Network Security in Cloud Computing with Elliptic Curve Cryptography

This paper researches on cloud computing based-on authentication for the security verification using Elliptic Curve Digital Signature Algorithm (ECDSA). The study structure simply focuses on the communication interaction of the Cloud providing communities and a pictured Smartphone user. The Elliptic Curve Cryptosystem is envisioned as the basic framework for data transmission security in the paper that proffers solution. We reviewed various literatures on the elliptic curves and applied the cyclic elliptic curve group based-on finite field modulo q. With the theory established, we applied the Elliptic Curve Digital Signature Algorithm as developed by ElGamal to carry out some exemplified computational sequences. The detail of the computational algorithm was done in Mathematica as given by (Jouko, 2011) with no modifications except in its translational interpretation to fit into cloud computing security environment as maybe applied by the cloud providing communities to accelerate and meeting the needs of the users on-demand as a service with embedding security consideration. Our contribution to the cloud computing environment is brought about through computational experimental activities as exemplified in this field for interactive security awareness through digital signature authenticating mechanism.


Introduction
Cloud Computing is the modern paradigm that is synonymous with grid computing (which is based on the resources sharing, and making collaboration in the distribution of services between different enterprises in different geographical zones through the Internet providers).Cloud computing enhances the distribution of services for the Internet users.It is a computing mission on resource pools that include a large amount of computing resources.With cloud computing advancement as a new resource of computing on the Internet that provide assorted kinds of cloud services, also bring some security problems on the distribution of services over the Internet.At the moment, most computing systems provide digital identity for the users to access their services; these bring some inconveniences for hybrid cloud that includes multiple private and public clouds.However, the advantage of using cloud are numerous which include: i) reduced hardware and maintenance cost; ii) accessibility around the globe, iii) flexibility and the highly automated process wherein customer need not worry about software up-grading, physical hardware purchases and some basic infrastructures which tend to be a daily problem in computing environments (Robit, Ritupara, Nabendu, & Sugata, 2012;Maggini, 2009;Harold, Liu, Shivnath, Jeffrey, & Sujay, 2009).The Cloud Computing systems that provide services to the Internet users apply the asymmetric or public key and private or traditional identity based cryptography that has some identity elements that fit well in the requirement of cloud computing. ii.
Private Cloud: This cloud for resource infrastructural distribution, is operated solely for an organization in a limited fashion with the total exclusive access of the external members of the organization.This is achieved through the manipulation of access control devices.The advantage of this model is the security of the transaction of the cloud computing services with Compliance and Quality of Service (QoS).Some companies and Universities use the private cloud to provide cloud computing to their clients and students respectively.Private cloud is also known as Internal Network.Providing security in private cloud is easier. iii.
Hybrid Clouds: This cloud infrastructure is a combination of two or more clouds.It enables data portability through load balancing between clouds.Providing security in the hybrid cloud computing is much more difficult especially for symmetric key distributions and mutual authentication.Moreover, for users to access the services in a hybrid cloud computing, user digital identity is normally needed for the servers of the cloud to manage the access control.Hybrid computing consists of many different kinds of clouds and each of them has its own complex identity management.This therefore signifies that a user on the hybrid cloud that wants to access services from different clouds services environment could have multiple inconveniences in giving out different digital identities to the service providers.

iv.
Community Cloud: This model of cloud infrastructure is shared by several organizations Agreement (SLA) otherwise known as contractual agreement.A specific community shares concerns like requirements, policy, and compliance considerations.The cost of utility of the infrastructure is commonly shared within the model organization.
Using cloud computing services, users can store their critical information (data) in servers stacked by the Cloud Service Providers (CSP) and can access their data anywhere in the parts of the world where Internet providing facilities are available and do not need to worry about their systems breakdown or disk faults.Besides, users can use one system to share their information and work; moreover, they can play games together on the same system simultaneously.Such CSPs are the Amazon, Google, IBM, Microsoft and Yahoo are the forerunners on the applications of cloud computing services in modern businesses Internet connectivity.Companies like the SalesForce, FaceBook, YouTube, MySpace etc also have begun to provide all kinds of computing services for the Internet Users.

Cloud Characteristics or Features
As derived in reference (Don, Afred, & Scott, 2001): 1) On Demand Service Clouds: This is a large resource and service pool that the user can get service or resource whenever she needs by paying the amount of services she uses.

2)
Ubiquitous Network Access: Clouds provide services everywhere through standard terminal like mobile phones, Laptops and personal Digital Assistant (PDA).

