2021 5th International Conference on Information Systems and Computer Networks (ISCON)

GLA University, Mathura, India. Oct 22-23, 2021

Secure File Storage on Cloud using Hybrid

Cryptography
Vivek Sharma1, Abhishek Chauhan2, Harsh Saxena3, Shubham Mishra4, Sulabh Bansal5
1
Assistant Professor, GLA University, Mathura(UP), India.
2021 5th International Conference on Information Systems and Computer Networks (ISCON) | 978-1-6654-0341-2/21/$31.00 ©2021 IEEE | DOI: 10.1109/ISCON52037.2021.9702323

2,3,4,5
Student, GLA University, Mathura(UP), India.
{viveksharma.cea , abhishek.chauhan_ccv172, harsh.saxena_ccv173, shubham.mishra_ccv174, [email protected]}
1

Abstract- In recent years, Cloud Computing has played a vital could be compromised or hacked. So the data should be
role in the field of computing. It has revolutionized how protected from any kind of malicious attacks. Also because of
computing is used in the industry from first setting up the huge size of datacenter and cruciality of data stored in these
infrastructure and then using it to just spinning up the resources data center it’s not only demand for high security high security
as needed from different cloud vendors. It is also used in with fast-processing and resource efficient algorithm is also
different industries for various services and storage of data. The required hybrid cryptography[3] solutions could be the solution
data stored on the cloud can be retrieved as per the user's for both of these.
request but the concern of many users is the security of their
data. This Security issue that most of the users are concerned To deal with such security concern, we have introduced a
about can be resolved by the techniques such as steganography Secure File Storage on Cloud using Hybrid Cryptography. In
and cryptography. Cryptographic techniques such as DES and this proposed system we are using multiple symmetric
AES are used in order to provide Security to the data but using a cryptographic algorithms [4]. The data is divided into three
single technique sometimes doesn’t provide high-level security. parts and then encrypted and decrypted using 3DES (Triple
So here we have focused on introducing a hybrid cryptographic Data Encryption)[5] and Blowfish algorithms[6] in order to
mechanism that involves multiple techniques to encrypt and provide security to the data.
decrypt the data. In this proposed system 3DES (Triple Data
Encryption Standard) and Blowfish algorithms are used to II. RELATEDWORK
provide security. Here the encryption is divided into three parts.
Each part is encrypted with different encryption algorithms and To enhance the security of data various work has been done
decrypted using the different keys when required. This system of till yet. Multiple algorithms and multiple implementations have
encryption and decryption guarantees better security of data to been done. Some are in working phase and some
the users by storing encrypted data on a single cloud server, implementation was failed.
using 3DES and Blowfish.
In this section we will discuss the previous work done by
Keywords: Cloud Computing, Data Encryption Algorithm, the researchers in the field of enhancements in security models
Blowfish, Hybrid Cryptography, Cryptography. of data.
A. Vimercati presented a method wherein the clearance
I. INTRODUCTION was converged with cryptographic algorithms, and the
Technological world is growing at a surreal rate than ever encoded information was then transmitted to the
before and the inventions and discoveries are making the lives Private or Public Cloud. The BEL (Base Encryption
of the peoples easier than ever. And with the new Layer) was being used in model with the intention of
advancements comes new challenges and one of the major keeping cloud information stable, and the SEL (surface
challenges that most of the people’s faces is the security of encryption layer), also known as the Over-Encryption
their data that is present online. This challenge is also there Layer[7], was implemented to the encoded layers of
when the peoples store their data online on cloud servers. It can sent out information. Clients is required to have
be solved with the help of cryptography[1]. decoding keys SEL unscrambling key and BEL
decoding keys in this model for modifying the entrance
Cryptography is a method of converting ordinary plain text
of any client or for any changes to information the
into unintelligible text and vice-versa. The term is derived from
interaction of over-encryption is done on said
the Greek work kryptos, which means hidden. By these
information this strategy isn't free from agreement.
Cryptographic techniques only the legitimate users can access
the information or the data using the keys from the cloud B. Wang suggested a Secure Cloud Storage [8] Scheme
servers. The reason behind the use of cryptography is to model for (owner write - clients read). In this model,
maintain the confidentiality and authenticity of the data and the owner trades a large amount of encrypted data to a
prevent the data from hackers or any third party users. distributed storage system, and each data block is
encoded with different keys.
In Cloud Computing[2], the major concern is the security
of the data of the users. The data stored online can be highly
sensitive and confidential and without proper security the data

