See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/348977126

Paper 1

Presentation · February 2021

CITATIONS

1 author:

Fursan Thabit
Swami Ramanand Teerth Marathwada University
8 PUBLICATIONS   1 CITATION   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

cloud computing security View project

All content following this page was uploaded by Fursan Thabit on 02 February 2021.

The user has requested enhancement of the downloaded file.

 the definition of NIST for cloud computing, the cloud model is to be composed
of five basic characteristics. These characteristics are presented as follows:
• On-Demand Self-Service: cloud users may obtain cloud on-demand services
such as computation and Network storage when needed, without any human
intervention between users and the Cloud Service Provider (CSP).
• Broad Network Access: Cloud services are always accessible over the
network and can access the services by the large a diifernt devices, such as
personal computers, mobile phones, tablets, and all user platforms.
• Resource Pooling: based on a multi-tenant model, cloud providers resources
are shared among several multiple users.
• Rapid elasticity: the cloud computing is characterized with capabilities can
be efficiently locate and release resources to the cloud users, the capabilities
available are abstracted to cloud users in order to appear as unlimited and
suitable.
• Measured service: cloud resource usage in accordance with customer need
and the business model adopted by cloud-based services. Where customers
pay on a consumption basis, enabling major cost reductions.
Introduction

Data has been pivotal to all facets of human life in the last decades. In recent
years, the huge growth of data as a result of the growth of various applications.
This data needs to be secured and stored in secure sites. Cloud computing is the
technology can be used to store those massive amount of data.
it has become urgent to secure data from attackers to preserve its integrity,
confidentiality, protection, privacy and procedures required for handling it.
This paper work a New Lightweight Cryptographic Algorithm for Enhancing
Data Security that can be used to secure applications on cloud computing.
It is inspired by festal and substitution permutation architectural methods to
improve the complexity of the encryption. The algorithm achieves Shannon’s
theory of diffusion and confusion by the involvement of logical operations, such
as (XOR, XNOR, shifting, swapping). It also features flexibility in the length of
the secret key and the number of round.
This section consists of two sub-sections; one presents cloud
computing security related work and the other presents the
available lightweight cryptographic systems related work.
Any encryption algorithm must accept some set of specifications to provide
high security. The following criteria have been defined, based on the
current literature that should be fulfilled by the newly developed algorithm:

 Encryption of the entire character set

 Encrypting each plain-text character into a special sequence
 There should be strong encoding
 The encryption approach should be complex.
To improve cloud computing protection with low processing, and high performance, a
New Lightweight Cryptographic Algorithm (NLCA) for enhancing data security in
cloud computing environment is proposed. The architecture of the proposed algorithm
provides a simple structure suitable for cloud .

Some well known block cipher including AES (Rijndael) [45], 3-Way [51], Grasshopper
[52], PRESENT [53], SAFER [54], SHARK [55], and Square [56] use Substitution-
Permutation (SP) network. Several alternating rounds of substitution and transposition
satisfies the Shannon’s confusion and diffusion properties that ensues that the cipher
text is changed in apseudo random manner.

Other popular ciphers including SF [57], Blowfish [58], Camelia [59] and DES [60],
use the feistel structure . One of the major advantage of using feistel architecture is that
the encryption and decryption operations are almost same.
The introduced algorithm is a symmetric key block cipher and the idea is inspired by a
combination of Feistel and SP structures methods to improve the complexity of the
encryption.

The main idea of the NLCA is to use is a 16 bytes (128-bit) block cipher and want 16
bytes (128-bit) key to encrypt the data. The encryption process requires encryption
rounds in a symmetric-key algorithm; every round is based on mathematical functions
to generate diffusion and confusion.

Cryptographic algorithms are usually configured to take 10 to 20 rounds on average to

keep the encryption process strong enough to satisfy the specifications of the device.
However, the suggested algorithm is limited to just five rounds to further increase
energy efficiency results, with each encryption round requiring mathematical operations
that involve 4 bits of data to work.
In this algorithm, the technique adopted introduces mixed operations in multiple
algebraic classes, including XOR and Addition operations, to generate difficulty for
attackers. The detailed steps of the procedures are described as follows
Key Generation Block.
Encryption Block.
Decryption Block.
In the following subsections, these blocks will be further clarified in detail, and some of
the essential notes followed in the interpretation are presented in Table 1.
Table 1. Notations.