3)
Easy Use: Most cloud providers offer internet based interfaces which are simpler than application program interfaces which enable the users to use the cloud services easier.

4)
Business Model: Cloud is a business model because it is "pay as per use" of the service or resource.

5)
Location Independent Resource: The providers computing resources are pooled to serve multiple customers using pooling using multitenant model with different physical and virtual resources dynamically assigned and reassigned according to demand Mobile devices are of various kinds and structures; these include Smartphones, Notebooks, tablets etc.They all have less weights, memory and dependent on battery life.The application developers for the clouds have to keep these variations and constraints in mind.Cloud Computing provide services as saviour for many kind of networks applications as some of the computations can easily be outsourced from the cloud.This can be implemented in the cloud or developed an application which uses cloud for some specific tasks.
With the advancement of Internet speed and increase in computing power of Smartphones and tablets, a wide number of users who will access applications on the Clouds is increasing exponentially and by the day.So the Service providers for the Cloud Computing need to develop applications while keeping such facts securely embedded in their minds.Operating systems running on such clients aforementioned should be designed to conserve the battery life span with networking support built in the operating system.Since most of the service devices are mostly of small sizes and are capable of running in Internet environment of simplicity and with short life span, they need secure algorithms with small consuming energy power that are durable and portable.

Some Prevalent Security Challenges in Cloud Computing Environment
As noted earlier, Cloud Computing as an umbrella term involves different types of technology and services that are distributed over such computing environments as parallel as in grid computing that provides assorted computing services to the user on demand.Each of these services provide enormous opportunity for small and medium scale enterprises to grow their businesses using the service critical infrastructure provided with zero deployment.
Having said and done on the essential of the Cloud benefits such as providing lower cost service and ease of application, each cloud computing based service has various kinds of security challenges.An intruder can use the vulnerabilities of network infrastructure to attack the services on features of cloud like multi-tenancy, on demand self-service, broad network access etc.This could create a lot of vulnerabilities in the service delivered (Liu, ibid).A survey conducted by the IDC shows that security is a major concern for the users staying away from the cloud as computing services (Abhuday & Parul, 2012).In this subsection, we are analyzing various kinds of security that rear their heads predominantly in the applications deployed on the cloud.They include both traditional security challenges and recent challenges which came into prominence because of cloud computing which could be referenced in (Madhan, Sarukesi, Paul, Sai, & Revathy, 2012;Gens, 2009;Abhuday & Parul, 2012;Narpat & Sekhawat, 2011;Foster et al., 2008).

Security as a Result of Network Infrastructure
Network infrastructures have raised several security issues and challenges with the services being provided over the cloud Computing Environment.Distributed Denial of Services (DDOS) attacks are performed by malicious software to prevent the server from providing services to its clients by sending un-accessible request to the user.
A system on the cloud can be hacked and used as base to perform DDOS attack on other machines.Attacker may analyze all packets passing through the system to gather important information about the user, But scanning (Dijk, Marten, & Ari, 2010) is done to find out the open port that can be attacked to get into the system., SQL injections are used to attack the cloud based database.

Security Risk Due to the Web Services
Network infrastructure web services are vulnerable to several kinds of attacks.These vulnerabilities arise due to implementation mechanism and existing protocols in web services.These are as follows: a. Buffer Overflows: xml can be forced to call itself severally thereby overflowing the memory.This could trigger error message and makes the application reveal information about itself.

b.
Xml Injection: XML injections be used to insert a parameter into a query and let the server execute the data c.
Session Hijacking: An attacker can inject a soap message and obtain the session digital identity thereby representing himself as an authenticated user to the server,.Later on, he can go on to perform some serious mischief to the server d.
Security Risk due to Cloud Features: Security risk arises for services based on cloud due to its features.Service user losses control over the data as it stores on other's servers, the user has to depend has to depend on the provider's security arrangement and its analyses.A situation may arise where service provider might have to move to other provider or back to its server at different geographical location.In most cases, data stored in the cloud could get locked up in other server and it is difficult to move them from the provider to the user or another provider.Most of the cloud service providers support multi-tenancy services.Isolation of data from other organization's employee residing on the same server is also a challenge for the server provider.If client ceases to use the service provided by data ownership, issues could arise as some providers would refuse to release them at some later unspecified date.Also if the user fails to pay his used services, the provider could lock up the data stored and refuse to release them.Instances abound which the availability of the applications running on cloud is locked up and formed great concern for the user as cloud outages.Cloud outages have happened several times; for instance Gmail (locked up for one day in mid-October in 2008; Amazon S3/ over several hours downtime in July 20, 2008 and FlexiScale had outage for 18 hours on October, 2008.So many of these unpleasant occurrence happened in October in the year 2008.