978-1-6654-0341-2/21/$31.00 ©2021 IEEE 1

Authorized licensed use limited to: SASTRA. Downloaded on March 05,2024 at 11:30:34 UTC from IEEE Xplore. Restrictions apply.
 Whenever there is a request to the data Owner from designed for this approach As a result no serious flaws have
user that time Owner issue access certificate to the end been removed it is these days offering cryptosystem that is
user. User use that certificate and Go for a verification ranging towards the net protocol.
process. In this process cloud service provider verify
the access certificate of User. The reason for weakness or we can say 3 des suffers a lot
because it is linked with small ,64 bit block-Size that is size of
The cloud expert company then applies over- plaintext that could be treated and encrypted by 3 des.
encryption to the information using a one-time key
code phrase and sends it to the customer. If any cloud Common mode (operation-cbc) here plain-text is xored
expert co-op refuses to execute over- encryption, the with previous cipher text(text before encryption.)
data owner has the option of using Lazy Revocation Vulnerability in 3 DES
Technique [9]. This model is appropriate for a mobile
customer, but the owner of this building must be online If lots of data is been encrypted and if you get the same xor
all of the time to have access authentication to the last text for two corresponding block-plain text so here we will get
customer. same cipher twice then it could be analyzed and might got
broken. Even If one of the plain-text can be guessed or
C. An efficient model in which most of the problems of decrypted by the attacker .he can easily calculate second cipher
key management [10] were solved was proposed by even if he could not break the layers of secured cypher then to
Attallah. This scheme is secure but this is not scalable. we should go for non- random plain- text it enhances the
For instance - security of data that has been encrypted
For an upper request security class hub v tries to derive Bar- lowering:
the key of a lower request security class hub w within a
related analogy substitution row, the computation time NIST recommendation is to lower the limit before the
for the hub v is O(d), where d is the distance 4between process of re- encryption with 2²ͼevery block is of 8 bytes so it
hubs v and w. This means that hub v is unable to results 8*2²ͼ which will be 8 kilobytes and it is to small that’s
determine the key of hub w in a straight forward the only reason it is not advisable by NIST to use 3 des in
manner. network protocols like IPsec and TLs.

D. Yu et al., as well as Sahai et al., designed a reversible Pycrypto [13] - It is a python library and cryptographic tool
distributed storage plot that supported ABE (Attribute that can be used by users to convert plain text to accustomed
based for the most part Encryption)[11]. In the fact that cipher. Python users can use this facility of python by using it
most ABE-based plots grant no fine-grained access to they can hide cypher or hash documents, images ,any kind of
executives, the vital keys of the clients are protected in data coming with any source . The language extension of
these plans, and the cipher text grows proportionately python with the collaboration of C/C++ is known as cython
with the number of relevant attributes. and with java it is known as Jython. Python is associate
interpreter language with economical arrangement.
E. Chen et al. successfully proposed a secure distributed
storage topic[12] that followed the Bell- LaPadula PyCrypto Toolkit: Python cryptographic Toolkit is
security paradigm and included a client repudiation describing the various cryptographic modules used for
function. Clients can now transfer their own linguistic communication through python.
information to the pooled storage, and clients can The Pycrypto toolkit provides stable and reliable
search and write access for anyone. However, a client architecture to perform cryptographic operation via python
with a higher request security classification should be programs.
able to deduce the key of any client with a lower
request security classification with O ( d ) Some cryptographic functions provided by python toolkit
complication, where d is the gap (hub tally) between are
two clients UN offices that are part of the same 1. Crypto Hash : Hash Functions: Hash functions are
archetype substitution chain. This means that once the responsible for checking of signature or keys
relevant clients are in a long archetype substitution .,implementing digital signature and associations with
chain, the subject's main induction scheme has a public keys system like SHA12,SHA256, MD2 and
quantifiability drawback. MD5 etc. these were the common examples of crypto
III. ALGORITHM graphical Hash functions.
The idea behind the development of triple DES was to 2. Crypto Cipher: The operations on the cryptography
overcome the flaws observed in DES. Instead of going with algorithms are to rework on the users input data might
complete new cryptosystem there was extension in the key size be plaintext or images depending upon the on key size
of DES algorithm. In 3 DES the key size of DES is increased or key length associated for degreed production of
by applying the algorithmic rule thrice with different keys . cipher-text in an output . Crypto. Cipher package also
provide the accessibility AES, DES, CAST , ARC4
In 3DES the combined key size is 168 bits (3*56=168) but area unit.
with the respect of brute force attack technique Triple DES has
some scopic point of suspicion and original design was never Vulnerability of pycrypto -