Notation Function

⊕ XOR

ʘ XNOR

║,╫ Concatenation
The most fundamental component in the processes of encryption and decryption is the
key. It is this key on which entire security of the data is dependent, should this key be
known to an attacker, the secrecy of the data is lost.
The feistel based encryption algorithms are composed of several rounds, each
round requiring a separate key. The encryption/decryption of the proposed algorithm is
composed of five rounds, therefore, we require five unique keys for the said purpose. so,
we introduce a key generation block which is described in this section.

The algorithm is a block cipher of 16 bytes (128-bit) which allows a 16 bytes (128-bit)
key to be taken from the user as an input, which is used as the input to the Generation
Block key. The block will produce five separate keys after conducting.
Key Generation Process
In the first step, the128-bit cipher key (Kc) is split into two segments 64-bits right and
64-bits left. In the Second step the 64-bits right and 64-bits left is split into the segments
of 4-bits.
The f -function used 4 segments, each segment 4 bit (16 bit) as illustrated in Fig. 4.
Substitution can generate for cipher key (Kc) by f-function as shown in equation (1).
𝑲𝒃𝒊 𝒇 = ‖𝟓𝒋=𝟏 𝑲𝒄𝟒 𝒋− 𝟏 +𝒊 (1)
Where i=5;
𝑲𝒂𝒊 𝒇 is output from equation (2)
𝑲𝒂𝒊 𝒇 = 𝒇 𝒃𝒊 𝒇 (2)
 128

64
64

32 32
32 32

16 16 16 16 16 16 16 16

Shift -Row Shift -Row Shift -Row Shift -Row Shift -Row Shift -Row Shift -Row Shift -Row

F-FUNCTION F-FUNCTION F-FUNCTION F-FUNCTION F-FUNCTION F-FUNCTION F-FUNCTION F-FUNCTION

4X4 Matrix 4X4 Matrix 4X4 Matrix 4X4 Matrix 4X4 Matrix 4X4 Matrix 4X4 Matrix 4X4 Matrix

TRANSIPSITIO TRANSIPSITIO
RAIL-FENCE RAIL-FENCE TRANSIPSITIO TRANSIPSITIO
N N RAIL-FENCE RAIL-FENCE
N N

k1 k2 k3 k4 k5 k6 k7 k8

KK1 KK2 KK3 KK4

KKK
128
After producing the sub-keys (KK1, KK2 ... KKK) from the Key Generation Process
and even the plaintext to be encrypted as in Fig.9, the encryption process takes place.
Easy processes, like, XOR, XNOR, AND, OR left shift (LS), substitution (S boxes) and
swapping methods, are conducted throughout the encryption process to create confusion
and diffusion. These operations increase complexity and create confusion for the
attackers.
Encryption Process steps
The message to be encrypted is separated into blocks of plain-text (each referred to as
p) of 16 bytes (128-bit) length as shown in figure 9. Then the following steps encrypt
each block:
• The 128-bit block input is generally divided into four sub-blocks of 32 bits each,
namely, P1, P2, P3, P4 (P0-31, P32-63, P64-95, P96-127 ) This is to produce segments
(Ro11, Ro12, Ro13, Ro14 )
• (Initial state steps): Each sub-block is addressed using working key sub-keys (KK1,
KK2 ... KKK) by combining operations from various algebraic groups, which are
AND, OR, XOR, XNOR operations. As shown in Figure 9.
• Ro11 is the output of XNOR between P0-31 and K1, The product (Ro11) feeds
F-Function to produce EFL1.
• Ro14 is the output of XNOR between P96-127 and K1, The product (Ro14) feeds
F-Function to produce EFR1.
As well as the F-Function seen in Eq.1, the F.Function contains the activity of substitute (S boxes),
AND, OR, and left shift (LS).
F = F1+F2; 32 Bit
F1 = OR (S-boxes (AND (LS (16 bits/4) 16 Bit.
F2 = OR (S-boxes (AND (LS (16 bits/4)16 Bit.
The output from the F function is then XOR .
• Ro12 is the output of XOR between P64-95, and EFL1.
• Ro13 is the output of XOR between P32-63, and EFR1.

Process of switching takes place during the encryption process between the two internal halves.
Then, the switches are between the parts (Ro11, Ro12) and (Ro13, Ro14).
All the previous processes are to increase the complexity of the coding as shown in Fig.9.

After that, the encoded text is obtained by equation (5).