Security Issues of Applications Available over the Cloud
Applications deployed on cloud can face some kind of attacks as that are on client-server model.SaaS based applications are vulnerable to the virus; online operating systems are available on cloud to the user for free.
Viruses can spread as attachment of email, past of the software or can stay in MBR of the operating system available on the cloud.Worms residing on one system in the cloud can migrate to another system on its own.Trojan horse is software with wrong intentions.It gets divided into parts when loaded from memory.SaaS applications depend on the web services and web browsers to deliver their services to the user.They are security challenges arising out of the network infrastructure and web services in (Madhan, Sarukesi, Paul, Sai, & Revathy, 2012;Gens, 2009;Abhuday & Parul, 2012).IaaS and PaaS services are hardware dependent and face more challenges arising out of features of the cloud computing than SaaS infrastructure.
As identified in this section, Public key Infrastructure (PKI) is one of the various ways that could handle some of the issues afore-stated.There are various kinds of public key cryptographic schemes-Elliptic Curve Cryptography is one of them which is the crust of next research examinations in the next subsequent sections.ECC in its complementary application could solve the problem of Security dissemination and power optimizing in the mobile phones that communicate with the CSPs.

Cloud Computing from Practical Analysis
Cloud Security risks as identified through vendors are listed here under (Abhuday et al., 2012) As we have noted above, cloud services present many challenges to an organization.As soon as Service level Agreement (SLA) is reached between an organization and the service providers in consuming the services, especially cloud services, much of the computing system infrastructure control is always under the control of the cloud providers.This poses a lot of challenges.As a result, it is suggested that such challenges should be resolved through management initiatives which will clearly delineate the ownership and responsibility roles of both the cloud provider and the organization functioning in the role of the clients or users.
Security managers of the cloud computing on the provider and the user sides that determine what detective and preventive control exist on the cloud should be able to clearly define security posture for the both cloud environments at their individual ends.
Proper security control is expected to be implemented based on asset, threat, and vulnerability risk assessment matrices.
Cloud computing risk (Veerraju et al., 2012) assessment report mainly from vendor's point of view about security capabilities analyzed security risks faced by the cloud: i.
Regulatory compliance: In some cases, some cloud computing providers do refuse to external audits and security certifications.In view of this, it is strongly suggested that cloud computing as a body should have a regulatory and disciplinary outfit that would consistently meet the target of the consumers ii.
Privilege User Access: Sensitive data processed outside the organization fro the cloud computing environment brings malicious data that are inherent in raising the level of risk.Cloud Providers should ensure they have adequate and strong anti-virus mechanisms in the processing of their outputs for dispensing such cloud critical systems to the consumers.
iii.Data Location: When cloud is used, in most cases, the user does not know where the cloud is hosted.
The cloud providers should give specific locations of their services if they expect trust and advantageous patronize of their services by the customers.This would also improve data recovery should the data is lost for want of recovery mechanism technology.

iv.
Investigative Support: This is a worrisome problem; investigation on cloud computing in the aftermath of fraud is a significant issue.This is more observable because laws demarcation divergence in countries of perpetration of the heinous act.

Proposed Solutions
In our previous section and subsections, we see that cloud computing is based on dispensing of data through transfer by virtualization process.As a result, it is imperative to have concern over the data storage.Users are anticipated apply the traditional IT security and the cloud computing security.For instance is advised that the users should know the location of the storage host; this is practically a traditional strategeous step in the right direction and best of human insight.That is users should know the exact location of their data and should also know other sources of the collectively stored with theirs if possible.
To preserve security on cloud-based virtual infrastructure, providers should ensure data confidentiality, authentication, integrity, and availability which should provided using the techniques a.
Encryption: All sensitive data may be required to be encrypted using some high secure cryptographic scheme on the provider OS software before sending the encrypted data on traffic over the ever busy Internet network transmission channel.

b.
Physical Security: Keep the virtual cloud systems and the cloud management hosts safe and secure behind carded doors, and the local environment safe c.

