An Enhanced Secure, Robust and Efficient Crypto Scheme for Ensuring Data Privacy in Public Cloud Using Obfuscation & Encryption

Cloud Computing is an emerging technology, and every organization wants to adopt this technology these days. It is cost-effective and simple to use. The user pays as he uses cloud resources [1]. Significant beneficiaries are smaller enterprises and individual professionals who develop applications without having huge investments. It is affordable as pays for what he uses. This technology mainly works with three modules. One is cloud service provider [2], who places the data or resources into the cloud. The second module is cloud service consumer who accesses the resources necessary from cloud. And the third module is a web interface through which cloud users can place the resources in the cloud or access the services of the cloud [3]. These services can be categorized as Software as a Service (SaaS), Infrastructure as a Service (IaaS), Application as a Service (AaaS), and Platform as a Service (PaaS). These services will be deployed in three models, such as through Public Cloud, Private Cloud, and Hybrid Cloud [4]. The cloud technology has the following features: pay-as-you-go, flexibility, auto-scaling, elasticity, etc. According to pay-as-you-go, the billing process is done based on the amount of utilization of the resources. This feature is playing vital role in the rise of cloud computing technology [5].

In spite of having such greater features, it comes up with security issues [6]. The security issues are related to information security [7], network security, infrastructure security, confidentiality, availability [8, 9]. The major research work focused on providing security to data in the cloud from being accessed by illegitimate users [10]. This is known as information security or data security which is the subject of our work [11]. Providing protection to data while it is moving in the network from being attacked by the third party is known as network security. Information that is stored in cloud, should be kept confidential according to the requirements of the cloud user. Cloud computing still not guaranteed information security [12, 13]. Because of such problems in security, this technology is far away from the banking field. Data that is stored/shared in the cloud typically include customer transaction information, customer preferences/feedback/survey feedback, and patients' health information, etc. Hence, applications in cloud computing research typically require effective techniques/algorithms to preserve the privacy of cloud user's confidential information. These techniques/algorithms should work effectively by properly processing, testing and validating the large amounts of data. Real life data that contains sensitive information is more desirable for verifying the performance of these algorithms and techniques.

Effective techniques and algorithms must be introduced to preserve the privacy of such customer transaction information before it is made public or otherwise disseminated [14]. Some techniques work in way that does not allow the illegitimate user to capture the confidential information of authorized users but retains the readability of document [15]. Other techniques include cryptography, which converts the data into some other form that can't be read and understand by anyone unless it is converted into its original form [16, 17]. In the first case, though it does not provides actual information, there is still a possibility of data breach since it allows data readability. In the second case, though it does not enable the readability, there is a possibility that third person can decrypt the data and use it. Hence, techniques should be designed such that no sensitive information is exposed to the illegitimate user, but enough information should be retained for end user to perform other analytical and processing applications on the data [18-20].

In the proposed work was designed and implemented a scheme for preserving the privacy of customer transaction information. Ours protects the data at two levels by preserving privacy at each level. At the first level, it replaces the original information with dummy information, allowsthe readability of the document and it is possible to recreate the original document. Preserving readability of document has few advantages: (i) when third party (illegitimate user) access get access to document, he can't conclude which data is original and which is replaced, (ii) since enough information available, we can perform analytical and processing application on document. At the second level it converts the sensitive information into cipher form to prevent readability. It primarily works on numerical data of customer transaction information and experimental results show that it yields effective results.

The overview of this paper is as follows. Section II describes the related works on ensuring data security. Section III explains the working of the proposed algorithm. Section IV provides experiments with proposed algorithm with sample data. Section V ends in the conclusion.

The proposed scheme aims at securing the customer transaction information that has been shared through the public cloud. It preserves the privacy of the customer's sensitive data. It primarily works on numerical data so that processing time could be reduced to a significant level when compared with existing techniques that work on entire document. It secures data at two levels: At first level it replaces the original information with dummy information, allows readability of the document and it is possible to generate the original document. Preserving readability of document has few advantages: (i) when third party (illegitimate user) get access to document, he can't conclude which data is original and which is replaced, (ii) since enough information available, we can perform analytical and processing application on document. At the second level it converts the sensitive information into cipher form to prevent readability [25]. Figure 1 shows the detailed structure of proposed scheme.

1.png

2.png

Figure 2. Modules of the proposed scheme

3.png

Figure 3. Transforming the original document into cipher

4.png

Figure 4. Transforming the cipher document into original

3.2 Detailed workflow of modules

The below Figure 5 & Figure 6 show the detailed flow of modules that works to create a cipher document and recreates the original document from the cipher.

5.png

Figure 5. Process of generating value table

In Figure 5, the Obfuscator module after receiving the document (D) from the customer a.0s an input, parses the document to identify the numeric entities in each tuple, which is found to be more sensitive in customer transaction information (example: account number, pin number, one-time passwords, etc.).

Input $\rightarrow$ document $(D)$ with 'n'  no. of tuples $(t), D=$ $\{t 1, t 2, \ldots t n\}$

Identify a numeric entity set $(E)$ in each tuple. $E=$ $\{e 1, e 2 \ldots e n\}$

$f(E)=\sum_{t=1}^{n} \sum_{l=1}^{l-1} x=n \forall x \in\{0,1,2, \ldots .9\}$    (1)

It identifies entities in each tuple using above Eq. (1), and generates obfuscated value for each entity. Then it replaces the value with obfuscated value using Eq. (2). The generation of obfuscated values for each entity is done as follows.

Step 1: User request $R=\{M a c I D+I P+\text {Time stamp }\}$

Step 2: Service provider generates values table from user request $V T=\{0,1,2 \ldots .9\}$

Step 3: Assign index $I=\{0,1,2, \ldots .9\}$

Step 4: For each digit in the entity, look for index equal to the digit and replace with its corresponding value.

