Hybrid Blow Fish Algorithm-IPSO based Signing Method for Secure Storage and Computation Process

The aim of the research is cloud security and privacy in order to attain efficient secure storage and secure computation in cloud computing. We suggest a signing method for secure storage and computation process in this study. The proposed hybrid blow fish algorithm is to develop the secure storage of file. Here blowfish algorithm is hybrid with improved particle swarm optimization technique for the intention of secure storage and computation. Blow fish algorithm is applied for encryption and decryption process of our proposed method. In this method inserting a renew key to the file, as if the policy time of the file is over it will routinely erase the file from the cloud server. So that the implemented method employed one renew key for the renewal process of file. Based on this, the executed method is accomplishing high security level. Our method will be implemented in Cloud simulator in the working platform of Java.


INTRODUCTION
Cloud computing is a promising technology to facilitate development of large-scale, on demand, flexible computing infrastructures (Piplode and Singh, 2012)."Cloud computing is one the most important and developing concept for both the developers and the users.Persons who are interrelated with the networking environment, cloud computing is a preferable platform for them (Nafiet al., 2012).Cloud computing change the Internet into a new computing platform, is a business model that achieve purchase on-demand and pay-per-use in network, has a broad development prospects (Tan and Ai, 2011).Cloud computing offers various services such as a user can outsource for performing his computation and save his data to cloud servers by using the Internet.Additionally, it supports to deliver the applications over the Internet that can access from many tools like desktop, web browsers and mobile applications (Yassinet al., 2012).Cloud computing is an Internet-based model for enabling convenient, on-demand network access to a shared pool of configurable computing resources.It eliminates the need of installing and running the application on the customer's own computers (Banyalet al., 2013).Cloud computing allows to reduce IT costs and increase capabilities and reach ability of delivered services (Behl and Behl, 2012).In the cloud environment, resources are shared among all of the servers, users and individuals.As a result files or data stored in the cloud become open to all.Therefore, data or files of an individual can be handled by all other users of the cloud (Nafiet al., 2012).
In general cloud providers offer three types of services i.e., Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) (Padhyet al., 2011).Clouds can provide several types of services like applications (e.g., Google Apps, Microsoft online), infrastructures (e.g., Amazon's EC2, Eucalyptus, Nimbus) and platforms to help developers write applications (e.g., Amazon's S3, Windows Azure) (Rujet al., 2012).Cloud computing is being proposed for different applications related to Consumer Electronics (CE), such as virtualization of consumer storage, Cloud TV platforms that provide access to a number of Web applications such as social networking, user generated video games, etc (Sánchez et al., 2012).The clouds should not know the query but should be able to return the records that satisfy the query.This is achieved by means of searchable encryption (Rujet al., 2014).Unlimited storage for customers is one of the major benefits of cloud computing that reduce the concerns about the amount of remaining memory significantly (Moghaddamet al., 2014).Efficient search is also an important concern in clouds.User privacy is also required so that the cloud or other users do not know the identity of the user.The validity of the user who stores the data is also verified (Rujet al., 2012).Security is one of the largest concerns for the adoption of cloud computing.And also security is a big issue related to many aspects (Chen et al., 2012).
Three security requirements are often considered: confidentiality, integrity and availability for most Internet service providers and cloud users (Zhao et al., 2014).This security has been divided to several parts and one of the most important parts is ensuring about the user authentication processes and managing accesses when users outsource sensitive data share on public or private cloud servers (Moghaddamet al., 2014).The most important security requirements are user identification and authentication (Zwattendorfer and Tauber, 2012).Authentication is to check the identity of the user, which means whether the person is same as he pretends to be (Emam, 2013)."The authentication considers the core of security in the cloud computing.So, it is necessary to allow that only authorized user can access stored data (Yassinet al., 2012).User authentication in cloud computing environments has been divided to two main processes: investigating unique identifiers of users during the initial registration phase and user authentication and validating user legal identities and acquiring their access control privileges for the cloud-based resources and services during the service operation phase (Moghaddamet al., 2014).The keywords are sent to the cloud encrypted and the cloud returns the result without knowing the actual keyword for the search.The problem here is that the data records should have keywords associated with them to enable the search.The correct records are returned only when searched with the exact keywords (Rujet al., 2014).It brought a lot of advantages especially in ubiquitous services where everybody can access computing services through Internet (Banyalet al., 2013).