𝑪𝒕 = 𝑹𝟓𝟏 ⧺ 𝑹𝟓𝟐 ⧺ 𝑹𝟓𝟑 ⧺ 𝑹𝟓𝟒 (5)
 128
Plaintext

PX 0-31 PX 32-63 PX 64-95 PX-96-127

P1 P2 P3 P4
F=F1+F2
F=F1+F2 EFL-1 EFR_1
KK1 F KK1
F R 1_3
R 1_1 R 1_2
R 1_4
P1 P2 P3 P4

P1 P2 P3 P4
F=F1+F2 EFL-2 F=F1+F2
KK2 EFR_2
KK2
F R 2_3 F
R 2_1 R 2_2
R 2_4
P1 P2 P3
P4

P1 P2 P3 P4
F=F1+F2 EFL-3 F=F1+F2
KK3 EFR_3
KK3
F R 3_3 F
R 3_1 R 3_2
R 3_4
P1 P2 P3 P4

P1 P2 P3 P4
F=F1+F2 EFL-4 F=F1+F2
EFR_4
KK4 KK4
F R 4_3 F
R 4_1 R 4_2
R 4_4
P1 P2 P3 P4

P1 P2 P3 P4
F=F1+F2 EFL-5 F=F1+F2
EFR_5
KKK KKK
F R 5_3 F
R 5_1 R 5_2
R 5_4
P1 P2 P3 P4

128 Cipher text

A. Transformation round
Also every round in NLCA algorithm includes numerous transformation tasks that involve XOR,
XNOR, F, functions and swapping. In Fig.6, a single round of the NLCA algorithm is shown.
B. Swapping function:
This is the encryption portion in the left half 32 bits are swapped to the right position and right half
of 32 bits are swapped to half-place left As shown in Fig.7. The main goal of switching Role is to
adjust the initial data location to get the data a more complicated cipher.
C. F Function: This is a central component of encryption the algorithm that causes data diffusion.
The S Boxes, is conducted processes of AND & OR and left shifting (LS) Operations of 16 data bits,
as seen in Fig.4.
D. Left Shifting (LS): 16 bits of data are in the LS process divided into 4-bit blocks and left shifting
Conducted on each block. Outcomes of this activity full data Bit Mixing. The mechanism shown in
Fig.7
F. Operations of XOR & XNOR: Simple logical logic Operations that is appropriate to produce
confusion and diffusion for results.
PX 0-31 PX 32-63 P1 P2 P3 P4
P1 P2 P3 P4
F=F1+F2
F=F1+F2 EFL-1 EFR_1
KK1 F KK1
F R 1_3
R 1_1 R 1_2

P1 P2 P3
R 1_4
P4
P1 P2 P3 P4
The computational procedure used for the decryption of the Ci cipher-text block is exactly
the same as the Mi block encryption method. The 128 -bit long Ci block is first split into 4
sub-blocks, and then handled with the same working keys using mixed XOR and Sub
operations. And since they are the reverse of the encryption operation, the precise steps
for the procedure would not need to be written.
Experimental Environment:

In order to analyze the efficiency of the proposed algorithm various kinds of symmetric
cryptographic algorithms are used. The experimental setting consists of a cloud network
consisting of the Xen Server hypervisor (6.1an Open stack middleware and a client that
uses Citrix Desktop [29] to access the Xen-Server-hosted virtual machine). The cloud
server description as Core I5 (4.8 GHz) with 4 GB of RAM, and the client computer
utilizes the Core I3 with 4 GB RAM. The building code in c++ language and math- lab
impletemtion to test the performance of algorithms
In this section, experimental studies are performed to display and check the feasibility
of the proposed algorithm. The experiment is performed on a 128-bit key size text data
type and the block size is 128 bits. The 128-bit key, which is expressed as a 4-4 matrix,
is generated based on the key generation procedure.
Example:
The inputs are:
1. Data block = Original
0A 0B 0C 0D 0F 01 02 03 04
05 06 07 08 09 1A 2B
2. Encryption key (K) = Key cipher
4F 29 4C 71 D3 AB 29 D0 AB
79 AC 69 A2 73 AC 7B
3. Number of rounds = 5
Table.4. as an example of the encryption method lists the obtained values for encrypting
a message block for four rounds. For all stages of the four rounds, the table displays the
message block bytes, from plain text to cipher-text.
 State Value
P1 P2 P3 P4 P5 P6 P7 P8 P9 P10 P11 P12 P13 P14 P15 P16
Original 0A 0B 0C 0D 0F 01 02 03 04 05 06 07 08 09 1A 2B
key 01 02 04 05 06 AA BB CC 44 DD EE 88 09 04 05 06
Key cipher 4F 29 4C 71 D3 AB 29 D0 AB 79 AC 69 A2 73 AC 7B
Round 1 BA DD BF 83 AF 5B FA 9A 2B 59 27 2P P8 DF A9 A5
Round 2 C3 0F 2C B1 41 5P 2E 1D F8 A1 E9 F0 01 0D FA 04
Round 3 D7 89 7F 27 39 A9 1C 1D A0 EB 00 D4 15 8B A2 92
Round 4 64 25 AF 99 81 32 9A 53 A6 0D A2 84 FD 67 53 50
Encrypted 64 25 AF 99 81 32 9A 53 A6 0D A2 84 FD 67 53 50