If there is an entity "3719" in the document then the corresponding obfuscated value would be "8427".

6.png

Figure 6. Process of generating dummy value

Look for the next entity, if it exist it repeats the same process else it outputs the obfuscated document (D') and sends it to the cryptanalysis module, which further encrypts and decrypts the document for more security.

$f(O)=\sum_{t=1}^{n} \sum_{l=1}^{l-1} \quad \forall \mathrm{x} \rightarrow \mathrm{x}^{\prime},$ where $x^{\prime}=\left\{e^{\prime} 1, e^{\prime} 2, \ldots e^{\prime} n\right\}$   (2)

Output $\rightarrow$ Obfuscated document $\left(D^{\prime}\right)$ with $^{\prime} n^{\prime}$ no. of tuples $\left(t^{\prime}\right)$ $D^{\prime}=\left\{t^{\prime} 1, t^{\prime} 2 \ldots . t^{\prime} n\right\}$

In Figure 6, when it receives the obfuscated document (D') as input from the cryptanalysis module, it recreates the original document (D) by substituting the obfuscated entities with original entities (de-obfuscation) in value table using Eq. (3). The flow is as follows. After receiving document, it parses the document for entities, replaces it with its original value in the value table. Look for next entity, if exists repeat the same process, else completes the de-obfuscation process and sends the original document (D) to customer. Example of obfuscation/de-obfuscation of a given document is given in Figure 7.

7.png

Input $\rightarrow$ Obfuscated document $\left(D^{\prime}\right)$ with 'n' no. of tuples ( $t^{\prime}$ ). $D^{\prime}=\left\{t^{\prime} 1, t^{\prime} 2 \ldots . t^{\prime} n\right\}$

Identify the mumeric entity set $\left(E^{\prime}\right)$ in each tuple. $E^{\prime}=$ $\left\{e^{\prime} 1, e^{\prime} 2 \ldots e^{\prime} n\right\}$

$f\left(O^{\prime}\right)=\sum_{t=1}^{n} \sum_{l=1}^{l-1} \quad \forall x^{\prime} \rightarrow x,$ where $x=\{e 1, e 2, \ldots e n\}$   (3)

The cryptanalysis module receives the obfuscated document as input and identifies the numeric entities in each tuple using Eq. (1). It generates a random key1 (K₁) and multiplies the K with all entities identified using Eq. (4).

$f(K E)=\sum_{e=1}^{n} \mathrm{e} * \mathrm{K}_{1}, \forall \mathrm{K} \in \mathrm{N}$        (4)

Next, it computes the square value (SQ_i) of all multiplied values (KEs) using Eq. (5).

$f(S Q)=\sum_{k e=1}^{n} K E * K E$        (5)

Then it generates random key K₂ and rotates the square values from right to left with the number of K₂ times. And K₂ is incremented by one for consecutive values in SQ(i), K+i, where i=1,2,3,…n. And find the modulus of each rotated square value using Eq. 6. Finally, compute the ASCII value of each modulus which will be in the form of cipher. Figure 8 shows the example of encrypted form of given document.

$f(M o d)=\sum_{r s q=1}^{n} R S Q \% 256$       (6)

For the decryption, it performs the steps in reverse order to convert the entities from cipher form to plain form. The below algorithm shows how information scrambled/replaced with dummy information, and encryption & decryption process.

8.jpg

Figure 8. Example of the encrypted document

3.3 Proposed algorithm

1. Input: Document (D) with 'n' no. of tuples (t).

$D=\{t 1, t 2, \ldots t n\}$

2. Output: Document (D^e) with ciphertext CT

3. Start

//Input the original document (D)

4. Input $\rightarrow D, D=\left\{t_{1}, t_{2}, \ldots t_{n}\right\}$

 // Identify numeric entity set (E) in each tuple.

$E=\{e 1, e 2 \ldots e n\}$

5. $f(E)=\sum_{t=1}^{n} \sum_{l=1}^{l-1} x=n \forall x \in\{0,1,2, \ldots 9\}$

// Obfuscate the document $\left(D^{\prime}\right), D^{\prime}=\left\{t^{\prime} 1, t^{\prime} 2 \ldots . . t^{\prime} n\right\}$.

6.  $f(O)=\sum_{t=1}^{n} \sum_{l=1}^{l-1} \quad \forall x \rightarrow x^{\prime}$,

where $x^{\prime}=\left\{e^{\prime} 1, e^{\prime} 2, \ldots e^{\prime} n\right\}$

// Output the obfuscated document (D')

7. Output $\rightarrow D^{\prime}, D^{\prime}=\left\{t^{\prime} 1, t^{\prime} 2 \ldots . t^{\prime} n\right\}$

8. Generate a key $K 1,$ where $K 1 \in N=\{0,1,2 \ldots\}$

//Multiply K1 with all numeric entities

9. $f(K E)=\sum_{e=1}^{n} \mathrm{e} * \mathrm{K}_{1}, \forall \mathrm{K} \in \mathrm{N}$

 // Compute the square value of $K E$

10. $f(S Q)=\sum_{k e=1}^{n} K E * K E$

11. Generate the another key K2, where $K2 \in N$

$=\{0,1,2 \ldots\}$

//Rotate the SQ from left to right K2 times by incrementing $K 2$ by 1 each time

12. $f(R T)=\operatorname{Rotate}(S Q(i), K 2+i)$

where $i=1,2 \ldots<=N$

// Compute the modulus of $f(R T)$ by dividing with 256

13. $f(M o d)=\sum_{r s q=1}^{n} R S Q \% 256$

// Convert the f(Mod) into ASCII values

14. $C T(i)=A S C I I(f(M o d))$

15. $C T=$ cipher Text

16. End