الفهرس 
Chapter 1: IntroductionOnly 14 pages are availabe for public view
 |  | from | 171 |  |  |
| | | from | 171 | | |
Abstract
Cloud computing technology provides customers with infrastructure, platforms, and software as services through the internet in a cost-effective way based on user demand. Sensitive or confidential information might be stored on the cloud. End users are not aware of the exact location of their data and the cloud service providers made the data servers geographically distributed locations. Cloud customers neither control nor maintain these servers, which may lead to a potential data breach. Therefore, data security is the main concern to the customers that limits their adoption of cloud computing.
Cryptography plays a vital role to address this issue and to obtain such a level of security required on the cloud. It involves three main classes: symmetric cryptosystems, asymmetric cryptosystems, and hash functions. Each class provides some information security goals and has its advantages and limitations. The hybrid cryptography combines more than one cryptographic category to produce a more secure and efficient algorithm. The hybrid model enhances both the security and performance compared to using these cryptosystems individually.
The main objective of this dissertation is to enhance data security in the cloud by proposing a model that provides confidentially, integrity, and authentication based on hybrid cryptographic approach. This model will consist of many cryptographic ciphers integrated to achieve such level of a security.
In this dissertation, we investigated the cryptographic ciphers to select the best of them in terms of security and performance. The factors and criteria used in such comparison were encryption time, decryption time, and throughput and to examine security we used the avalanche effect. Based on our examination, we found that the Advances Encryption Standard (AES) and Blowfish ciphers were the most secure and efficient ciphers but with 50.59 % outperformance of AES compared to Blowfish. As a result, we aimed first to enhance the blowfish cipher.
To accomplish this objective, we proposed an enhancement in the performance of the original Blowfish cipher through designing twelve derivatives of the Blowfish round function and examined them all and select the most secure and efficient configuration. The results showed that derivatives number-2 and number-7 were the most efficient in terms of time complexity and average throughput. The average throughput results showed that variation number-2 came in the first-place with 3.1 MB/s and variation number-7 came next with 3 MB/s. On the other hand, variation number-7 achieved the highest level of security with 50.92% avalanche effect and variation number-2 came next with 50.11%. As a trade-off between performance and security, we chose the variation number-7 as a round function to enhance the standard Blowfish cipher.
In addition, we proposed another modification to the original Blowfish cipher and we called it Modified Blowfish-128 (MBF-128) depending on the enhanced F function (variation numver-7). As the name implies, this modified version accepted a 128-bit input block size instead of 64-bits as the case in the original cipher, to add more the security attributes to the standard Blowfish cipher. The results showed that the MBF-128 algorithm provides 5.35 MB/s throughput which improves the standard Blowfish cipher with 85.12%. Also, the MBF-128 provided better diffusion properties with 50.6% compared to the standard Blowfish cipher which achieved 50.25% and more than AES and Twofish by 0.94% and 0.85% respectively.
After then, we proposed a hybrid encryption model depending on the MBF-128 and AES-128 ciphers to achieve data security in the cloud. In this model, the data is encrypted using MBF-128 then AES, or AES then MBF-128. The encryption order is determined using a randomly generated number, which in turn increases the randomness of the proposed model.
Simulation results of the proposed hybrid encryption model showed
its superiority in both performance and security. We applied relatively large data sizes from 10MB to 100MB for performance evaluation of the proposed model. It achieved average throughput of 5.32 MB/s. Also, it provided more security strength as it achieved 50.74% avalanche effect. In addition, we compared the proposed model to previous work proposed by other researchers. The simulation results showed the outperformance of the proposed hybrid model by 80.46% and added 1.83% more security strength compared to work proposed by other researchers.
furthermore, we proved the implementation feasibility of our proposed model by developing an application using the Python framework. We called it End-to-End Hybrid Encrypted Storage (EHES). The proposed model consists of four main modules: a data encryption module composed of integrating the MBF-128 with the AES ciphers to obtain confidentiality, the Signing module: in which the Hash-Based Message Authentication Code or HMAC was applied to obtain both integrity and authentication, a key generation module in which the Secure Hash Algorithm or SHA-256 along with XOR and addition modulo functions were utilized to generate secret keys for the AES and MBF-128 ciphers, and a key exchange module includes
a (2 out of 2) visual cryptographic scheme combined with the Least Significant Bit steganographic algorithm along with a two-factor authenticator.
Finally, we proved that the EHES model could practically and simply be implemented without too much overhead. We developed a prototype application for the open-source cloud project called OwnCloud. This application is able to upload / download files to and from the OwnCloud storage in a secure way. The proposed model EHES provided data security in the cloud computing environment and it would help in increasing the spread the cloud computing and thus increasing profits for the providers of that service.