LITERATURE REVIEW
Several techniques were proposed by various authors for Security Authentication in Clouds and a few of them are explained below: Wang et al. (2011) have proposed the problem of ensuring the integrity of data storage in Cloud Computing.In particular, they consider the task of allowing a Third Party Auditor (TPA), on behalf of the cloud client, to verify the integrity of the dynamic data stored in the cloud.Their construction was deliberately designed to meet those two important goals while efficiency being kept closely in mind.They first identify the difficulties and potential security problems of direct extensions with fully dynamic data updates from prior works and then shown that how to construct an elegant verification scheme for the seamless integration of those two salient features in our protocol design.To achieve efficient data dynamics, they have improved the existing proof of storage models by manipulating the classic Merkle Hash Tree construction for block tag authentication.To support efficient handling of multiple auditing tasks, they have further explored the technique of bilinear aggregate signature to extend their main result into a multiuser setting, where TPA could perform multiple auditing tasks simultaneously.Extensive security and performance analysis is shown that the proposed scheme was highly efficient and provably secure.
Fingerprint recognition is one of the popular and effective approaches for priori authorizing the users and protecting the information elements during the communications.Yang et al. (2011) have proposed a new fingerprint recognition scheme based on a set of assembled invariant moment (geometric moment and Zernike moment) features to ensure the secure communications was proposed.And the proposed scheme was also based on an effective preprocessing, the extraction of local and global features and a powerful classification tool, thus it was able to handle the various input conditions encountered in the cloud computing communication.The experimental results have shown that the proposed method has a higher matching accuracy comparing with traditional or individual feature based methods on public databases.
Sundareswaranet al. (2012) have proposed a highly decentralized information accountability framework to keep track of the actual usage of the users' data in the cloud.In particular, they have also explained an objectcentered approach that enables enclosing their logging mechanism together with users' data and policies.Their approach allowed the data owner to not only audit their content but also enforce strong back-end protection if needed.Moreover, one of the main features of their work was that it enables the data owner to audit even those copies of its data that were made without their knowledge.They leverage the JAR programmable capabilities to both create a dynamic and traveling object and to ensure that any access to users' data will trigger authentication and automated logging local to the JARs.To strengthen user's control, they have also provided distributed auditing mechanisms.They have provided extensive experimental studies that demonstrate the efficiency and effectiveness of the proposed approaches.
Securely maintaining log records over extended periods of time is very important to the proper functioning of any organization.Ray et al. (2013) have proposed a complete system to securely outsource log records to a cloud provider.We reviewed existing solutions and identified problems in the current operating system based logging services such as syslog and practical difficulties in some of the existing secure logging techniques.They have also proposed a comprehensive scheme that addresses security and integrity issues not just during the log generation phase, but also during other stages in the log management process, including log collection, transmission, storage and retrieval.They have provided anonymous upload, retrieve and delete protocols on log records in the cloud using the Tor network.The protocols that they developed for that purpose have potential for usage in many different areas including anonymous publishsubscribe.Current implementation of the logging client was loosely coupled with the operating system based logging.They identify the challenges for a secure cloud-based log management service and propose a framework for doing the same.
Ranjith and Kayathri Devi ( 2013) have proposed a secure cloud storage by providing access to the files with the policy based file access using Attribute Based Encryption (ABE) scheme with RSA key public-private key combination.Private Key was the combination of the user's credentials.So that high security will be achieved.Time based file Revocation scheme was used for file assured deletion.When the time limit of the file expired, the file will be automatically revoked and cannot be accessible to anyone in future.Manual Revocation also supported.Policy based file renewal was proposed.The Renewal could be done by providing the new key to the existing file, will remains the file until the new time limit reaches.Yan et al. (2013) have proposed the security challenges of a novel perspective of VANETs, i.e., taking VANETs to clouds.They have first introduced the security and privacy challenges that VC computing networks have to face and they have also addressed possible security solutions.Although some of the solutions could leverage existing security techniques, there are many unique challenges.The vehicles have high mobility and the communication was inherently unstable and intermittent.They have provided a directional security scheme to shown an appropriate security architecture that handles several, not all, challenges in VCs.The main contribution of that work is to identify and analyze a number of security challenges and potential privacy threats in VCs.Although security issues have received attention in cloud computing and vehicular networks, we identify security challenges that are specific to VCs.In future work, they will investigate the brand-new area and design solutions for each individual challenge.As future work, a specific application will need to analyze and provide security solutions.
Varadharajan and Tupakula (2014) have proposed a security architecture that provides a security as a service model that a cloud provider could offer to its multiple tenants and customers of its tenants.Their security as a service model while offering a baseline security to the provider to protect its own cloud infrastructure also provides flexibility to tenants to have additional security functionalities that suit their security requirements.The paper described the design of the security architecture and discussed how different types of attacks were counteracted by the proposed architecture.They have also described the implementation of the security architecture and gave a detailed analysis of the security mechanisms and performance evaluation results.