2
Authorized licensed use limited to: SASTRA. Downloaded on March 05,2024 at 11:30:34 UTC from IEEE Xplore. Restrictions apply.
 When it comes for heap based Algorithm new function in
the block template with buffer overflow pycrypto found to be
vulnerable. Remote attackers are allowed for execution of
arbitrary function pycrypto never release a solution of it .
Solution for this is pycrypto dome it could be the drop in
solution for the threat of execution of arbitrary function by
Remote attackers.
Fernet [14] – Python supports a lot of cryptography
packages which helps in order to encrypt and decrypt the
data. Fernet is a module of the cryptographic package which
has inbuilt functions for generating the key, encrypting the
plaintext into ciphered text, and also for decrypting the Fig. 1. Data Flow in Proposed Model
ciphered text into plaintext using the encrypt and decrypt
methods respectively. This module also guarantees that the with at the encoded plot expert. In three phases, we fully
data which is encrypted using it cannot be anymore reflect the game plan passed on to the cloud:
manipulated or read without the key. 1. Identification Phase
There a number of methods which is used to perform 2. Uploading Phase
different functionality of the fernet module Generate_key() ,
encrypt(data), decrypt() are some of the functions which 3. Accessing Phase
helps us to perform different functions.
To set up the cloud state, we used the Open Nebula stash
Block Cipher [15] -Block cipher is an encryption method. We have one front position point in Open Nebula and
algorithm which is used to divide the text into individual n focuses on gathering. The VM's are seen from the front view
blocks of equal size (e.g., sixty four or 128 bits), and encrypts emphasizing that the associated community focus point
every block many times using a similar key-dependent Transparent Nebula was seen with the ultimate aim of
transformation. They usually included a brief sequence of licensing bargain for a wide range of hypervisors and
easy operations, known as spherical operate. The first conditions. In Open Nebula, there is a front-end that
spherical takes Associate in Nursing n-bit plaintext block as implements all of the strategy while the pack places provide
input, and therefore the last spherical output the cipher text to the assets needed by VM. There is no shy about whether the
boot every spherical depends on a sub key(or spherical key) frontend focuses on one real structure joining all the social
that springs from a K-bit secret key(this derivation method is event culture.
called the key schedule). Since the receiver should be able to
unambiguously decode the cipher text, the spherical operation A. Identification Phase:
needs to be bijective for any worth of the key. In the enrollment phase, the customer registers himself
recalling a definitive main objective to move and view his
Blowfish Algorithm is an encryption technique that could reports to/from the cloud laborer. The customer sends his
be a bi-radial block cipher which uses Feistel network, advantage to the front focus point in the determination system
iterating easy encoding, and secret writing functions of and in this way, the front focus point allocates the package
sixteen times. every Feistel structure offers numerous place VM, which has the least potential to the customer and
blessings, particularly in hardware within the secret writing plenty of other VMs on the structure. The participant is
method of the cipher text, the sole demand is to reverse the enlisted with an IP address to glance at the VM around the
key schedule. The BA are often divided into key growth and fulfillment of the selection level. At whatever point he again
encoding. The key growth of BA begins with the P-array and gives his advantage, the interest in taking a gander at VM is
S- boxes with the utilization of several sub-keys, that needs exchanged. At his handpicked VM, the blended chronicles,
pre-computation before knowledge encoding or secret encoded blowfish keys, open SRNN keys are dealt with.
writing. The P-array includes eighteen 32-bit sub-keys: P1,
P2… P18. In this section a most key of 448 bits is born-again B. Uploading Phase:
into many sub-key arrays of up to a complete of 4168 bytes. The phases in the Transfer Process are as follows:
There area unit 256 entries for every of the four 32-bit S-
boxes: S1,0, S1,1,..., S1,255 S2,0, S2,1,..., S2,255 S3,0, Step 1: To affirm itself, the client will submit a request to
S3,1,..., S3,255 S4,0, S4,1,..., S4,255 the front focus.

