Content uploaded by Kavitha C.R
Author content
All content in this area was uploaded by Kavitha C.R on Jul 16, 2022
Content may be subject to copyright.
Preserving Data Privacy in Cloud using Homomorphic
Encryption
Shrujana Murthy 1, Kavitha C.R. 2
Dept. of Computer Science & Engineering
Amrita School of Engineering, Bengaluru
Amrita Vishwa Vidyapeetham, India
E-mail: murthy.shrujana@gmail.com 1, cr_kavitha@blr.amrita.edu 2
Abstract— Cloud computing these days, may be an
elementary amendment happening within the space of data
technology. It plays a vital role in terms of information
storing and reducing the value to entrepreneurs. However,
knowledge security continues to be one in all the highest
issues for cloud computing. To produce the secure
knowledge storage and retrieval, several techniques are
projected however the bulk of them face some drawbacks
that diminish the practicality of Cloud Computing. This
work scrutinizes the Partial Homomorphic encoding that
permits performing arts operations on encrypted
knowledge while not compromising the encoding. The most
aim is to propose a brand-new design to secure cloud
computing, forestall security risks and improve the
performance and also the time of information process.
Keywords— IoT, secure data sharing, IoT security, double
encryption, homomorphic encryption, AWS, multimedia
medical data, Advanced Encryption Standard (AES)
algorithm, data security, medical data security, cloud
computing
I. INTRODUCTION
Moving ahead with time, we are all becoming smart and
thus making the things [14] we use smarter too. We are
developing more and more devices and complicating the
device by giving it various tasks to perform and making our
own lives simpler because all the tasks that we are to do is
done by the devices that we invented over time. For
example, a coffee maker, its only supposed to make coffee
upon putting the ingredients to make coffee in it. But now
we have made it a smart coffee maker. So, it not only makes
the coffee but also before leaving home intimates the user
that his coffee is ready. Another example is of a smart
home. Earlier one should have to remember to turn off all
the lights and fans before leaving home. Else they would be
running till they get back home in the evening. But now,
since we have a smart home, we don’t need to remember
and turn off all the lights and fans before leaving home.
After 20 minutes the fans and lights are automatically turned
off if no one is in the house because it’s a smart home. One
more such example is a smart watch. Earlier the watch was
just a device to give information about what time of the day
it is. But now since it’s a smart watch, the watch gives many
more details such as ‘xyz’ number of steps have been
walked by the user, ‘abc’ number of calories have been
burned, what is the rate at which the heart is beating or the
user hasn’t moved from his place for more than an hour. So,
what is the understanding is that, by making devices smart
we are not only saving energy in doing the tasks that have to
be done but also do much more work in the same time.
There are many advantages in devices being smart and
helping mankind do their daily routine much faster and in a
much more efficient manner. Hence the more and more the
devices becomes smart, the more and more time is available
to do various other tasks but at the same time important and
sensitive data is being shared over the internet which is
some food for thought. After all, with every boon comes a
bane!
We can’t help but to play safe with the data that we share on
the internet. Hence securing this data plays a crucial role
while sharing anything to anyone. The cloud is a multi-
tenant environment and both the provider and tenant have
more security threats. The data in the cloud is only safe
when it’s in the encrypted form. The proposal here is to
encrypt data before sending to the cloud providers using a
cryptosystem based on Homomorphic Encryption which
allows performing computations on encrypted data without
decrypting. This technique avoids the problem of providing
the encryption key to the cloud provider in order to perform
the calculations required. Homomorphic encryption is
double encryption or encryption of the already encrypted
data. Homomorphic encryption is of various types. They
could be Partial Homomorphic Encryption (PHE) or Fully
Homomorphic Encryption (FHE). PHE makes use of only
few of the arithmetic operations such as addition and
multiplication. Whereas FHE deals with all the arithmetic
operations. In the next section several papers have been
studied about what are the existing schemes to provide
security to data, what all has been implemented till date,
how far the accuracy has been reached, what is the future
scope of this.
