CLOAK: A Stream Cipher Based Encryption Protocol for Mobile Cloud Computing

Mobile device and its applications have revolutionized the way we store and share data. It is becoming a warehouse of users personal information. Unluckily, most of these data are stored in an unencrypted format, prone to security threats. In this paper, we propose a lightweight, computationally efficient protocol, called CLOAK, for the mobile device. CLOAK is based on stream cipher and takes the help of an external server for the generation and distribution of cryptographically secure pseudo-random number (CSPRN). In order to enhance the security of our protocol, we use the concept of symmetric key cryptography. We present three versions of the protocol referred as s-CLOAK, r-CLOAK and d-CLOAK, varying on the basis of the key selection procedure. In CLOAK, the core encryption/decryption operation is performed within the mobile devices to secure data at its origin. The security of CSPRN is ensured using deception method. In CLOAK, all messages are exchanged securely between mobile and the server with mutual identity verification. We evaluate CLOAK on Android smart phones and use Amazon Web services for generating CSPRN. Additionally, we present attack analysis and show that the brute force attack is computationally infeasible for the proposed protocol.

[1]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[2]  Inder Singh,et al.  Data encryption and decryption algorithms using key rotations for data security in cloud system , 2014, 2014 International Conference on Signal Propagation and Computer Technology (ICSPCT 2014).

[3]  Pierre L'Ecuyer,et al.  Tables of linear congruential generators of different sizes and good lattice structure , 1999, Math. Comput..

[4]  Martin Hell,et al.  Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[5]  Chonho Lee,et al.  A survey of mobile cloud computing: architecture, applications, and approaches , 2013, Wirel. Commun. Mob. Comput..

[6]  Rajkumar Buyya,et al.  Heterogeneity in Mobile Cloud Computing: Taxonomy and Open Challenges , 2014, IEEE Communications Surveys & Tutorials.

[7]  Martin Boesgaard,et al.  Rabbit: A New High-Performance Stream Cipher , 2003, FSE.

[8]  H. Ramamurthy,et al.  Cloud-based mobile commerce for grocery purchasing in developing countries , 2014, IBM J. Res. Dev..

[9]  Kris Gaj,et al.  Comparison of FPGA-Targeted Hardware Implementations of eSTREAM Stream Cipher Candidates , 2008 .

[10]  Tsukasa Ishiguro,et al.  A key-revocable attribute-based encryption for mobile cloud environments , 2013, 2013 International Conference on Security and Cryptography (SECRYPT).

[11]  Patrick D. McDaniel,et al.  Semantically rich application-centric security in Android , 2012 .

[12]  Gernot Heiser,et al.  An Analysis of Power Consumption in a Smartphone , 2010, USENIX Annual Technical Conference.

[13]  S. Sujatha,et al.  Performance metric analysis for mobile encryption algorithm using Bouncy Castle Toolkit , 2011, 2011 International Conference on Emerging Trends in Electrical and Computer Technology.

[14]  Khairulmizam Samsudin,et al.  A framework for GPU-accelerated AES-XTS encryption in mobile devices , 2011, TENCON 2011 - 2011 IEEE Region 10 Conference.

[15]  David Llewellyn-Jones,et al.  A New Lightweight Homomorphic Encryption Scheme for Mobile Cloud Computing , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[16]  Sean Murphy Comments on the Security of the AES and the XSL Technique , 2002 .

[17]  Daniel J. Bernstein,et al.  The Salsa20 Family of Stream Ciphers , 2008, The eSTREAM Finalists.

[18]  P. Victer Paul,et al.  A novel security model for cloud using trusted third party encryption , 2015, 2015 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS).

[19]  Zhifeng Xiao,et al.  Security and Privacy in Cloud Computing , 2013, IEEE Communications Surveys & Tutorials.

[20]  Jason G. Caudill,et al.  The Growth of m-Learning and the Growth of Mobile Computing: Parallel developments , 2007 .

[21]  Matthias Lange,et al.  L4Android: a generic operating system framework for secure smartphones , 2011, SPSM '11.

[22]  Bin Hu,et al.  Improved Lightweight Encryption Algorithm Based on Optimized S-Box , 2013, 2013 International Conference on Computational and Information Sciences.

[23]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[24]  Yu Chen,et al.  Self-Encryption Scheme for Data Security in Mobile Devices , 2009, 2009 6th IEEE Consumer Communications and Networking Conference.

[25]  Cees T. A. M. de Laat,et al.  An Autonomous Security Storage Solution for Data-Intensive Cooperative Cloud Computing , 2013, 2013 IEEE 9th International Conference on e-Science.

[26]  Jacques Patarin,et al.  About the XL Algorithm over GF(2) , 2003, CT-RSA.

[27]  Feng Xiu-tao ZUC Algorithm:3GPP LTE International Encryption Standard , 2011 .

[28]  Alexandru Iosup,et al.  Procedural content generation for games: A survey , 2013, TOMCCAP.