State Value

P1 P2 P3 P4 P5 P6 P7 P8 P9 P10 P11 P12 P13 P14 P15 P16

Key cipher 4F 29 4C 71 D3 AB 29 D0 AB 79 AC 69 A2 73 AC 7B

Encrypted 64 25 AF 99 81 32 9A 53 A6 0D A2 84 FD 67 53 50

Round 4 64 25 AF 99 81 32 9A 53 A6 0D A2 84 FD 67 53 50

Round 3 D7 89 7F 27 39 A9 1C 1D A0 EB 00 D4 15 8B A2 92

Round 2 C3 0F 2C B1 41 5P 2E 1D F8 A1 E9 F0 01 0D FA 04

Round 1 BA DD BF 83 AF 5B FA 9A 2B 59 27 2P P8 DF A9 A5

Original 0A 0B 0C 0D 0F 01 02 03 04 05 06 07 08 09 1A 2B
Comparative analysis of parameters:

In this part, the analysis differentiates between symmetric algorithms by

executing them in the same cloud environment. A brief comparison is shown in
Table 6. Showing The Block Size, Key Length, Possible Key, Mathematical
Operations, Cipher Type and Security Power, for the frequently used
cryptographic schemes, namely DES [30], AES [30], HIGHT [30], Blowfish
[30], and LED [30], together with the proposed lightweight algorithm namely
(NLCA). It is possible to observe it from this table that the proposed
algorithm is high security strength with a highly flexible.as we are shown in
the table 6. The NLCA algorithm lowers computational complexity and
decreases the power of processing by having a clear architecture that consists
of just five encryption rounds;
 Proposed
DES[30] AES [30] HIGHT [31] Blowfish [10] LED [32]
algorithm
Substitution-
Structure Feistel Festial Festial Festial Festial+SP
Permutation
Block size 64 bits 128 bit 64 bits 64 bits 64 or 128 128 , or 256

Key size 56 bits 128, 192, 256 bits 128 bits 32-448 bits 64 or 128 128,256
No. of Round 16 10, 12, 14 32 16 Variable 5
2128 , 2192 Or 2256
Possible key 256 bits 2128 bits 232-2448 bits 264,2128 bits 2128 ,2256 bits
bits
XOR, Mixing,
Permutation, XOR, Mixing, XOR,
Modular Addition, Substitution, XOR, rotations,
XOR, Shifting, Substitution, XNOR,
Mathematical XOR, Modular Shifting ,the S- 2n mod addition,
Substitution. (6 Shifting, Shifting,
Operations subtraction, boxes accept 8-bit substitution (6
bits input 4 output Multiplication, Substitution
Shifting. (8 bits) input and produce bits)
bits) Addition. (16 bits) (4 bits)
32-bit output

S-P Structure 8 S-Box 1 S-Box N/A 4 S- Boxes 4 S- Boxes 4 S- Boxes

S-Box Size 16 * 16 (16 bits) 16 * 16 (16 bits) N/A 8*4(32 bits) 4 x 4 (4 bits) 4 x 4 (4 bits)

Proven Highly
Security rate Secure Secure Secure Secure
inadequate. Secure
 Table 7. Some Symmetric Key Algorithms' Comparison in Terms of
processing time

