Comprehensive Review of AES and RSA Security Algorithms in Cloud Computing
Abstract — Cloud Computing is referred to as a revolutionary approach that has changed IT and business integration. It has benefits to almost every type of IT requirement, enterprises can use it to cut their IT costs, and individuals can use it to use it as a storage solution with a disaster recovery solution. In the present scenario, one major problem that exists with Cloud Computing is the data's security and privacy. Encryption is the most important part of security if you own a private cloud holding your personal or critical data. It brings confidentiality to the critical data. This paper mainly reviews existing security algorithms “Advanced Encryption Standard (AES)” and “Ron Rivest, Adi Shamir, and Adleman (RSA)”.
I. Introduction
Organizations utilize the cloud in a variety of various service models which include “(SAAS) Software as a Service, (PASS) Platform as a Service and (IAAS) Infrastructure as Service”. These services could be deployed using various deployment models, the deployment models are private, public, and hybrid. At present, there is no need to carry local hardware systems all over the place, it all can be handled by the cloud as an alternative. However, there is a risk that private information in these spaces can be seen by other people. This can happen in several ways like changing the settings on a document, or accidentally sharing it with a wide range of users. If a member of your group has a weak password and someone guesses that password then, any information shared with that person will be exposed, thus providing security to the data on the cloud.
There are various security factors related to cloud computing. These components are partitioned into two main types: issues that are looked at by cloud suppliers and issues that are looked at by clients of a cloud. For the most part, cloud-giving associations which as (SAAS) or (IAAS) utilize the component of a cloud. In the vast majority of cases, the supplier of the cloud guarantees that the foundation is secure which is disseminated by the supplier, and the customer’s information and applications given to the client are ensured, additionally, the client guarantees the supplier offers the best possible security which is secure their data
II. EXISTING ALGORITHM
AES ALGORITHM
“The Advanced Encryption Standard or AES” Recall that a major Shortcoming of DES is that the key length is only 56-bit which is considered to be short. In Other words, the key space is relatively small, and an attacker can use brute force to find the key. There was a need for a new encryption algorithm that has a longer key length, but also be efficient. So, in 1997 NIST put out a public call to replace DES. After a few rounds of submissions and reviews, AES was finalized and it became a new standard. Like DES, AES is also a block cipher, whereas, in DES, the input plaintext block is 64 bit in AES it is 128-bit. In DES the key length is only 56 bits. In AES it can be 128,192 or 256 bits. These key lengths are considered long enough to defeat brute force attempts to search for a key.
A. OPERATIONS
The plaintext block is signified as a square matrix. Call it a state array, and first XOR with the key. Again the Key is also signified as a square matrix. Then the state arrays go through multiple encryption. At each round, it goes through several operations that, represent substitution and permutation, and also the round key is Xor, to this state array. The operation at each round includes substitute bytes. This involves using a table stated to as a Sbox to achieve byte substitution of the block. Shift rows are a simple arrangement that is row by row. Mixed columns are a replacement that alters each byte in a column as the utility of the bytes in the column and then the result is XOR in a round key. The processes of the last round include “Substitute bytes, Shift rows, and Add round key”, and the outcome is a cipher text.
In AES, the decryption procedure runs the algorithm in the reverse direction. This means that each of these processes must be reversible. An XOR operation by itself is reversible. The other operations meaning “Substitute Bytes, Shift Rows, and Mix Columns”, and the inverse function is used in a decryption algorithm. By using this inverse function, it can reverse the action of substitute bytes that were performed in the encryption. Likewise, it can reverse the effects of shift rows and mix columns in the decryption process. Therefore, each of the processes is reversible. As a result, when we run the algorithm in reverse order, we can decrypt the cipher text back into the plaintext.
B. ENCRYPTION PROCESS
AES encryption consists of four sub-processes.
a) Byte Substitution (Sub Bytes)
In AES 128 bits are input in 16 input bytes, and these input bytes are divided for a S-box. S-box gives results in matrix form which has four by four rows and columns.
b) Shift rows
In the shift rows process, shift each row of the given matrix to the left. On the right side of the row, re-inserted the entries which are ‘fall off’. Process for shift rows are:
The first row of the known matrix is not shifted by this process. The second row shifted to the left at one position. The third row shifted at two positions to the left side. The fourth row of the matrix shifted at three positions to the left side. In which only shifts the rows, input bytes is no change in the new matrix.
c) Mix Columns
In the mix column process, used special mathematical function for the transformation of each column consists of four bytes. In this function, four bytes of the single column as input, and the outcome is four new bytes, which are replaced with the original bytes of the column. This process gave a new matrix which consists of 16 new bytes. This process does not perform in the last round of AES.
d) Add round key
In this process, a matrix of 16 bytes is considered as 128 bits and performs XOR operation to these 128 bits of round keys. In the last round output of this in the form of ciphertext and 128 bits also change to 16 bytes.