II. RELATED WORK
In [1] a medicinal services framework Healthcare and
Environment Safety (HES) system is structured such that it
gathers restorative information from remote body zone
systems (WBANs), transmits them through a broad remote
sensor arrange foundation lastly distributes them into remote
individual territory systems (WPANs) by means of an
entryway. The fast hypothetical and test assessments are led
to show the security, protection and enhanced execution of
HES contrasted and current frameworks or plans. At long
last, the model usage of HES is investigated to confirm its
attainability. Fast innovative combination of IoT, remote
body-zone systems (WBANs) and distributed computing has
caused e-medicinal services (electronic-human services) to
rise as a promising data serious modern application area that
can possibly enhance the nature of therapeutic
consideration. A safe and solid e-/m-social insurance
structure to shield against threatening assaults and dangers is
1131
featured for accessible utilizations of the enlightening zed
medicinal services industry. Because of the asset stressed
qualities, (for example, restricted power) of cell phones and
sensors, the exchange off among productivity and protection
or security must be additionally adjusted for the business
advancement of e-/m-human services. Accordingly, this
paper centers around structuring a e-/m-social insurance
engineering in which therapeutic detecting information from
a remote body-territory intranet is handed-off by means of
an all-inclusive remote sensor arrange framework and after
that dissipated to individual region systems or the Internet.
This design additionally underscores security and protection
safeguarding amid information transmission while ensuring
information accessibility. In [2] they handle the check of
supporting intensive scale closeness look over disorganized
component made sight and sound data, by considering the
hunt criteria as an awfully vital element vector instead of a
phrase. Our answers a supported deliberately planned down
like Bloom filters that use regionally sensitive
hashing/Locality Sensitive Hashing (LSH) to code a record
partner the file identifiers and highlight vectors [2]. Their
plans concluded up being secure against adaptively picked
inquiry assault and forward non-public within the
commonplace model. they need assessed the execution of
their arrange on totally different true high-dimensional
datasets and accomplished a hunt nature of ninety-nine
review with simply some of quantities of hash tables for
LSH. This demonstrates their file is reduced and looking out
is not just efficient nonetheless additionally precise. We
researched the issue of security saving likeness seek over
encoded include rich information. We proposed a fast and
smaller likeness seek file supporting efficient file and record
refreshes. In view of all around defined safety models with
spillages, we demonstrated our list developments are
semantically secure against adaptively picked question
assault. Hypothetical execution investigation was likewise
introduced to painstakingly portray our record structures.
Using three diverse agent genuine world datasets, we
demonstrated that our list developments are profoundly
minimized, basically secure and empowering efficient
comparability look over encoded interactive media
information with high inquiry quality. This paper [3]
proposes a [*fr1] and [*fr1] security show for anchoring the
indicative content info in therapeutic footage. The planned
model is formed through incorporating either second
separate riffle remodel one Level (2D-DWT-1L) or second
separate riffle remodel two Level (2D-DWT-2L)
steganography system with a planned [*fr1]and [*fr1]
coding conspires. This paper [4] studies the symmetric
natives reasonable for the curiously solid flexibility
prerequisites of end-to-end encryption with regards to IoT.