Authentication and Access Control:
The authentication capabilities within all virtual systems by the provider should copy the way other physical systems authenticate.One time password and biometrics should all be implemented in the same manner.Thus all encrypted data should provide authentication technique from one cloud to another cloud.To achieve this onerous and unique technique of authentication, it is advisable that digital signature should be applied in cloud data transfer.

Elliptic Curve Cryptography
The techniques for Jensen et al. (2009) the need of information security on the Internet had led to the evolution of Cryptography with many techniques involving.In a nutshell, cryptography is the science of keeping information secure and therefore, it is a useful tool cloud computing security.It involves encryption and decryption of messages for transmission over the Internet to the rightful recipients.The secrecy of any cryptographic scheme is the key use for the encrypting/decrypting processes of the would-be transmitted data of a non-singular Weierstrass equation.There is exactly one point in E with Z-coordinate equal to O, namely (0,0).This point is called the point at infinity, and denoted O.The point at infinity is also designated the identity element of the Elliptic curve.We can write, for convenience, the Weiestrassss equation in affine (non-homogeneous) coordinates, , thus obtaining the equation 6 4 An elliptic curve E is the set of all of solutions of equation ( 4.4), together with the point at infinity O.If the coefficients of the equation are defined over K, we say that E is defined over K, and denote it as K E / .Definition 4.4 (Rational Position on E): If E is defined over K and L as an extension of K, the set of L-rational points, denoted E(L), is the set of points of E with coordinates in L, together with the point at infinity O.
The set of elliptic curve comes endowed with an abelian group structure.The addition operation called group law, and point O is the zero elements in this group structure.Besides, formulas exist for sum of two points, which consists only algebraic operations on the coordinates of the points involved.
Elliptic Curves are calculated over various fields mostly: Real Field, Finite Field and over Binary fields.Narpat et al. ( 2011) defines elliptic curve over real as a set of points in the plane ) ( 2 K P which satisfies an algebraic equation: This set of equations could also be defined over the complex field.
We, in this subsection, will look into the elliptic curves based on Finite Field and Binary Field group laws under the expression Galois Field.
Multiplication Law: Let E be a given elliptic curve field over the field of real such that ) (mod : For a, b are given parameters in whatever is the appropriate set (rational numbers, complex numbers, integers mod n, etc).We also include a "point at infinity  " as defined earlier.Multiplication law is also known as the group law.Group Law can be categorized into three types, which include the real field, the Finite field involving real or complex fields and the Binary Field group laws.In this paper, we review the Finite Field Law and the Binary Field Law.
An elliptic Curve Galois Field GF(P) where P is a prime, can be defined as the points P(x,y) which satisfy Equation (3.6) with a further condition that ) (mod 0 27 4 . Definition of addition and doubling of point's condition enclosed in to Equation (2.6), it enables the points so formed on the elliptic curve to form a group with addition and doubling of the points.This concept also integrates the point at infinity which is the identity element.
To achieve an efficient implementation on the elliptic curve, field Arithmetic (involving modular addition, subtraction, multiplication and inversion) must be available.These operations are used in the logarithm for addition and doubling points.Suppose we have two points on an elliptic curve E at points given as , then the sum of P and Q given as ) , ( Doubling Formula for Fields of Characteristic Two: and It is really advantageous to select a curve and field K so that the number of field operation involved in adding two points and doubling a point are minimized.

Simplified Weierstrass Equations Over Galois Field
If we perform some analysis by simplification, we shall obtain the some important equations: ) 2 ( m GF such that: We get other important equations: The points in E are denoted as: In some way, for the curve where To double a point J to get L, i.e. to find L = 2J, consider a point J on an elliptic curve as shown in Figure 2.1.If y coordinate of the point J is not zero then the tangent line at J will intersect the elliptic curve at exactly one more point -L.The reflection of the point -L with respect to x-axis gives the point L, which is the result of doubling the point J. Thus L = 2J. If y coordinate of the point J is zero then the tangent at this point intersects at a point at infinity O. Hence 2J = O when J = 0.This is shown in Figure (3.1b)Consider a point J such that J = (x J , y J ), where y J ≠ 0.
Let L = 2 J where L = (x L , y L ), then x L = s 2 -2x J y L = -y J + s (x J -x L ) s = (3x J + a) / (2y J ), where s is the tangent at point J and a, is one of the parameters chosen with the elliptic curve If y J = 0 then 2J = O, where O is the point at infinity.