[29]  Greg Rose A Stream Cipher Based on Linear Feedback over GF(28) , 1998, ACISP.

[30]  Henri E. Bal,et al.  Cuckoo: A Computation Offloading Framework for Smartphones , 2010, MobiCASE.

[31]  Eli Biham,et al.  Cryptanalysis of the A5/1 GSM Stream Cipher , 2000, INDOCRYPT.

[32]  Chunlei Wang,et al.  ARM Realization of Storage Device Encryption Based on Chaos and AES Algorithm , 2011, 2011 Fourth International Workshop on Chaos-Fractals Theories and Applications.

[33]  Srivaths Ravi,et al.  Exploring Software Partitions for Fast Security Processing on a Multiprocessor Mobile SoC , 2007, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[34]  Sergio T. Kofuji,et al.  Performance analysis of encryption algorithms on mobile devices , 2013, 2013 47th International Carnahan Conference on Security Technology (ICCST).

[35]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[36]  Anupam Chattopadhyay,et al.  HiPAcc-LTE: An Integrated High Performance Accelerator for 3GPP LTE Stream Ciphers , 2011, INDOCRYPT.

[37]  I-En Liao,et al.  A searchable encryption scheme for outsourcing cloud storage , 2012, 2012 IEEE International Conference on Communication, Networks and Satellite (ComNetSat).

[38]  Christos Xenakis,et al.  A Secure Mobile VPN Scheme for UMTS , 2006 .

[39]  Odysseas G. Koufopavlou,et al.  On the hardware implementations of the SHA-2 (256, 384, 512) hash functions , 2003, Proceedings of the 2003 International Symposium on Circuits and Systems, 2003. ISCAS '03..

[40]  A. B. M. Shawkat Ali,et al.  Above the Trust and Security in Cloud Computing: A Notion Towards Innovation , 2010, 2010 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing.

[41]  N. Macrae John Von Neumann , 1992 .

[42]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[43]  Ulf T. Mattsson A practical implementation of transparent encryption and separation of duties in enterprise databases: protection against external and internal attacks on databases , 2005, Seventh IEEE International Conference on E-Commerce Technology (CEC'05).

[44]  Ravi Mukkamala,et al.  Privacy-Preserving Data Management in Mobile Environments: A Partial Encryption Approach , 2012, 2012 IEEE 13th International Conference on Mobile Data Management.

[45]  Martin Hell,et al.  A Stream Cipher Proposal: Grain-128 , 2006, 2006 IEEE International Symposium on Information Theory.

[46]  Hongjun Wu,et al.  The Stream Cipher HC-128 , 2008, The eSTREAM Finalists.

[47]  Chien-Yeh Hsu,et al.  A mobile phone based homecare management system on the cloud , 2010, 2010 3rd International Conference on Biomedical Engineering and Informatics.

[48]  S. K. Park,et al.  Random number generators: good ones are hard to find , 1988, CACM.

[49]  Anne Canteaut,et al.  Open Problems Related to Algebraic Attacks on Stream Ciphers , 2005, WCC.

[50]  Anne Canteaut,et al.  Sosemanuk, a Fast Software-Oriented Stream Cipher , 2008, The eSTREAM Finalists.

[51]  Peter M. Athanas,et al.  A security policy based upon hardware encryption , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[52]  Adi Shamir Stream Ciphers: Dead or Alive? , 2004, ASIACRYPT.

[53]  Alex Biryukov,et al.  Block Ciphers and Stream Ciphers: The State of the Art , 2004, IACR Cryptol. ePrint Arch..

[54]  Daehee Kim,et al.  Selective encryption and component-oriented deduplication for mobile cloud data computing , 2016, 2016 International Conference on Computing, Networking and Communications (ICNC).

[55]  Efstathios D. Sykas,et al.  HTTP Data Offloading Using Multipath TCP Proxy , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[56]  Xuefei Chen,et al.  Primary exploration of mobile learning mode under a cloud computing environment , 2010, 2010 International Conference on E-Health Networking Digital Ecosystems and Technologies (EDT).

[57]  Harald Niederreiter,et al.  Random number generation and Quasi-Monte Carlo methods , 1992, CBMS-NSF regional conference series in applied mathematics.

[58]  William Millan,et al.  Dragon: A Fast Word Based Stream Cipher , 2004, ICISC.

[59]  T. Moon,et al.  Mathematical Methods and Algorithms for Signal Processing , 1999 .

[60]  H. Rahaman,et al.  An Optimized S-Box for Advanced Encryption Standard (AES) Design , 2012, 2012 International Conference on Advances in Computing and Communications.

[61]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[62]  Bart Preneel,et al.  Analysis of Grain's Initialization Algorithm , 2008, AFRICACRYPT.

[63]  Sean Murphy,et al.  Remarks on security of AES and XSL technique , 2002 .

[64]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[65]  Goutam Paul,et al.  RC4 Stream Cipher and Its Variants , 2011 .