For instance, on the articles side, criteria, for example, light
weightiness and in addition efficient programming-based
amiability to oppose side channels or blame assaults must be
considered. At the opposite end of the range, on the cloud
side, the equivalent crypto natives must have the capacity to
efficiently achieve the simple superior exhibitions required
to deal with substantial quantities of articles on higher-end
processors. Cherry on the cake, it would likewise be
attractive for the natives that are conveyed in the present IoT
frameworks to interface as consistently and as efficiently as
conceivable with the future encoded area administrations
which will be based over developing crypto natives. For
example, homomorphic encryption or multiparty
calculation. Considering ongoing deals with both the usage
security and in addition the homomorphic execution of some
lightweight IV- based stream figures, this paper contends
that it might be conceivable to have the cake, the cherry and
the cream over it. Utilizing the Trivium stream figure as a
running precedent, it is this present paper's purpose to
contend that IV-based lightweight stream figures at first
intended for equipment are sufficiently adaptable natives to
address the numerous requirements and imperatives of end-
to-end encryption in both existing and future IoT framework
designs. This is maybe in slight resistance to standard way
of thinking which will in general support (lightweight)
square figures in such applications. Obviously, utilizing 80-
bits keys may appear insufficient in a time when the bitcoin
mineworkers pool takes 2.7 days to assess 280 (halfway)
hash capacities (generally burning through 13.5 M$ in
power to do as such) and assailants turns out to be
(hypothetically) engaged with Grover's calculation. In any
case, in spite of the fact that 80-bits keys can at present be
contended to give worthy security to IoT applications in the
foreseeable future, the vast majority of the contentions
developed in this paper apply to different calculations
having bigger key sizes and Trivium itself currently has
bigger key size kin. For information security [5] and
common sense, the gathered huge information can be
scrambled and afterward put away on a cloud server with
the end goal that just approved clients, for example, the
information proprietor and the specialists, can get to.
Nonetheless, savvy terminals are normally restricted in
registering force and clients' protection issues remain. To
boost the efficiency of secret writing, we tend to gift the on
the web/offline secret writing innovation within the secret
writing stage. Before the message is thought, plenty of labor
that's needed at the secret writing stage are going to be
finished. At that time, once the message is thought, the
ciphertext will be created speedily. Plus, the introduction
part of the framework doesn't ought to verify all qualities.
At the purpose once the overall traits of the framework
shoppers’ increment, the framework should not be
reinitialized, which is able to likewise enhance the
framework efficiency. Security examination and execution
investigation demonstrate that {the data the knowledge the
data} sharing set up is secure and might enhance data
making ready capability in IoT based mostly information
sharing. to confirm the protection of shoppers and enhance
the efficiency of secret writing. If the attribute coordinating
capability is expelled, qualities area unit planning to be lined
up into the entry structure. the entry management structure
will likewise spillage shopper protection. By utilizing the
Attribute Bloom Filter (ABF), we can hide at intervals the
full traits at intervals the mysterious access management
structure. to the currented, the info place away on the cloud
server area unit planning to be ensured. Also, to provide the
ciphertext faster, we tend to utilize on the web/offline secret
writing innovation. Before the encoded knowledge is
thought, loads of labor that's needed at the secret writing
stage are going to be finished. At the purpose once the
disorganized knowledge is thought, the ciphertext may be
created apace. to the present finish, the efficiency of secret
writing can likewise be settled. At last, in our set up, the
Proceedings of the Third International Conference on Electronics Communication and Aerospace Technology [ICECA 2019]
IEEE Conference Record # 45616; IEEE Xplore ISBN: 978-1-7281-0167-5
978-1-7281-0167-5/19/$31.00 ©2019 IEEE 1132
introduction section of the framework doesn't ought to
indicate all properties. At the purpose once the final
properties of the framework purchasers’ increment, the
framework should not be reinitialized, which can be in
addition AN approach to reinforce the efficiency. Security
[6] is that the most elementary issue within the thick of
transmission of therapeutic photos since it contains delicate
information of patients. medicative image security could be
an elementary technique for secure the touchy data once
machine-controlled photos and their applicable patient data
area unit transmitted crosswise over open systems. during
this paper, the double secret writing strategy is employed to
encipher the restorative photos. Initially Blowfish secret
writing is considered and afterwards signcryption
calculation is employed to affirm the secret writing show.
From that time onward, the Opposition primarily based
Flower pollination (OFP) is employed to revamp the
personal and open keys. The execution of the planned
methodology is assessed utilizing execution estimates, for
instance, Peak Signal to Noise magnitude Relation (PSNR),
entropy, Mean Sq. Error (MSE), and Coefficient of
Correlation (CC). Their planned restorative image security
method has been dead victimization MATLAB 2016a with
the i5 processor and 4GB RAM. The re-enactment
technique considers 5 model therapeutic photos that were
gathered from completely different sites.
