International Journal of Computer Engineering and Applications,

Volume XII, Issue III, March 18, www.ijcea.com ISSN 2321-3469

 ELLIPTIC CURVE CRYPTOGRAPHY IN CLOUD COMPUTING

SECURITY

First A.Santosh Kumar Singh, Research Scholar, Department of Computer Applications, Vinoba
Bhave University Hazaribag, India, Second B. Dr. P.K. Manjhi, Assistant Professor, University
Department of Mathematics, Vinoba Bhave University, Hazaribag, and Third C. Dr. R.K. Tiwari
India , Professor, H.O.D CSE, R.V.S College of Engg & Tech., Jamshedpur, India

ABSTRACT:

Cloud computing is a technological advancement that has been growing swiftly during the last decade. In
simple terms, cloud computing is a technology that enables shared, remote, on-demand and ubiquitous
access to services through the Internet. It enables consumers to access applications and services that reside
on remote servers, without having to allocate large amounts of storage space on their own computer and
without the need for extensive compatibility configurations. Many such cloud applications provide services
that are meant to handle sensitive user data and thus the protection of this data in terms of access and
integrity is of major concern. Space- and time complexity of encryption algorithms can prove to be
imperative when it comes to system performance. In this paper we will briefly present how elliptic curve
cryptography (EEC)works, and how it can be used as an encryption solution to security related issues in
cloud computing.

Santosh Kumar Singh, Dr. P.K. Manjhi And Dr. R.K. Tiwari 179
 ELLIPTIC CURVE CRYPTOGRAPHY IN CLOUD COMPUTING SECURITY
I. INTRODUCTION
In this section we will briefly describe the notion of
cloud computing to aid us in the discussion of ECC in
cloud computing later. According to the National
Institute of Standards and Technology (NIST),
essential characteristics for a service based on the
cloud computing model are [1]:
1. On-demand self-service: The consumer can
provision service capabilities, such as server time and
network storage, without actively interacting with the
service provider.
2. Broad network access: the service is available
through common client platforms that have network
access, like mobile phones, laptops etc...
3. Resource pooling: Resources serve multiple
consumers and dynamically reassigns, according to
the demands of the consumer. Examples of re-sources
are storage and network bandwidth.
4. Rapid elasticity: This term is related to the
scalability of the service. On the consumer side, the
cloud computing resources may seem infinite, even
though allocation and de-allocation of resources may
occur at the provider's end. In other words, service
capabilities are provisioned and released to
accommodate increase or decrease in demand.
5. Measured service: The provider of the cloud service
can monitor and control the amount of resources used
by, or available to, the consumers. Thus different
options can be made available to the consumers,
depending on their different needs.
Furthermore, cloud computing services can usually be
placed in one of three different categories of service
models:
1. Software as a service: The consumer can use
applications running on the provider's cloud
servers. The underlying cloud infrastructure
aspects of the service, such as network,
storage and operating systems, are not con-
trolled by the consumer. A possible exception
is user-specific application configuration
settings. Examples are: Dropbox and Google
Docs.
2. Platform as a service: The consumer can
create applications using programming
languages, libraries and tools supported by
the provider and deploy these applications
onto the provider's cloud platform. As before,
Santosh Kumar Singh, Dr. P.K. Manjhi And Dr. R.K. Tiwari
most of the underlying cloud infrastructure is
still not controlled by the consumer.
However, the consumer has control over
deployed applications. Examples are:
Microsoft Azure and Google App Engine.
3. Infrastructure as a service: The consumer is
provided with resources like processing
power, storage and networks to be able to
deploy and run applications and operating
systems. The consumer has control over
operating systems, storage and deployed
applications. Examples are: Amazon EC2
and Rackspace
As with most applications, cloud computing services
face many security challenges. The ones we would
like to address in this paper are those related to
integrity, confidentiality and authentication, all of
which concern data protection.
II. ELLIPTIC CURVE CRYPTOGRAPHY
Elliptic curve cryptography (ECC)
Fig. 1.Characteristics of ECC
[5-9]It is an approach to public-key cryptography
based on the algebraic structure of elliptic curves over
finite fields. ECC requires smaller keys compared to
non-ECC cryptography (based on plain Galois fields)
to provide equivalent security. Elliptic curves are
applicable for encryption, digital signatures, pseudo-
random generators and other tasks. Its main
characteristics are as shown in Fig. 1. Stronger
encryption, efficient performance, highly scalable and
it is future of cryptography technology. They are also
used in several integer factorization algorithms that
have applications in cryptography, such as Lenstra
elliptic curve factorization. The primary benefit
180
 International Journal of Computer Engineering and Applications,
Volume XII, Issue III, March 18, www.ijcea.com ISSN 2321-3469

promised by ECC is a smaller key size, reducing
storage and transmission requirements, as shown in
fig. 2, i.e. that an elliptic curve group could provide
the same level of security afforded by an RSA-based
system with a large modulus and correspondingly
larger key: for example, a 256-bit ECC public key
should provide comparable security to a 3072-bit RSA
public key.
 The Elliptic Curve Digital Signature
Algorithm (ECDSA) is based on the Digital
Signature Algorithm,
 The Edwards-curve Digital Signature
Algorithm (EdDSA) is based on Schnorr
signature and uses twisted Edwards curves,
 The ECMQV key agreement scheme is based
on the MQV key agreement scheme,
 The ECQV implicit certificate scheme.

