2020 International Conference on Computing and Information Technology, University o f Tabuk, Kingdom o f Saudi Arabia.
Volume: 01, Issue: ICCIT- 1441, Page No.: 397 - 400, 9th & 10th Sep. 2020.
Cloud Cryptography: User End Encryption
Sameer A. Nooh
Computer Science Department, Umluj
University of Tabuk
Tabuk, Saudi Arabia
snooh@ut.edu.sa
Abstract— Cloud computing has made the life of individual
users and work of business corporations so much easier by
providing them data storage services at very low costs.
Individual users can store and access their data through
shared cloud storage service anywhere anytime. Similarly,
business corporation consumers of cloud computing can store,
manage, process and access their big data with quite an ease.
However, the security and privacy of users’ data remains
vulnerable in cloud computing Availability, integrity and
confidentiality are the three primary elements that users
consider before signing up for cloud computing services.
Many public and private cloud services have experienced
security breaches and unauthorized access incidents. This
paper suggests user end cryptography of data before
uploading it to a cloud storage service platform like Google
Drive, Microsoft, Amazon and CloudSim etc. The proposed
cryptography algorithm is based on symmetric key
cryptography model and has been implemented on Amazon
S3 cloud space service.
Keywords— Cloud Computing Security, Cryptography, Key
Generation, Encryption, Decryption
I. INTRODUCTION
Cloud computing is the technology where service providers
use network for distributed processing and parallel
computing of users’ data. They facilitate their users by
providing software, platform and infrastructure services all
in one package [10].They make virtual environment known
as cloud for users to upload, store and access their data
anytime anywhere they want. Users can take advantage of
this cloud service using just internet without going through
the trouble of downloading the application or running out of
storage [3]. Simplest example of this type of public cloud
computing is Google drive, where any individual user can
sign up and store and access hundreds of megabytes of data.
Business companies also use cloud computing for storage
and maintenance of their enterprise tools and contents.
Cloud service providers offer these companies a shared data
storage space at low costs. Small business companies pay
them depending upon their data size requirements and
utilize the remote control of cloud space. An example of
such community cloud is Amazon. However, bigger
business corporations or government agencies have
developed their own cloud computing platforms for trouble
free storage and practical applications. Well-known
example of business enterprises’ private cloud computing
platform is SharePoint by Microsoft [4].
Cloud computing offers impressive set of advantages to all
types of clients, individual or business, like flexible storage,
easier access, automatic updates and pay per use service etc.
The modern technique of data, applications and information
storage has also brought one important issue to contemplate:
978-1 -7281-2680-7/20/S31.00 ©2020 IEEE
Authorized licensed use limited to: MIT-World Peace University. Downloaded on July 26,2022 at 04:27:28 UTC from IEEE Xplore. Restrictions apply.
Security, Availability, Integrity and Confidentiality are the
three primary elements that users consider before signing up
for cloud computing services. Confidentiality or privacy or
security is the key challenge, for cloud service providers.
Many public and private cloud services have experienced
security breaches and unauthorized access incidents.
Microsoft’s employees suffered the consequences of a
security breach in 2010 and Apple’s iCloud went through a
similar security hack in 2014 [1].
Cryptography is the way to take care of the security worries
of both users and service providers. Cryptography is the
technique of encoding users’ data to make it
incomprehensible and impenetrable during storage or
transmission [2]. The very basic security threat that users
face, while signing up for a cloud service, is giving open
access to a service provider to their personal data. The
second threat comes from other users in a shared virtual
environment and the third security hazard is privileged
access abuse from an outside source [9]. Most cloud
computing security solutions are related to cryptography of
user’s data on service provider’s end so that no shared user
or outside source can violate a particular user’s personal
data access rights. However, the primary element of
encryption, the key that encrypts any user’s data and is used
to decrypt it, still remains in service provider’s knowledge
and can be used for unwanted intrusion. In order to free the
user from all kinds of security threats, the best step will be
to implement user end encryption algorithm before
uploading any personal data onto a cloud service. This can
be done for both individual user case and any business
enterprise scenario.