Elliptic Curve Digital Signature Algorithm (ECDSA)
This section describes the problem of security of the clouds that is based on the critical information on transmission: authentication and non-repudiation between the cloud computing organizations.Suppose that clouds 2 1

C and C
computing companies agree to carry out electronic business together based on ECC algorithm, then, they must carry out the following transactional mandatory agreement: Both sides must know the following curve parameters which are used in the algorithm for the ECDSA.There are eight parameters: . The field size is p, a and b are the two field elements that define the equation of the curve E; G is the base point of primes order of the curve chosen from the elliptic curve equation, n is the order of the points of the elliptic curve.The cloud that signs the message must have a key pair suitable for the elliptic curve cryptography which consists of a private key x (that is a randomly selected integer in the interval ] 1 , 1 [  n and a public key Q; (where ) xG Q  .

Generation of the ECDSA
The algorithm for the signing of the ECDSA between the two clouds should follow this pattern [18,19,20,21,22]: 1) Select an integer k from within the [1, n-1].
2 , abort and go back to step 1.

5)
Cloud 1 C 's signature the message m is the pair ) , ( s r .
It is imperative for the two clouds to select different k for different signatures; otherwise, the equation in step 4 can be solved for s, which is the private key.

ECDSA Signature Verification
To verify the signature (r, s) on, cloud 2 C obtains an authentic copy of domain parameters C then does the following: (1) Verify that r and s are the integers in the interval [1, n-1].
(2) Computes SHA-1(m) and convert the string to an integer H(m).

Proof of the Signature Verification
If a signature (r,s) [22, 23. 24] on a message m was indeed generated by cloud and so r v  as required.

Computational Experiments
In this experimental section, we give two types of curves: Ordinary elliptic curves and the pseudo-random curve of type P-192.The first is the normal curve while the other is the Federated approved one used for encryption with large primes, large order and cofactor 1  f .For each prime p, a pseudo-random curve of prime order r is listed.(Thus, for these curves, the cofactor is always f = 1.).The following parameters are given:

Key Establishment between Two clouds
Suppose we have the transaction between a Cloud Providing Organization and the client (which may be viewed as a smartphone user) computing organizations which we denote as 1 C and 2 C .We use this to produce an example of elliptic curve cryptosystem authentication which is based on ElGamal Cryptosystem.C accepts the message as being authentic and that it comes from Cloud 1 C .

Conclusion and Suggestion for Future Works
This work studies the cloud computing environment based on the transaction between the cloud provider and the Mobile User.The Cloud and the User can verify the transaction between them using the Elliptic Curve Digital Signature.Computational exposure of the work was well aligned through computational example using mathematica.
The future research inclination in cloud computing models is largely based on the interconnectivity betewween the cloud and Mobile Cloud Computing.Mobile Cloud Computing could be enhanced with the State-of-the-Art analysis in which strong support framework in Steganography and Cryptography could form the structure of the transmission of secure data over the insecure cloud.In this case, issue of privacy could be achieved maximally.
We also need to work to improve on the minimization of energy consumption for these mobile devices to maximum fast computational processs and achieve efficient devices productivity.
i.The prime modulus p ii.The order r iii. the 160-bit input seed s to SHA-1 based algorithm iv.The output c of the SHA-1 based algorithm v.The coefficient b (satisfying b 2 c  -27 (mod p)) vi.The base point x coordinate x G vii.The base point y coordinate y G The integers p and r are given in decimal form; bit strings and field elements are given in hex.The pseudo curve P-192 has the following standardized parametric values in hexadecimal and decimal.
This kind of cloud computing provide development environment as a service.You can use the middleman's (broker) equipment to develop your own program and deliver it to the user through the Internet and Servers.Mobile thin clients consist of Phones with operating system which lets the access of the cloud from anywhere.Software Clients include rich or fat client which include desktop applications connected to the internet, Web Applications/thin client run on web browsers like Google calendar.There are lots of resource sensitive clients of cloud computing like the RFID.
Clients of various kind for the cloud computing abound Google, Google app Engine': http://code.google.com/aapengineand Liu Peng, http: //blog.sina.com.cn/blog_5f0da5590100cmxw.htm.These ranges from hardware clients to Software Clients.Hardware Client are also called thick client; are full featured computers.Thin client are designed for specific purposes mainly with input/output (i/o) interfaces.
The two computing structures have now computed their public keys; they now compute the same private key K in this order: Texts messages are first encoded into integers before importing into the curve.Instance of this transformation is the Mathematica code:The strings are the texts to be encoded which are output as:The Clouds now insert these encoded words into an encrypted format as follows:With the verification being true, User 2