Diffie-Hellman: A cryptographic key exchange

method developed by Whitfield Diffie and Martin
Hellman in 1976. Also known as the "Diffie-Hellman-
Merkle" method and "exponential key agreement," it
Fig. 2.Memory used by ECC, RSA enables parties at both ends to derive a shared, secret
key without ever sending it to each other. Using a
For current cryptographic purposes, an elliptic curve is common number, both sides use a different random
a plane curve over a finite field (rather than the real number as a power to raise the common number. The
numbers) as shown in Fig. 3 which consists of the results are then sent to each other. The receiving party
points satisfying the equation raises the received number to the same random power
along with a distinguished they used before, and the results are the same on both
point at infinity, denoted ∞. sides. Elliptic curve cryptography and key
management shown in Fig. 4

Fig. 3.Elliptic Curve

This set together with the group operation of elliptic

curves is an Abelian group, with the point at infinity
as identity element. The structure of the group is
inherited from the divisor group of the underlying
algebraic variety.

Cryptographic schemes: Several discrete logarithm-

based protocols have been adapted to elliptic curves,
replacing the group with an elliptic curve[6]

 The elliptic curve Diffie–Hellman (ECDH)

key agreement scheme is based on the
Diffie–Hellman scheme,
 The Elliptic Curve Integrated Encryption
Scheme (ECIES), also known as Elliptic
Curve Augmented Encryption Scheme or
simply the Elliptic Curve Encryption
Scheme,
Santosh Kumar Singh, Dr. P.K. Manjhi And Dr. R.K. Tiwari 181
 ELLIPTIC CURVE CRYPTOGRAPHY IN CLOUD COMPUTING SECURITY

a subgroup of it follows from Lagrange's

theorem that the number is an
integer. In cryptographic applications this number h,
called the cofactor, must be small ( ) and
preferably . To summarize: in the prime case,
the domain parameters are ; in
the binary case, they are .
Unless there is an assurance that domain parameters
were generated by a party trusted with respect to their
use, the domain parameters must be validated before
use.

The generation of domain parameters is not usually

done by each participant because this involves
computing the number of points on a curve which is
time-consuming and troublesome to implement. As a
result, several standard bodies published domain
parameters of elliptic curves for several common field
sizes. Such domain parameters are commonly known
as "standard curves" or "named curves"; a named
curve can be referenced either by name or by the
unique object identifier defined in the standard
documents:

 NIST, Recommended Elliptic Curves for

Government Use
 SECG, SEC 2: Recommended Elliptic Curve
Domain Parameters
 ECC Brainpool (RFC 5639), ECC Brainpool
Standard Curves and Curve Generation

Table 1, from NIST SP800-57 (Recommendation for

Key Management), compares various algorithms by
showing comparable key sizes in terms of
computational effort for cryptanalysis. As can be seen,
a considerably smaller key size can be used for ECC
compared to RSA. Furthermore, for equal key lengths,
the computational effort required for ECC and RSA is
comparable. Thus, there is a computational advantage
Fig. 4. ECC Diffie-Hellman Key Exchange to using ECC with a shorter key length than a
comparably secure RSA [3].
Implementation: Some common implementation Table 1 Comparable Key Size in Terms of Computational Effort for
considerations include: Cryptanalysis (NIST SP-800-57)
Symmetric Diffie-Hellman, RSA ECC
Domain parameters: To use ECC, all parties must Key Digital (size (modulus
agree on all the elements defining the elliptic curve, Algorithms Signature of n in size in bits)
that is, the domain parameters of the scheme. The Algorithm bits)
field is defined by p in the prime case and the pair of
m and f in the binary case. The elliptic curve is defined 80 L=1024, N=160 1024 160-223
by the constants a and b used in its defining equation. 112 L=2048, N=224 2048 224-255
Finally, the cyclic subgroup is defined by its generator 128 L=3072, N=256 3072 256-383
(base point) G. For cryptographic application the order 192 L=7680, N=384 7680 384-511
of G, that is the smallest positive number n such that 256 L=15360, N=512 15,360 512+
, is normally prime. Since n is the size of