[7] Lot of data is being stored in the cloud. Hence the need
arises to be safe with what data is shared on the cloud. Thus,
increasing the cloud computation complexity would avoid
mislead hackers. There is a tendency to note that a lot of
different science techniques will be wont to facilitate secure
cloud computing, together with practical secret writing,
identity-based secret writing and attribute-based secret
writing, tendency to specialize in the techniques [7]. [8] The
paper conducts an analytical performance study, exploring
key style house parameters further as comparison with
different style approaches within the literature, supported an
actual FPGA implementation, estimated an influence
consumption of 10Watt, and area-time-power of twenty.20
billion transistor-sec Watt, probably allowing promising
quantifiability [8]. [8] During this paper, the planning house
of SW/HW is explored. [9] This text, investigated the
privacy challenges at intervals Brobdingnagian /the large/
the massive} information era by initial distinctive huge
information privacy wants then discussing whether or not or
not existing privacy-preserving techniques unit of
measurement enough for big process [9]. [10] during this
paper, CryptoImg, a library of ordinary privacy protecting
image method operations is introduced over encrypted
footage. [11] thus on cope with these problems, thick
analysis and improvement unit required as a result of it
inferred from the results of this analysis that Homomorphic
secret writing remains in its early stage of development and
huge utility are going to be anticipated once exaggerated
properly [11]. [12] This paper provides a comparative study
of three-cloud middleware. [12] This work scrutinizes the
absolutely Homomorphic secret writing that permits playing
operations on encrypted knowledge while not compromising
the secret writing. [12] The aim of this paper is to propose a
brand-new design to secure cloud computing, stop security
risks and improve the performance and also the time of
information process. This framework is predicated on
Cryptography as a Service (CaaS) together with the personal
cloud OpenStack platform [12]. The protection concern is
that the major downside of widespread adoption of cloud
computing technology by organizations that use sensitive
and necessary info [12].
III. PROPOSED SYSTEM
This is an approach to securely share data over the internet.
To do this, we have used an approach where the data is first
encrypted and uploaded to the cloud. The cloud now has
data in the encrypted form. The data should now reach the
receiver in the double encrypted form. The traditional
approach to do this was to download data from the cloud in
the receiver’s local PC and then decrypt it. But then there
would be no security in this. Hence, the data received by the
receiver has to be in the encrypted form and any search
operation performed on this data should not give the hacker
any information about the data. Hence, we opt for a
technique where the data is first encrypted using AES
algorithm (Advanced Encryption Scheme) and uploaded to
the cloud. The cloud that we have made use of is the AWS
(Amazon Web Services) because we want the cloud to
encrypt the already encrypted data and send to the particular
receiver/user. Now any search done will not leak
information. Also, this encrypted data will be incremented
again in the cloud and then sent to the particular receiver
only. Hence to increase the complexity of decryption we
propose a scheme to encrypt the already encrypted data in
the cloud or in other words to do a double encryption on the
data. Here the second encryption is happening on the
already encrypted data or the cipher text of the data which
means the first encryption happens on the plain text and the
second encryption happens on the cipher text. The data that
we have made use of here is medical data. This medical data
can be of any form originally. The diagram below shows the
implementation pictorially.
Fig. 1 Architecture of implementation
So, here there is a small twist. The data of any file format is
saved as an image. Now this image is encrypted and then
again encrypted. So actually, there are only two rounds of
encryption but even after decryption the original data cannot
Proceedings of the Third International Conference on Electronics Communication and Aerospace Technology [ICECA 2019]
IEEE Conference Record # 45616; IEEE Xplore ISBN: 978-1-7281-0167-5
978-1-7281-0167-5/19/$31.00 ©2019 IEEE 1133
be viewed because it has been saved using a different file
format. So, unless the decrypted file is viewed in the right
format it will not be visible to the receiver. Also, to do the
second round of encryption, we have provided an
opportunity for the user to choose any random self-
generated key, (every time the user wishes to share data to
the receiver) and encrypt the data. In this way there is a
very high level of security provided to data being shared.