C. Decryption Process
The reverse process of the encryption process is similar to the decryption process of an AES. In which four processes are performed in each round in a reverse order. These processes are: ’Add round key’, ’Mix columns’, ’Shift rows’, ’Byte substitution’
Each round also consists of sub-processes which are also in reverse order. Encryption and Decryption algorithms are implemented separately.
D. AES Analysis
In the present day, AES uses cryptography, which is supported by hardware and software. Practically performed, AES does not find cryptanalytic attacks against AES. Also, AES has key length flexibility which helps for ‘future-proofing’ with the ability to perform extensive key searches.
The AES algorithm is only guaranteed when this is correctly applied and provides good key management.
RSA ALGORITHM
RSA is a Cryptographic Algorithm used for encrypting data over the network. It was discovered by “Ron Rivest, Adi Shamir, and Adleman in 1978”. It is a type of asymmetric key-based algorithm that uses two keys which are “Public key” and “Private key”. The public key is generated for generally encrypting the message (There is the other way around too, known as Digital Signing), and the Private Key for decrypting the message. For encrypting, the receiver has to send his public key to the sender so that only the receiver will be able to decrypt it using the private key. It is highly secure and reliable due to large prime numbers and their multiplication. But also is difficult to maintain due to complex numbers generation and even loss of data.
A. How does it work:
Any user who wants to use RSA must create two Keys:
a) Public Key, anyone can see this Key.
b) Private Key, only the owner can see this Key.
If A needs to send a message to B, it can be followed by two methods.
First Method
1. A, encrypts his message with his private key.
2. B, decrypts the message with the public key of A.
Second Method
1. A, encrypts his message with the public key of B.
2. B, decrypts the message with his private key.
B. Generate the Keys
To generate the keys we need to follow these steps:
a) Consider two prime numbers A and B;
b) Calculate N = A * B;
c) Calculate Z = (A — 1) * (B — 1);
d) Choose a private key (It mustn’t have common factors with Z and must be less than Z);
e) Calculate the public key knowing that (Private Key * Public Key) mod Z = 1.
C. Example
Choose two prime number s A and B:
A = 11
B = 17
Calculate N = A * B:
N = A * B = 11 * 17 = 187`
Calculate Z = (A — 1) * (B — 1) :
Z = (A — 1) * (B — 1) = (11–1) * (17–1) = 10 * 16 = 160
Choose a private key (It must not have common factors with Z and must be less than Z):
Private Key = 3
Calculate the public key knowing that (Private Key * Public Key) mod Z = 1:
(3 * Public Key) mod 160 = 1
Public Key = 107
Public Key = (107, 187)
Private Key = (3, 187)
D. Encrypt a Message
To encrypt a message, consider the alphabet, like this:
Then, encrypt a message with the FIRST METHOD (Encrypt with the private key of A and decrypt with the public key of A)
E. Decrypt a Message
To encrypt a message use the FIRST METHOD of encryption, so, decrypt the message with the public key of A:
III. COMPARATIVE ANALYSIS OF AES AND RSA
IV. CONCLUSION AND FUTURE WORK
AES is used to encode files and documents, it is a fast and secure algorithm. AES uses the same key for Encoding and Decoding. There is a key exchange problem, because if communication is done by AES then the receiver has to have a key. This problem is overcome by using an asymmetric algorithm which is RSA, encryption is done by the sender’s side with the help of the Private key, and decryption is done by the receiver’s side with the help of the Public key to decrypt that encoded message. AES can be applied with relatively simple bit operations but RSA includes mathematics with very large numbers. RSA is more secure, but it utilizes more CPU and memory resources than AES. There are still a few problems related to present security algorithms such as “Timing attack and problem with key distribution” and looking for more sophisticated algorithms of AES and RSA.