PROBLEM DEFINITION
Cloud computing has increases the rate with the wide use of the Internet services.It provide easy to access the documents and pictures and media on cloud storage via the Internet.With the success in technology market, experts are also disturbed about the increased security needs for cloud computing.So many companies are trying to identify the cloud computing security issues.The common problems in existing cloud security approaches are given below: • In an IT infrastructure the attacker will give the so many no of new attack vectors.If some group of people who have a strong control over the cloud computing account and private authentication framework, then the group of people will have a full control of IT infrastructure.If any one of these people is not cautious, an attacker can get hold of the same powers.• In the private cloud computing environment also you will trust the cloud provider for personal data storage.The providers are protecting the customer data from outsiders in some cases the providers are equally industrious protecting the same data from their own technical people.

OBJECTIVE OF THE RESEARCH
These are the main drawbacks of various existing works, which motivate us to do this research on Cloud Security.We are intended to propose a suitable cryptography method to achieve secure data storage and transaction in cloud computing.If the data owner should be encrypt the file and store in to the cloud storage area.If a third person may try to view or downloads the file, if they had the key them he/she is used to decrypt the encrypted file.Sometimes this may be failure due to the technology development and the hackers.To overcome the problem there are many more of techniques introduced to make secure transaction and secure storage.So we will introduce a RSA algorithm for encryption and decryption process.

Proposed method:
We offer a method for secure storage and computation process in this section.According to our proposed method encryption and decryption is prepared by Hybrid Blow Fish Algorithm.Hybrid Blow Fish Algorithm contains Blow Fish Algorithm (BFA) with Improved Particle Swarm Optimization algorithm (IPSO).Now the client will be validated based on the username and password given by the server.The proposed method has a security levels and it has five selectable questions for safety purpose.
The client must answer the five questions.Based on the above the private key will be produced for the encryption process.The detailed process is made cleared in the block diagram of the suggested method.It's revealed in Fig. 1.

Encryption and decryption process:
In our proposed method Hybrid Blow Fish algorithm is applied for both encryption and decryption.Blow fish algorithm is employed for symmetric key cryptography.Blow fish algorithm encloses 64 bit block size and key length from 32 bit to 448 bits.There is P-array and four 32 bit S-boxes.P-array encloses 18 of 32 bit sub keys and each S-box contains 256 entries.Blow fish algorithm contains two parts namely key expansion and data encryption.To change the input key (448 bit) into sub key (4168 bytes) arrays, key expansion is applied.Data encryption is employed 16 round feistel network.Each round contains a key dependent permutation and a key dependent substitution.All functions are XOR's and additions on 32 bit words in blow fish algorithm.

Sub keys of blow fish algorithm:
Huge number of sub keys is applied in Blow fish algorithm.These sub keys are must be precomputed before the encryption and decryption process.

Working of F t function:
Ft function employs four 32 bit S-boxes and each S-box encloses 256 entries.In blow fish algorithm, the first 32 bit left halves is separated into four 8 bit blocks m, n, o and p.The formula using F t function is shown in below: The detailed working process of F t function is shown in Fig. 3. It's shown in below.

Decryption:
The decryption process of blow fish algorithm is similar process of encryption however here the P-array employed reverse.

Improved Particle Swarm Optimization Algorithm (IPSO):
Improved Particle Swarm Optimization is a population based optimization technique.The population is initialized in improved particle swarm optimization with an arbitrary solution and optima searches prepared by revising the initial solution.Afterthat, find the best solution based on the fitness function.Next, choose the individual best (IP best ) and global best (IG best ) among the initial solution.The subsequent step is revise the initial solution here each solution is fine-tuned by differing the velocity.The overall process is made cleared beneath: Step 1: Initialization.