Santosh Kumar Singh, Dr. P.K. Manjhi And Dr. R.K. Tiwari 182
 International Journal of Computer Engineering and Applications,
Volume XII, Issue III, March 18, www.ijcea.com ISSN 2321-3469
L = size of public key, N = size of private key
III. APPLICATION OF ECC IN CLOUD ARCHITECTURE
When it comes to the application of ECC to cloud
computing security, Tirthani and Ganesan propose a
simple architecture based on the Diffie-Hellman Key
Exchange and ECC to secure a cloud system [2]. In
this section we present their proposed architecture for
a client/cloud server system, which uses a four step
procedure that consists of connection establishment,
account creation, authentication and data exchange.
Establishing the connection to the system and the
creation of an account for a first time user constitute
the two first steps. When a first time user accesses the
system for the first time, an initial connection can be
made using HTTPS and SSL protocols. During
account creation, the cloud server will generate a
unique user ID and the private/public key pair
necessary for ECC encryption.
The third step is the authentication of a user that logs
in to the system. This is done by having the user
provide the user ID that was created during account
creation. The final step, the data exchange, is done by
using the Diffie-Hellman key exchange protocol.
When the client wants to retrieve data from the server,
the client's query is stored in a file which is encrypted
with the servers public key and the client's private key.
The encrypted file is sent to the server, where the file
is decrypted using the server's private key to retrieve
and process the query. Thereafter, the server encrypts
the resulting data with the server's private key and the
client's public key, and sends this back to the client
who can retrieve the queried data by decrypting the
package with his/her own private key.
IV. CONCLUSION
Cloud computing security is of major relevance as a
result of the growing number of services that have
emerged in the recent years. Most of these services
have to handle and protect the consumers' sensitive
data. From the points presented, it is evident that as
intruders gain more resources and develop new
techniques to crack our systems, we have to modify
them to be more robust against these attacks.
Cryptosystems like the RSA, which is widely used
today, seem to be reaching a point where they are
outdated when performance is on the line. Elliptic
curve cryptography has been around for a while, but
has not garnered widespread usage yet, compared to
other cryptosystems. However, ECC has considerable
advantages when it comes to security performance and
Santosh Kumar Singh, Dr. P.K. Manjhi And Dr. R.K. Tiwari
is quite compatible with predominant cryptographic
methods, like the Diffie-Hellman key exchange, as
shown earlier. Therefore, with this paper, we
encourage further development and usage of ECC in
cloud computing security.
REFERENCES
[1] National Institute of Standard and Technology: The NIST
definition of cloud computing, Web: http:// faculty. Winthrop
.edu/ domanm/ csci411 /handouts/NIST.pdf.2011
[2] Tirthani, Ganesan: Data Security in Cloud Architecture Based
on Diffie Hellman and Elliptical Curve Cryptography.
Web:https://eprint.iacr.
org/2014/049.pdf. 2014.
[3] William Stallings, Cryptography and Network Security
Principles and Practice Sixth Edition, Pearsons, ISBN10:0-13-
335469-5.
[4] Santosh kumar Singh, Dr. P.K.Manjhi, Dr. R.K.Tiwari “An
Efficient and Secure Protocol for Ensuring Data Storage
Security in Cloud Computing Using ECC ” International
Journal of Advance Research in Computer and
Communication Engineering, (IJARCCE), Vol-5, Issue 7,
July2016, ISSN: 2278-1021, pp. 5-15, DOI
10.17148/IJARCCE.2016.5702.
[5] Amazon.com, “Amazon Web Services (AWS),” Online at
http://aws. amazon.com, 2008.
[6] Apple “ICloud” Online at http://www.apple.com/icloud/what-
is.html 2010 .
[7] N. Gohring, “Amazon’s S3 down for several hours” Online at
http://www.pcworld.com/businesscenter/article/142549/amazo
nss3 down for several hours.html, 2008.
[8] C. K. Koc: Cryptographic Engineering. Springer 2009.
[9] D. Hankerson, A. Menezes, S. Vanstone: Guide to Elliptic
Curve Cryptography. Springer. 2004.
BIOGRAPHY
First A. Author Santosh Kumar Singh
is a Research Scholar in the
Department of Computer Applications,
Vinoba Bhave University, Hazaribag,
Photograph
Jharkhand, India. He received M. Phil
(Computer Science) degree in 2011 and
Master of Philosophy Dissertation entitled
“study on the network security & network
topology”. He Qualified Doctoral (Ph.D)
Eligibility Test 2014 of Vinoba Bhave
University, Hazaribag. His research interests
are Cloud Computing, Parallel and
Distributed Computing etc. He is currently
working on Cloud Computing.
183