IV. PROPOSED MODEL Step 2: The front end which transfers the contrasting IP
address of the VM against which the user has been enrolled
The above hybrid cryptographic algorithm is sent to the upon clear clarification.
cloud with a clear ultimate goal of ensuring cloud information
security. At any point, we comprehend cloud instances as Step 3: The documents are transferred to the enrolled
trusted with a relevant considerations aim to imagine staff by the customer (VM).
changing/abuse of information by gatecrasher or spillage of Step 4: Using the combination cryptosystem, the
information or other security issues, the information is dealt encryption of transferred documents is completed.

3
Authorized licensed use limited to: SASTRA. Downloaded on March 05,2024 at 11:30:34 UTC from IEEE Xplore. Restrictions apply.
Fig. 2. System Design
Fig. 3. Uploading a file
Step 5: In VM's data store, the encoded cuts and Blowfish
mixed keys remain set aside. 2. After successfully uploading a file we need to
download the key which is generated upon uploading a
Step 6: The SRNN secret key are finally shipped off
file and using which the encryption and decryption of
customer they are eradicated shape the worker with the goal
the plaintext into the cipher text will happen. It is done
of elite the checked customer being able to see his moved
using the different cryptographic packages which are
record.
available in python Pycrypto and Fernet is some of the
C. Accessing Phase: packages which helps us in generating the key,
The means in the accessing phase are as follows: encrypting the plaintext and decrypting the ciphered
text back into the plaintext.
Step 1: To verify itself, the client will send the request to
the front hub.
Step 2: On successful authentication, the front ends which
submit the relating IP address of the VM against which client
was enlisted.
Step 3: For the n cuts connected, the customer can pass n
SRNN private keys.
Step 4: The contrast is decoded by the SRNN private keys.
Step 5: In order to build exceptional documents, the
unscrambled files are united.
Step 6: The unscrambled file is downloaded at the end of
the client and viewed.
The ultimate objective of impersonating the proposed
cloud security show, we used Amazon Web Services Stash
Framework. We made one front-place and two pack groups
here. 2 VM’s are submitted to all of the Cluster community. T Fig. 4. Downloading the key
At the time of choosing, the allocation of VM is recognized in
python, which is striking for its self-administration level. The 3. Upon downloading the key, the gets saved into the
mutt cryptosystem is also executed in python and passed on to virtual machine or the local host depending on what we
all of the VM. Various libraries have been used to implement are using. This key is used to encrypt the plaintext
the mutt encryption plan, such as pycrypto, python security. when needed in to the ciphered text and also decrypt
Different kinds of documents were accompanied by the cloud the ciphered text back into the plaintext. The plaintext
protection show: sound, picture, content, word, PDF is first divided multiple parts where each part gets
document. encrypted by multiple keys.