II. CRYPTOGRAPHY
Cryptography is the art of encoding secret information in
illegible hidden format using an encryption key. The data
is retrieved in its actual form on receiver end by decryption
using the same secret key [3]. Only the person with the
secret key knowledge has access to the encrypted data and
the right to decrypt it. The main ingredients of any
cryptography process are: plain data, secret key, encryption
algorithm, cipher data and decryption algorithm [2].
Cryptography has two main types: symmetric or private or
single key type cryptography and asymmetric or public key
type cryptography [8, 12]. Fig. 1 explains the regular flow
of a cryptography process.
Volume: 01, Issue: ICCIT- 1441, Page No.: 397 - 400, 9th & 10th Sep. 2020.
S. A. Nooh: User End Encryption...
a. Symmetric Key Encryption
In symmetric type of key cryptography, a single key is used
for encryption and decryption of data. The person who
encrypts the data in a commination and transmits it to the
other end shares the encryption key with the receiver, who
then uses it to decrypt the cipher information. Data
encryption standard (DES) and Advanced Encryption
Standard (AES) are the two well-known examples of
symmetric key encryption process. In terms of cloud
service, the service providers use single key for encryption
and decryption algorithms to secure user data. Fig. 2 shows
the flow of symmetric key style.
b. Asymmetric Key Encryption
In asymmetric scheme of key cryptography, two different
keys are used for encryption and decryption of data. A
public key is used to encrypt plain text information and is
known to everyone involved in the communication process.
A different private key is used for decryption of the cipher
information and is only known to the receiver. The two
secret keys are generally mathematically related but
knowledge of public encryption key is not enough to
determine the private decryption key. Asymmetric
encryption algorithm examples are RES (Rivest Shamir
Adleman) encryption and Diffie Hellman algorithm. Fig. 3
shows the flow of asymmetric key design. Asymmetric type
of cryptography is preferred over symmetric type in the
context of security because it does not have a key
distribution problem but is slow in its process [6].
III. END-USER CRYPTOGRAPHY
Although many service providers have implemented
different types and layers of cryptography algorithms in
their cloud services to ensure user data security from outside
sources, but the confidentiality of information from the
service provider itself remains an issue. In today’s digital
Authorized licensed use limited to: MIT-World Peace University. Downloaded on July 26,2022 at 04:27:28 UTC from IEEE Xplore. Restrictions apply.
era, everyone is highly concerned about their privacy from
every other person. Users (individuals or business
enterprises), while choosing their cloud service, cannot trust
their service providers with open access to their data. Users
need to have full guarantee of security when they store their
personal data on a shared cloud space and their data moves
internally between datacentres of service providers.
The cloud service consumer himself/herself can encrypt
their data before uploading it to the cloud and make it
unbreakable. This can provide them security from all kinds
of authorized access abuse. Many of the times cloud service
providers guarantee end-to-end encryption of users’ data,
but in fact their cryptography algorithms are not good
enough, encrypting the data all by themselves and
decrypting it on the time of their personal access can solve
this issue of lack of standardization. Similarly, cloud service
providers do not enforce data security measures while
moving users’ data internally between their own
datacentres. This can encourage hackers and other outside
sources like government agencies to penetrate the loopholes
in cloud services and access users’ data without
authorization. This problem of data theft in transit and
another important concern of users about trusting the service
providers to grant open access to their data can be solved by
adding an extra layer of encryption on user end. As shown
in Fig. 4, the user can encrypt their data before loading their
files in cloud storage and get their mind clear of all the
worries of data privacy and security.
a. Cryptography Model
Simple symmetric type of cryptography can be utilized for
user end security of data because user will be the only
person on both encryption and decryption ends. The
disadvantage of key sharing procedure will also be
subtracted as the user does not need to share the secret key
information with anybody else except himself. Users can
encrypt their data using a symmetric/ private key encryption
algorithm before uploading it to a web based cloud space
and then download the data from cloud, decrypt it with the
help of encryption key and decryption algorithm and be the
only ones to have useful access to their personal data. The
proposed cryptography algorithm is based on symmetric
key cryptography model. Single private key will be used for
data encryption and decryption. The algorithm is explained
step by step in the following subsections and in Fig. 4:
b. Data Encryption
Encryption part of proposed cryptography algorithm does
the following steps as illustrated in Fig. 5:
1. Extraction of text file character by character.
Vol. 01, No. IC C IT - 1441, pp. 397 - 400, 9th & 10th Sep. 2020.