This is most useful if there are any sensitive or confidential
data to be shared via the internet.
IV. RESULT ANALYSIS
Multimedia encryption and decryption for medical data
happens here. Firstly, an account is created in AWS. Then
encrypt the medical data using AES algorithm. This
encrypted file is now uploaded to AWS cloud. Now we
generate our own key and encrypt the already encrypted
data and send this double encrypted file to the user/receiver.
The receiver now decrypts the file received and gets the
original data and then views it in the correct format to be
able to view the original data. The figures below show this
procedure followed in sequence.
Fig. 2 Configuring AWS account
The above figure shows how the AWS account is
configured. After typing ‘aws configure –profile
profilename’ it asks for the AWS access key ID. This will
be present in the AWS account. Upon filling that it asks for
AWS secret access key ID. This is also present in the AWS
account. After filling these details, it asks for the ‘default
region name’. this depends on the region filled by the user
while creating the AWS account. After this it asks for the
‘default output type’ which is ‘json’. These are the details to
be filled. The below figure shows details of what appears
after entering these details and how the further process
continues.
Fig. 3 command to encrypt encrypted file with self-
generated random key and upload to cloud
The above figure shows the command prompt command that
needs to be entered in order to encrypt the encrypted file
with self-generated random key and upload to cloud. The
command is ‘aws s3 cp filename s3://bucket name --sse-c-
key random key of 32 length --sse-c encryption type --
profile profilename’. The below figure shows details of
what appears after typing the above command in the
command prompt.
Fig. 4 Message showing that the file has been successfully
uploaded to the cloud
Proceedings of the Third International Conference on Electronics Communication and Aerospace Technology [ICECA 2019]
IEEE Conference Record # 45616; IEEE Xplore ISBN: 978-1-7281-0167-5
978-1-7281-0167-5/19/$31.00 ©2019 IEEE 1134
The above figure shows details of the message that appears
after typing the command to encrypt and upload the
encrypted file to the cloud. The message that appears is ‘
upload: .\filename to s3://bucketname/filename’ upon
successful uploading to cloud in encrypted form. The below
figure
V. CONCLUSION
We did an investigative study on the available techniques of
securing data and it in its varied types of file formats
required for paramount safety of personal data of the patient
with his doctor as well as the pharmacy or hospital he is
associated with. The available security techniques just
support one round of encryption. No one has tried to secure
medical data with two rounds on encryption by allowing the
user to generate his own random key and encrypt each time
he wants to share any sensitive medical record with a
foreign doctor or between a patient and a doctor. Hence
after an elaborate and exhaustive research, we conclude that
finally medical data in any file format can be shared easily
and safely over the internet today without any hesitation. It
thus proves confidentiality because unless the client knows
which file format is the original file in, even after decrypting
it, he can’t view it. It also proves integrity because any
modification done can be easily found out. Also, no such
modification can be done because the file is in encrypted
format. Hence even performing a search engine on this
encrypted data is very difficult without decrypting at first.
So, modification of medical data is highly impossible with
the approach presented and if done can be easily found out.
The future work includes to further improve the efficiency
of medical data security even more.
REFERENCES
[1] Avudaiappan, T., R. Balasubramanian, S. Sundara Pandiyan, M.
Saravanan, S. K. Lakshmanaprabu, and K. Shankar. "Medical
image security using dual encryption with oppositional based
optimization algorithm." Journal of medical systems 42, no. 11
(2018).
[2] Zheng, Dong, Axin Wu, Yinghui Zhang, and Qinglan Zhao.
"Efficient and privacy-preserving medical data sharing in
Internet of Things with limited computing power." IEEE Access
(2018)
[3] Elhoseny, Mohamed, Gustavo Ramírez-González, Osama M.
Abu-Elnasr, Shihab A. Shawkat, N. Arunkumar, and Ahmed
Farouk. "Secure medical data transmission model for IoT-based
healthcare systems." IEEE Access 6 (2018): 20596-20608.
