Ren, and W. Lou, "Ensuring data storage
security in Cloud Computing," in Proc. 17th International
In this paper, the problem of data security in cloud data Workshop on Quality of Service (IWQoS), 2009, Charleston,
storage was investigated, which is essentially a distributed pp.1-9.
storage system. Cryptography technique often used to secure [6] S. Kamara, and K. Lauter, “Cryptographic cloud storage”,
the data transmission and storing between user and cloud Financial Cryptography and Data Security, Springer Berlin
storage services. The focus of this paper was on providing Heidelberg, pp. 136-149, 2010.
secure files transmission between these two entities. [7] S. S. M. Chow, C. Chu, and X Huang,”Dynamic secure cloud
storage with provenance.” Cryptography and Security: from
A combination of asymmetric and symmetric encryption Theory to Applications, LNCS, Springer, pp. 442-464, 2011.
techniques (i.e. RSA and AES encryption methods) was [8] F. Fatemi Moghaddam, S. Gerayeli Moghaddam, S. Rouzbeh, S.
proposed in this approach to achieve the assurances of cloud Kohpayeh Araghi, N. Morad Alibeigi, and S. Dabbaghi
data security. The focus was on RSA encryption to provide Varnosfaderani, “A Scalable and Efficient User Authentication
difficulty for attackers as well as reducing the time of Scheme for Cloud Computing Environments,” in IEEE Region
information transmission by using AES encryption method. 10 Symposium, Kuala Lumpur, Malaysia, 2014, pp. 508–513.
The process of sending the files to the cloud and retrieving the [9] S. Zarandioon, D.D. Yao, and V. Ganapathy, "K2C:
files from the cloud was accomplished by symmetric and Cryptographic cloud storage with lazy revocation and
asymmetric encryption respectively. anonymous access", Security and Privacy in Communication
Networks, Springer Berlin Heidelberg, pp. 59-76, 2012.
The reason of using symmetric encryption in retrieving the [10] M. Venkatesh, M.R. Sumalatha, and C. Selva Kumar,
files from the cloud was because of the key distribution issue. "Improving Public Auditability, Data Possession in Data Storage
On the other hand, it does provide an optimum result because Security for Cloud Computing", Int'l Conf. Recent Trends In
generating asymmetric keys is a time consuming. Information Technology (ICRTIT '12), pp. 463 - 467, April
Consequently, the encryption process becomes double and 2012.
more if there is increment of the file size more than 254 byte. [11] R. S. Vairagade, and N. A. Vairagade,"Cloud Computing Data
Another issue is the number of keys generated for each files. Storage and Security Enhancement", Int'l Journal of Advanced
The number of keys will become triple times for each amount Research in Computer Engineering & Technology (IJARCET),
of files stored in the cloud. Thus can be a big problem to vol. 1, no. 6, pp 145-149, August 2012.
tackle for a large storage system. Moreover, the encryption [12] M. Al-Hasan, K. Deb, and M. O. Rahman, "User-authentication
and decryption process that done twice for each files cause approach for data security between smartphone and cloud", 8th
system overhead. Nevertheless, compared to existing method Int'l Forum on Strategic Technology (IFOST '13) IEEE, vol. 2,
pp. 2-6, 2013.
a hybrid method of encryption such as this is more secure to
use. The mentioned drawbacks must be considered in future [13] F. Fatemi Moghaddam, O. Karimi, and M. T. Alrashdan, “A
Comparative Study of Applying Real-Time Encryption in Cloud
works to enhance the security of cloud computing services.
Computing Environments,” in 2nd International Conference on
Cloud Networking (CloudNet), San Francisco, USA, 2013, pp.
ACKNOWLEDGMENT 185–189.
[14] C. Wang, Q. Wang, K. Ren, N. Cao, and W. Lou, "Toward
This work is supported by the Fundamental Research grant Secure and Dependable Storage Services in Cloud Computing,"
Scheme (FRGS) 08-02-13-1364FR. We acknowledge the IEEE Transactions on Services Computing, vol. 5, no. 2, pp.
220-232, 2012.
assistance and logistical support provided by University Putra
Malaysia (U.P.M.), and Dr. Azizol Abdullah. [15] M. Ahmadi, N. Khanezaei, S. Manavi, F. Fatemi Moghaddam,
and T. Khodadadi, “A Comparative Study of Time Management
and Energy Consumption in Mobile Cloud Computing,” in IEEE
5th Control and System Graduate Research Colloquium
REFERENCES
(ICSGRC), 2014, pp. 199–203.
[1] S. S. Greene, Security policies and procedures: Principles and
practices. Upper Saddle River, N.J.: Pearson Prentice Hall,
2006.
[2] D. P. Gilliam, Managing information technology security risk.
Software Security - Theories and Systems, Springer Berlin
Heidelberg, pp 296-317, 2004.

62