S. A. Nooh: User End Encryption...
2. Conversion of character into ASCII code.
3. Conversion of ASCII code in binary value.
4. Addition of zeroes in case the binary value is less than
8 bits.
5. Division of the 8-bit binary value into four sets of two
bits and switching their places.
6. Attachment of the switched four sets back together into
8-bit binary code.
7. Binary 1’s complement of the above binary value.
8. Conversion of step 7 binary value back into ASCII
value.
9. Transmission of the ASCII value character as cipher
text.
c. Key Generation and Verification
For key generation, the binary value of cipher text from step
6 of encryption is added with 00001111 i.e. decimal 15,
converted into an ASCII character and is written in
symmetric key file. On the receiver end, characters are
extracted from receiver’s key file and converted into ASCII
and then binary values. The binary value of number 15 i.e.
00001111 is subtracted from binary value of key character
and is matched with the binary value of encrypted cipher
character. If the two values are 100 percent similar,
decryption is kicked off. Fig.6 shows the complete
procedure.
Fig. 6. Proposed Design Symmetric Key Generation and Verification
d. Data Decryption
Decryption algorithm is just the reverse procedure of
encryption after verifying receiver’s key file and goes like
this: extraction of cipher text file character, conversion of
character into ASCII code and then to binary value, 1’s
complement of the binary value, division of the 8-bit binary
Authorized licensed use limited to: MIT-World Peace University. Downloaded on July 26,2022 at 04:27:28 UTC from IEEE Xplore. Restrictions apply.
value into four sets of two bits and switching their places
and conversion of the resulted binary number into decimal
value. The ASCII character of that final value is written
back into the decryption file. At the end of the decryption
algorithm, the cipher data is converted back to original file
as shown in Fig. 7.
IV. IMPLEMENTATION AND RESULTS
The proposed encryption, key generation and decryption
algorithms have been implemented on Amazon S3 cloud
space service. After starting the homepage, Amazon S3
requires data owner to log in and then the encryption process
initiates. User needs to create a bucket and folder for his/her
account and then upload the data file for encryption. The
web based cloud service encrypts the data in an encryption
file and stores it in user’s local system. It also generates a
key encryption file and saves it along with the encryption or
cipher data file, which is also uploaded and stored in user’s
Amazon S3 account folder he/she created in the start. Once
the file is successfully stored on the cloud service and user
gets the key encryption file on his/her system, he/she can
download the encrypted cipher data file from the cloud and
apply decryption algorithm on it by verifying the key. In the
end the user successfully retrieves the original file after
decryption. All of this work has been done and the
algorithms have been verified using the proposed
cryptography model with Amazon S3 platform.
V. LIMITATIONS AND FUTURE WORK
This research provides the first step towards users’ self­
effort in securing their personal data and information before
giving it all away on a cloud storage service. The research
has explored the method of encrypting and decrypting text
files using symmetric key cryptography [11-15]. More
complex data like audios, videos and images can also be
encrypted and decrypted in the same but advanced manner.
VI. CONCLUSION
The paper suggests user end cryptography of data before
uploading it to a cloud storage service platform like Google
Drive, Microsoft, Amazon and CloudSim etc. All these
service providers facilitate individual and business
company consumers with efficient maintenance of their
applications, data and information at low costs. However,
security and confidentiality remain the top hot areas of
these cloud services.
Voi. 01, No. IC C IT - 1441, pp. 397 - 400, 9th & 10th Sep. 2020.
S. A. Nooh: User End Encryption...

Different types of unauthorized data access incidents can Communications and Networking, 2019:88, Pp. 1-15, 2019.
doi:10.1186/s13638-019-1399-z
happen when unencrypted data is stored on a cloud storage
service. Data theft during transit i.e. data interloping during [14] Saad Al-Mutairi, and S.Manimurugan .,"The clandestine image
its movement between datacenters of service providers, transmission scheme to prevent from the intruders", International
Journal of Advanced and Applied Sciences, Vol 4, No 2, Pages:
lack of standardization i.e. false claims of service providers 52-60, 2017.
about their end-to-end secure systems and privacy of data
from the service provider team itself are a few important [15] S.Manimurugan., and Saad Al- Mutari,"A Novel Secret Image
Hiding Technique for Secure Transmission", Journal of
user concerns [7,11]. If the user implements cryptography Theoretical and Applied Information Technology, Vol.95. No.1,
algorithm before storing their data on the cloud, they can pp. 166-176, January 2017.
have the security of their information from service
providers and all other outside unauthorized access parties.