[4] Huang, Haiping, Tianhe Gong, Ning Ye, Ruchuan Wang, and
Yi Dou. "Private and secured medical data transmission and
analysis for wireless sensing healthcare system." IEEE
Transactions on Industrial Informatics 13, no. 3 (2017): 1227-
1237
[5] Canteaut, Anne, Sergiu Carpov, Caroline Fontaine, Jacques
Fournier, Benjamin Lac, Marıa Naya-Plasencia, Renaud Sirdey
et al. "End-to-end data security for IoT: from a cloud of
encryptions to encryption in the cloud." In Cesar Conference.
2017.
[6] Sridhar, S., and S. Smys. "Intelligent security framework for iot
devices cryptography based end-to-end security architecture."
In Inventive Systems and Control (ICISC), 2017 International
Conference on, pp. 1-5. IEEE, 2017.
[7] Yakoubov, Sophia, Vijay Gadepally, Nabil Schear, Emily Shen,
and Arkady Yerukhimovich. “A survey of cryptographic
approaches to securing big-data analytics in the cloud”, In 2014
IEEE High Performance Extreme Computing Conference
(HPEC), pp. 1-6. IEEE, 2014.
[8] Abozaid, Ghada, and Ahmed El-Mahdy. “Design Space
Exploration for a Co-Designed Accelerator Supporting
Homomorphic Encryption”, In 2015 20th International
Conference on Control Systems and Computer Science, pp. 431-
438. IEEE, 2015.
[9] Lu, Rongxing, Hui Zhu, Ximeng Liu, Joseph K. Liu, and Jun
Shao. “Toward efficient and privacy-preserving computing in
big data era”, IEEE Network 28, no. 4 (2014): 46-50.
[10] Ziad, M. Tarek Ibn, Amr Alanwar, Moustafa Alzantot, and
Mani Srivastava. “Cryptoimg: Privacy preserving processing
over encrypted images”, In 2016 IEEE Conference on
Communications and Network Security (CNS), pp. 570-575.
IEEE, 2016.
[11] Papisetty, Srinivas Divya. “Homomorphic Encryption: Working
and Analytical Assessment: DGHV, HElib, Paillier, FHEW and
HE in cloud security “(2017).
[12] Rahmani, Hossein, Elankovan Sundararajan, Zulkarnain Md
Ali, and Abdullah Mohd Zin. “Encryption as a Service (EaaS)
as a Solution for Cryptography in Cloud”, Procedia
Technology11 (2013): 1202-1210.
[13] Kavitha C.R., Bharati Harsoor, “A survey on Homomorphic
encryption in cloud security”, International Journal of
Engineering and Technology (UAE), Volume 7, Issue 4, 2018,
Pages 71-74.
[14] Sheik Al Farhan, Kavitha C. R., “End-to-End Encryption
Scheme for IoT Devices Using Two Cryptographic Symmetric
Keys”, I J C T A (International Journal of Control Theory and
Applications), Volume 9, Issue 20, September 2016 Pages: 43-
49.
[15] Deeksha Vimmadisetti, Tushar Sharma, Ashwini Bhaskar,
Kavitha C.R., “Data Security on Cloud: A survey, Research
issues and Challenges”, IJAER International Journal of Applied
Engineering Research), ISSN 0973-4562 Volume 10, Number
11, July 2015, pp: 28875-28887.
[16] Shrujana Murthy, Kavitha C.R., “Intelligent Security
Framework for Multimedia Medical Data in IoT Devices”,
International Conference on IoT, Social, Mobile, Analytics and
Cloud in Computational Vision and Bio-Engineering (ISMAC -
CVB 2019), March 2019.
Proceedings of the Third International Conference on Electronics Communication and Aerospace Technology [ICECA 2019]
IEEE Conference Record # 45616; IEEE Xplore ISBN: 978-1-7281-0167-5
978-1-7281-0167-5/19/$31.00 ©2019 IEEE 1135