In cloud computing, encryption algorithms play an essential role in providing secure communication through connected and distributed resources. They primarily convert the data into a scrambled type to protect by using “the key,” and transmitter users only have the key to decrypt the data.
There are mainly two types of key encryption techniques used in security algorithms today: symmetric key encryption and asymmetric key encryption. Symmetric key encryption uses a single key to encrypt and decrypt the data. In contrast, asymmetric key encryption uses two keys — a public key for encryption and a private key for decryption.
There are several techniques used to create better data security in cloud storage and ensure secure communication. Encryption techniques convert message or plaintext into ciphertext, and decryption techniques extract the original message or plaintext into the same ciphertext. In this post, we will look at the top 10 cloud security algorithms designed to provide better and secure data security in the cloud.
1. RSA Algorithm
RSA is a Public Key algorithm that provides security by encrypting and decrypting the data so that only authorized users can access it. RSA stands for Ron Rivest, Adi Shamir, and Len Adleman, who first described it in 1977. The data is encrypted, and the ciphertext is then stored onto the cloud. When a user needs the data, the user places a request to the cloud provider, then authorizes the user and provides him the data.
Third-Party can detect Cloud service provider misbehavior with a certain probability by asking for proof for a constant number of blocks independent of the total number of file blocks [4]. Every message block is mapped to an integer value. RSA algorithm consists of Public Key and Private Key. The public key is known to all cloud users, whereas Private-Key is known only to the user who initially owns the data. The Cloud service provider performs encryption, and the Cloud user/cloud customer performs decryption. Once the data is encrypted with the Public Key, it can be decrypted with the corresponding Private Key.
2. Blowfish Algorithm
One of the most common public algorithms provided by Bruce Schneier, Blowfish algorithm, is a symmetric key algorithm, which functions almost like DES Algorithm, in which the key is small and can be decrypted easily. However, in the Blowfish algorithm, the size of the key is massive, and it can differ from 32 to 448 bits. Blowfish also consists of 16 rounds and can encrypt data having multiple sizes of eight, and if the size of the message is not multiple of eight, then bits are protected.
In the Blowfish algorithm also, 64 bits of plain text is separated into two parts of the message as size 32 bits’ length. One part acquires as the left part of the message, and another one is the right part of the message. The left part of the message is XOR with the elements of the P – array which creates some value, after that value is transmitted through transformation function F. The value initiated from the transformation function is again processed XOR with the other half of the message i.e., with right bits, after that F| function is called which replace the left half of the message and P| replace the right side of the message.
3. Diffie Hellman Key Exchange (D-H)
Whitfield Diffie and Martin Hellman discovered Diffie Hellman key algorithm substitute. It is a technique for exchanging securely by using cryptographic keys over a public network and was the primary specific sample of public-key cryptography. It enables only two users to exchange a secret key over an untrusted network. These two users do not need any prior knowledge about secrets sharing information between them. It is predicated on the complexity of computing discrete logarithms of massive prime numbers. It needs two large numbers, one prime (P) and another is (G), a primitive root of P.
4. Elliptic Curve Cryptography Algorithm
Elliptic Curve Cryptography Algorithm was discovered by Neil Koblitz (University of Washington) and Victor Miller (IBM) in 1985. It is a public key encryption technique that depends upon discrete algorithms, which is utilized to create efficient, quicker, and smaller cryptographic keys. Elliptic curve public-key cryptography (ECC) is an innovative approach based on the algebraic structure of elliptic curves over finite fields with low key size. The ECC deals with two points (x, y), which satisfies the equation y2 =x3 +ax+b with some condition (4a3 +27b2 =0) by sharing the secret key. The points that lie on the curve operate as a public key, and random numbers are used as private key encryption. ECC is used in some integer factorization algorithms that have applications in cryptography.
5. Data Encryption Standard (DES) Algorithm
The Data cryptography standard (DES) is a symmetric- key block cipher discovered as FIPS46 within the Federal Register in January 1977 by the National Institute of Standards and Technology (NIST). In encryption site, DES takes a 64- bit plaintext and creates a 64-bit ciphertext, after that the decryption site, it takes a 64-bit ciphertext and creates a 64-bit plaintext. Each encryption and decryption technique is used for the same 56-bit cipher key. The encryption process is made of two permutations (P-boxes), that we tend to call initial and final permutation, and sixteen Feistel rounds [17]. Each round transmits a different 48-bit round key generated from the cipher key encryption.
6. El Gamal encryption
The El Gamal encryption system is an asymmetric key encryption algorithm for performing public-key cryptography, which is based on the Diffie–Hellman key exchange process by using cryptography. Taher Elgamal illustrated it in 1984. ElGamal encryption is protected in the free GNU Privacy Guard software, latest versions of PGP, and other cryptosystems. The Digital Signature Algorithm is detailed about a variant of the ElGamal signature scheme, which should not be confused with ElGamal encryption. ElGamal encryption can be described over any cyclic group G. Its security is based on the difficulty of a certain issue in G related to computing discrete logarithms.
7. Advanced Encryption Standard (AES)
Advanced Encryption Standard is the new encryption suggested by NIST to replace DES. AES comprises three cipher blocks: AES-128, AES-192, and AES-256. AES-128 uses a 128-bit key length to encrypt and decrypt a message block, while AES-192 uses a 192-bit key length, and AES-256 a 256-bit key length for encrypting and decrypting messages. Each cipher encrypts and decrypts data in 128-bit blocks, using 128, 192, and 256-bit cryptographic keys.
Symmetric, also known as a secret key, ciphers use the same key for encryption and decryption, so both sender and receiver have to know the same secret key — and use it —. Top Secret information requires either key lengths of 192 or 256 bits. Ten rounds are available for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for a 256-bit key. A round consists of several processing steps involving the substitution, transposition, and mixing of the plaintext input to transform it into the final ciphertext output.
8. Digital signature algorithm (DSA)
The digital signature algorithm (DSA) refers to a digital signature standard. The National Institute of Standards and Technology (NIST) introduced it in 1991 as a better method for creating digital signatures. Along with RSA, DSA is considered one of today’s most preferred algorithms for digital signatures. DSA does not encrypt message digests using a private key or decrypt message digests using the public key. Rather, it uses unique mathematical functions to create a digital signature consisting of two 160-bit numbers originating from digests of the message and the private key. DSAs use the public key to authenticate the signature, but when compared with RSA, the authentication process is more complicated.
9. Triple data encryption standard (3DES)
3DES is based on the DES algorithm. Making use of Triple-DES is very easy to modify existing software. It also has the advantage of proven reliability and a longer key length that eliminates many of the attacks that can be used to reduce the time it takes to break DES. It takes three 64-bit keys, for a total 192-bit key length. In Stealth, you type in the entire 192-bit (24 characters) key rather than entering each of the three keys individually. The Triple-DES DLL then breaks the user-provided key into three subkeys, padding the keys if necessary, so they are each 64 bits long. The procedure for encryption is the same as regular DES, but it is repeated three times, hence the name Triple DES.
10. MD5 (Message-Digest algorithm 5)
Message-Digest Algorithm 5 (MD5) is a cryptographic hash algorithm that can be used from an arbitrary length string to create a 128-bit string value. Though insecurities with MD5 have been identified, it is still widely used. MD5 is most commonly used for checking file integrity. It’s also used in other security protocols and applications like SSH, SSL, and IPSec, however. Some applications reinforce the MD5 algorithm by adding a salt value to the plaintext, or by applying multiple hash functions.