Now each initial solution is arbitrarily generated
where k i S is the solution in k th dimension of i th particle.Velocity ) , , , ( where k i v is the velocity in k th dimension of i th particle.
Step 2: Find fitness function.
Step 3: Find IP best and IG best.
In IPSO,

IG
is the global best position in the k th dimension in the search space.
Updating the velocity based on the Eq.(2) it's shown in below: ) .( ) .( .File upload and file download process: File upload process: At first, the client send request to key manager for the public key if a client desires to upload a file in cloud server.Key manager will be authenticating the policy related with the file.Based on policy the public key will be generated.The policy of the file is similar as the request file the same public key is generated or else new public key will be generated.Based on the public key and private key the file will be encrypted next the encrypted file is uploading to the cloud server.In our proposed method, we employed to upload the file with renew key.If the file policy is expiry, the renew key is applied to restore the file.File uploading process shown in Fig. 5 and 6.It's shown in below.
File download process: After the verification process the user prepared to download the file from the cloud server however the user can never able to read the file.Owing to this problem the user send the request to the key manager for the public key.After getting request from the user, the key manager sends the request to client for conformation.The authenticated user can acquire the public key and private key, based on this the user decrypt the file.The detailed process of file downloading is shown in Fig. 7 and 8.

Renewal process of proposed method:
The client wants to restore the policy key when the policy time is expiry.In our proposed method there is no require of download all the key instead of downloading the whole key the clientwant to download only renew key for the related file.For the safety purpose the renew key is first encrypted with theprivate key and next encrypted renew key is added to the file both are send to the cloud server.In order that theunauthorized person can neveraccess the renew key without the knowledge of the client private key.The overall process is prepared by the subsequent steps: • Download the encrypted renew keys of the file from the cloud server • Decrypted renew key using the private key • Produce new renew key • After that encrypt the new renew key with the private key • Send the new encrypted renew keys to the cloud server to make the policy renewal of file The overall process of policy renewal is clearly explained in Fig. 9 and 10.

RESULTS AND DISCUSSION
This section gives the detailed view of the result that is obtained by our proposed method of Secure Storage and computation process.An efficient signing method for secure storage and computation process in this study.Here a hybrid blow fish algorithm to develop the secure storage of file is proposed where blow fish algorithm is hybridized with improved particle swarm optimization technique for the intention of secure storage and computation.Blow fish algorithm is applied for encryption and decryption process of our proposed method.In this method inserting a renew key to the file, as if the policy time of the file is over it will routinely erase the file from the cloud server.So that the implemented method employed one renew key for the renewal process of file.The upload and download time for various file sizes are tabulated and is shown in the below Table 1.
Figure 11 given below shows the upload time versus the file size in terms of second.The time is proportional to that of file size.
Figure 12 given below shows the download time versus the file size in terms of second.The time is proportional to that of file size.The upload and the download values are directly proportional to that of file size.As the file size increases, the time of upload and download increases correspondingly.
Table 2 given below shows the storage cost and the computation cost for different number of files that we use in the system.The storage time for 10 and 20 files arecomputedat first and the values are tabulated.

CONCLUSION
In this study, signing method for secure storage and computation process is offered based on the hybrid blow fish algorithm.The executed method applied the blow fish algorithm for encryption and decryption.In our suggested method blow fish algorithm is hybrid with improved particle swarm optimization for the reason of secure storage of file to the cloud server.Now one renew key is added to the file for the policy renewal.The renew key is employed to renew the policy time of the file whenever the policy time is expired.The effect of the suggested method is accomplishing high security level.

Fig. 1 :
Fig. 1: The overall block diagram of proposed method

Fig. 4 :
Fig. 4: Flowchart for IPSO where, = Updating velocity of new solution ˢ = Velocity of i th particle c 1 , c 2 = Constants containing value of 2.0 r 1 , r 2 = Independent random numbers equally produced in the range [0, 1] ˟ = Initial position of the particle i k i best IP

Fig. 11 :
Fig. 11: Graphical representation of Upload time versus the file size in terms of second Similarly the computational cost for similar number of files are computed and tabulated as earlier.The graphical representation of the storage cost for different number of files are shown in the below Fig. 13.The graphical representation of the computation cost for different number of files are shown in the below Fig. 14.

Fig. 12 :
Fig. 12: Graphical representation of download time versus the file size in terms of second

Table 1 :
File upload and download time based on file size

Table 2 :
Storage cost and the computation cost for different number