Key Size File 256 512 1 10 50

DES 3DES AES Blow LED
Size
fish
KB KB MB MB MB

56 192 256 256 64 Time 0.008 0.016 0.03 0.3 1.6

Possible key 256 2192 2256 2256 264 (s)
0.01 0.021 0.04 0.4 2.11
256KB 0.007 0.022 0.007 0.007 0.015
File Size

0.013 0.026 0.053 0.5 2.6

512KB 0.015 0.046 0.015 0.015 0.03

1MB 0.015 0.03 0.061 0.62 3.058

0.03 0.09 0.03 0.03 0.06
10MB 0.32 0.87 0.32 0.26 0.64
Averag 0.0115 0.02325 0.046 0.455 2.342
50MB 1.89 4.5 1.61 2.13 2.9 e t (s)
300

250

DES
200
3DES
150 AES
Blow fish
100 LED
NLCA
50

0
KEY SIZE (KB)

5
4.5
4
3.5
Processing time

3 DES 3DES
2.5
2
AES Blowfish
1.5
1
0.5 LED NLCA
0
255KB 512KB 1MB 10MB 50MB
File Size
• Finally, on the basis data encryption enforcement properties of cloud storage, a brief
discussion of our proposed algorithm is given.
• Security: Because of the use of a complex structure and a mixture of Feistel and SP
architectural approaches, NLCA is a secure algorithm.
• Time Complexity: There is no greater difficulty in time owing to the reduction of the
demands of further rounds.
• Key Generation Process NLCA provides an efficient key process that helps to avoid
brute-force attacks due to the matrix and f-function extension of a key rather than a
single extension key. NLCA since the Key Generation method is used, the security
level will be increased.
• Storage: The proposed algorithm is suitable for the distributed storage system in the
cloud computing context because of the use of the hidden sharing principle to provide
secure access to data over independently unsecure nodes.
• Reliability: the proposed algorithm more reliable and secure.
• Integrity: A minor shift in input data can bring a dramatic change in the ciphered output
due to the use of the transpose and swap procedures.
 The security of cloud computing has become the main of the core issues of cloud
computing. Various processes and techniques have been proposed including
cryptography, which is the most effective.
In this paper a new lightweight cryptographic algorithm has been proposed. It called a
New Lightweight Cryptographic Algorithm (NLCA) for enhancing data security in
cloud computing environment. It encrypts data based on symmetric cryptography.
The algorithm is a 16 bytes (128-bit) block cipher and wants 16 bytes (128-bit) key to
encrypt the data. The algorithm is simple and highly secure encryption-decryption. It
is inspired by Feistel and SP architectural methods to improve the complexity of the
encryption. The proposed algorithm compared the performance with some frequently
cryptographic algorithms namely DES, AES, HIGHT, Blowfish, LWED using various
parameters that are block size, key length, possible key, mathematical operations,
cipher type, and security power.
 • [1] M. Köhler and S. Benkner, “VCE - A Versatile Cloud Environment for Scientific
Applications,” 2011.
• [2] P. Mell and T. Grance, “The NIST definition of cloud computing - SP 800-145,” NIST
Spec. Publ., 2011, doi: 10.1136/emj.2010.096966.
• [3] W. Du, Y. S. Han, J. Deng, and P. K. Varshney, “A pairwise key pre-distribution scheme
for wireless sensor networks,” 2003, doi: 10.1145/948117.948118.
• [4] S. Singh, Y. S. Jeong, and J. H. Park, “A survey on cloud computing security: Issues,
threats, and solutions,” J. Netw. Comput. Appl., 2016, doi: 10.1016/j.jnca.2016.09.002.
• [5] A. N. Jaber and M. F. Bin Zolkipli, “Use of cryptography in cloud computing,” 2013, doi:
10.1109/ICCSCE.2013.6719955.
• [6] D. S. Abd Elminaam, H. M. A. Kader, and M. M. Hadhoud, “Evaluating the performance
of symmetric encryption algorithms,” Int. J. Netw. Secur., 2010.
• [7] M. Panda, “Performance analysis of encryption algorithms for security,” 2017, doi:
10.1109/SCOPES.2016.7955835.
• [8] L. Tawalbeh, N. S. Darwazeh, R. S. Al-Qassas, and F. AlDosari, “A secure cloud
computing model based on data classification,” 2015, doi: 10.1016/j.procs.2015.05.150.
• [9] R. Arora and A. Parashar, “Secure User Data in Cloud Computing Using Encryption
Algorithms,” Int. J. Eng. Res
View publication stats