V. IMPLEMENTATION OF PROPOSED MODEL

1. The very first thing to do is to upload the file which
needs to be encrypted using the cryptographic
technique.

4
Authorized licensed use limited to: SASTRA. Downloaded on March 05,2024 at 11:30:34 UTC from IEEE Xplore. Restrictions apply.
 6. After uploading the key in order to restore the file, the
file gets downloaded on to our device which is safe
and free from any manipulation.
VI. CONCLUSION
The security is the main challenge that every person faces
in regard to their data that is present online. So the aim of the
proposed system is to securely store and retrieve data on the
cloud which can be handled and controlled by the data owner.
In this proposed model we are using Hybrid cryptography
where we are using different algorithm for encryption and
different algorithm for decryption to achieve totally secured
system.
Cloud data storage security-related issues are solved using
cryptographic and steganography methods. Data security is
Fig. 5. Key gets saved into the system achieved using 3DES and Blowfish. The proposed system can
have the following benefits:-
4. Preview of the plaintext converted into the cipher text
using the keys generated by different cryptographic a. Data Integrity
technique.
b. High Security
c. Authentication
d. Confidentiality
Less time is used for encryption and decryption process
using multithreading.
Hybrid cryptography algorithm required a high
performance based computational resources and the required
processing power is also vary from input data size thus feature
of scalability is good to have it was hard deal for implementing
this on premises infrastructure but with the help of cloud
computing technique hybrid cryptography is easy to perform in
efficient manner.
After applying various security checks and firewall we can't
say that our firewall can't be breached and our plain-text-data is
Fig. 6. Plaintext into Cipher text
can't accessed. So after applying encryption our data is safe
5. Now in order to decrypt the text back into the plain even it is been breached.
text we need to first select the restore button which In the future, we can enhance it by adding Public Key
will ask to upload the key that was downloaded earlier cryptography to avoid cyber-attacks during data transmission
in order to retrieve the data in form of text or any from client-side to server-side.
format that was uploaded online .
REFERENCES
[1] W. Diffie, M. Hellman, “New directions in cryptography”, IEEE
Transactions on Information Theory ( Volume: 22, Issue: 6, Nov 1976).
[2] Peter Mel and Tim Grace, “The NIST Definition of Cloud Computing”,
NIST, 2010.
[3] A. K. Shahade, V.S. Mahalle, “Enhancing the Data Security in Cloud by
Implementing Hybrid(Rsa&Aes) Encryption Algorithm”, IEEE, INPAC,
pp 146-149, Oct 2014.
[4] Sourabh Chandra, Siddhartha Bhattacharyya, SmitaPaira,
SkSafikulAlam, “A study and analysis on symmetric Cryptography ”,
IEEE, 2014 International Conference on Science Engineering and
Management Research (ICSEMR).
[5] D. Coppersmith, D.B Johnson, S.M Matyas, “A Proposed model for
triple-DES encryption”, IBM, IBM Journal of Research and
Development ( Volume: 40, Issue: 2, March 1996).
Fig. 7. Retrieving the data present online
[6] Ashwak Alabaichi; Faudziah Ahmad; Ramlan Mahmod, “Security
analysis of Blowfish algorithm”, IEEE, 2013 Second International
Conference on Informatics & Applications (ICIA).

5
Authorized licensed use limited to: SASTRA. Downloaded on March 05,2024 at 11:30:34 UTC from IEEE Xplore. Restrictions apply.
[7] Sabrina De Capitani di Vimercati, Sara Foresti, Sushil Jajodia, “Over- [11] John Bethencourt; AmitSahai; Brent Waters, “Ciphertext-Policy
encryption: Management of Access Control Evolution on Outsourced Attribute-Based Encryption”, 2007 IEEE Symposium on Security and
Data”, VLDB ‘07, September 23-28, 2007, Vienna, Austria. Privacy (SP '07).
[8] Rongmao Chen; Yi Mu; Guomin Yang; Fuchun Guo; Xiaofen Wang, [12] Qinlu He; Zhanhuai Li; Xiao Zhang, “Study on Cloud Storage System
“Dual-Server Public-Key Encryption With Keyword Search for Secure Based on Distributed Storage Systems”, 2010 International Conference
Cloud Storage”, IEEE Transactions on Information Forensics and on Computational and Information Sciences.
Security ( Volume: 11, Issue: 4, April 2016). [13] Dr. S. Vidhya, “Network Security using Python”, 2018 IJSRSET |
[9] M. Backes; C. Cachin; A. Oprea, “Lazy revocation in cryptographic file Volume 4 | Issue 4.
systems”, Third IEEE International Security in Storage Workshop [14] SakshiAgarwal , P K Bharti , Rajesh Kumar Pathak, “Implementation of
(SISW'05). DES Algorithm in Python”, International Journal of Science and
[10] Ivan Damgård Thomas P. Jakobsen Jesper Buus Nielsen Jakob I. Pagter, Research (IJSR), 2018.
“Secure Key Management in the Cloud”, Cryptography and Coding, [15] Joan DaemenVincentRijmen, “The Block Cipher Rijndael”, Smart Card
2013, Volume 8308. Research and Applications, 2000, Volume 1820.

6
Authorized licensed use limited to: SASTRA. Downloaded on March 05,2024 at 11:30:34 UTC from IEEE Xplore. Restrictions apply.