For user end cryptography of storage service data, the paper
presents a symmetric key encryption algorithm along with
secret key generation. They secret key file will only be in
user’s knowledge who will download encrypted data stored
on cloud service and retrieve it through decryption.

REFERENCES
[1] Bradford, Contel, "7 Most Infamous Cloud Security Breaches -
Storagecraft", Storagecraft Technology Corporation, 2019,
https://blog.storagecraft.com/7-infamous-cloud-security-
breaches/.Eng.
[2] Hashem and H. Ramadan, “Using Cryptography Algorithms to
Secure Cloud Computing Data and Services”, Amer. J Eng. Res.
(AJER), vol. 6, no. 10, pp.334-337, 2017.
[3] S. Gunavathy, and C. Meena, "A Survey: Data Security In Cloud
Using Cryptography And Steganography". International Research
Journal of Engineering and Technology, Vol.6, No. 5, pp. 6792­
6797, 2019
[4] A. N. Jaber, and M. F. Zolkipli, "Use of Cryptography In Cloud
Computing", 2013 IEEE International Conference On Control
System, Computing And Engineering, IEEE, 2013,
doi: 10.1109/iccsce.2013.671995 5.
[5] J. P. Kaur, and R. Kaur, “Security Issues and Use of Cryptography
in Cloud Computing”, Vol. 4, No. 7, pp. 599-606. 2014.
[6] G. C. Kessler, “An Overview of Cryptography”,
https://www.garykessler.net/library/crypto.html, 2019.
[7] S. Ortiz, "The Problem with Cloud-Computing Standardization",
Computer, IEEE, Vol. 44, no. 7, pp. 13-16, 2011.
doi: 10.1109/mc.2011.220.
[8] Y. Peng, et al, "Secure Cloud Storage Based on Cryptographic
Techniques", J China Univer. Posts Telecomm, Vol. 19, pp. 182­
189, 2012. Doi: 10.1016/s1005-8885(11)60424-x.
[9] K. V. Pradeep, et al, "An Efficient Framework for Sharing a File
in a Secure Manner Using Asymmetric Key Distribution
Management in Cloud Environment", Journal of Computer
Networks and Communications, Hindawi Limited, pp. 1-8, 2019.
doi:10.1155/2019/9852472.
[10] X. Yan, et al, "The Research and Design of Cloud Computing
Security Framework", Lecture Notes in Electrical Engineering,
Springer Berlin Heidelberg, pp. 757-763, 2011. DOI:
10.1007/978-3-642-25541 -0_95.
[11] Shanmuganathan, M., Almutairi, S., Aborokbah, M. M.,
Ganesan, S., and Ramachandran, V., “Review of advanced
computational approaches on multiple sclerosis segmentation
and classification”, IET Signal Processing, Vol. 14, Issue 6, pp.
333-341, August 2020,
[12] S. Manimurugan, S. Al-Mutairi, M. M. Aborokbah, N.
Chilamkurti, S. Ganesan and R. Patan, "Effective Attack
Detection in Internet of Medical Things Smart Environment
Using a Deep Belief Neural Network," in IEEE Access, vol. 8,
pp. 77396-77404, 2020, doi: 10.1109/ACCESS.2020.2986013.
[13] Almutairi, S., Manimurugan, S., and Aborokbah, M., “A new
secure transmission scheme between senders and receivers using
HVCHC without any loss”, EURASIP Journal on Wireless

Vol. 01, No. IC C IT - 1441, pp. 397 - 400, 9th & 10th Sep. 2020.

Authorized licensed use limited to: MIT-World Peace University. Downloaded on July 26,2022 at 04:27:28 UTC from IEEE Xplore. Restrictions apply.