Enhancing cloud computing security by paillier homomorphic encryption

Received Feb 8, 2020 Revised Jul 26, 2020 Accepted Nov 5, 2020 In recent years, the trend has increased for the use of cloud computing, which provides broad capabilities with the sharing of resources, and thus it is possible to store and process data in the cloud remotely, but this (cloud) is untrusted because some parties can connect to the network such as the internet and read or change data because it is not protected, therefore, protecting data security and privacy is one of the challenges that must be addressed when using cloud computing. Encryption is interested in the field of security, confidentiality and integrity of information that sent by a secure connection between individuals or institutions regardless of the method used to prepare this connection. But using the traditional encryption methods to encrypt the data before sending it will force the data provider to send his private key to the server to decrypt the data to perform computations on it. In this paper we present a proposal to secure banking data transmission through the cloud by using partially homomorphic encryption algorithms such as (paillier, RSA algorithm) that allow performing mathematical operations on encrypted data without needing to decryption. A proxy server will also use for performing re-encryption process to enhance security.


INTRODUCTION
Cloud computing (CC) definition that provided by National Institute of Standards and Technology (NIST) of U.S. [1]: "Cloud computing is a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models". The use of CC has increased rapidly in many organizations and institutions in addition to increasing issues related to CC environment at the same time, one of these issues are security challenges, which include maintaining the security of information and the securely outsourcing computation that performed by untrusted third-party (cloud). Because there is a risk that personal information as well as sensitive information may exposed by some individuals who may use them for certain purposes may be malicious [2,3]. Utilizing CC for the banking system may help save time and costs, but also concerns about security challenges may expose customer data to disclosure. It has become possible to communicate and share data between the bank and the customer remotely without the need for high costs, but CC remains untrusted because some parties can connect to the network and expose the data so we face security and privacy challenges to maintain the confidentiality of banking data that may be critical and sensitive [4,5].
Homomorphic encryption can be considered the ideal solution for securing and processing financial data in the cloud environment because it has features that enable us to perform mathematical operations on encrypted data inside the cloud without the need to decrypt it, consequently, the output from these operations is also encrypted, and only client who owns the private key can decrypts and obtain the result, which is the same if we perform the same operations on the raw data [6]. In section 2 we will talk about challenges facing banking data in the cloud. In section 3 we will list some of the proposals that used related solutions to our proposal. In section 4 we will define homomorphic encryption with mentioning its most important features and its basic categories. In section 5 we will explain the scheme of RSA algorithm. While in section 6 we will explain the scheme of paillier algorithm. In section 7 we will focus on our proposed model as a solution with the phases in which the banking data go through in the cloud, according to our scheme with the results in section 8.

RELATED WORKS
Due to the fact that CC is broad so storing data may subject to disclosure or change by some parties for curious or malicious purposes. Using the cloud leads to a loss of control over the banking data (account numbers, total deposits, loans ...) [4]. Therefore, different attempts and methods appeared. In 2006 B. Schoenmakers and P. Tuyls proposed a secure computation to preserve privacy using paillier scheme [7]. In 2009 C. Gentry proposed fully homomorphic encryption [8]. Huang et al. proposed a scheme for secure and preserving (Digital Rights Management) DRM by using homomorphic encryption in 2013 [9]. Zhang et al. proposed a secure method for image retrieval in the cloud computing using paillier scheme in 2014 [10]. In 2015 Tebaa et al. proposed a system to preserve the confidentially and privacy of banking database stored in cloud [4]. Raisaro et al. proposed data model can be shared in cloud environment in with privacy-preserving way using El Gamal scheme in 2018 [11]. Attempts are still ongoing by researchers to find the best ways to secure the cloud in various fields.

BANKING DATA IN THE CLOUD
Despite the great progress in the field of cloud computing there are several projects proposed in it, many of these projects have many problems especially when it comes to the banking area [12]. There are still a lot of concerns with the use of the cloud computing environment by many companies and individuals not only banks but in the area of banking data there are special challenges these challenges are [13,14]: a. Security: confidentiality of personal and financial data, such as account number, account balance and applications that perform critical tasks, is crucial. As banks cannot bear the consequences of a security breach. b. Regulatory compliance: Financial institutions must choose appropriate service and operating models to control security concerns and compliance matters. There are some emerging cloud security services to address the risks of privacy, data security and compliance, as well as prevent attacks aimed at data theft, and to detect any breach of compliance with a robust server use for secure of virtual data centres [13].

HOMOMORPHIC CRYPTOSYSTEM
Many users, companies and organizations use the cloud servers to store big data and process it remotely without the use guaranteed methods to solve privacy and security problems [6]. Conventional encryption methods are one of these methods, but when data is encrypted with the public key, the client must send his private key to the cloud to decrypt the data to perform operations on it inside the cloud, which makes the data exposed. Some of these data are sensitive, such as medical or banking data, so in this paper, we present an ideal solution that guarantees the security and privacy of data in the cloud and at the same time allows mathematical operations such as addition and subtraction to be performed without the need to decode it [1,15].

Definition of homomorphic cryptosystem
An encryption called holomorphic if: x, y is represent any integer value and from E(x) and E (y) we can compute E (f(x, y)), in which f be (+, ×, XOR) without knowing or using private key. After decoding the result, we find it is in the same case if the mathematical operation made on the raw data [16].

History of homomorphic cryptosystem
Homomorphic cryptosystem or homomorphic encryption (HE) introduced by authors (Rivest, Adleman and Dertouzos) in 1978 [17]. It considered an optimal solution because it allows the data owner to encrypt the data before sending it to the cloud and storing it on the storage server and thus all mathematical operations will be performed on encrypted data and the final results sent to the beneficiary party are encrypted and only the owner of the private key can decrypt and get the results [1,6].
Homomorphic cryptosystem or homomrphic encryption (HE) can be classified into two mainly categories namely partially homomorphic cryptosystems or partially homomrphic encryption (PHE) and Fully Homomorphic cryptosystem or fully homomorphic encryption (FHE) [18]. Figure 1 shows the most famous encryption schemes in each category [18]. In PHE we can perform one mathematical operation on the encrypted data such as addition or multiplication but not both. While In 2009, Craig Gentry presented the first FHE scheme in his PhD dissertation [8]. This technique allowed performing arbitrary functions over encrypted data without the need to the decryption [8,18].

Features of homomorphic encryption
In this paper we focused on PHE and Paillier algorithm will be used to encrypt banking data that belongs to its customers by using public key, before sending it to the cloud to be stored in a storage server and therefore any process will take place on the encrypted data and the result that the customer or investigator wants to get it will encrypted by its public key and decrypted by the customer's or investigator's private key who is the only owner of the key. So we will first mention to the features of HE which made it the ideal solution to the problems of security and privacy in the cloud [16]: a. A homomorphic encryption is additive if: where (mi) is the raw data and its value is unknown, such as Paillier and Goldwasser-Micali algorithms. b. A homomorphic encryption is multiplicative if: where (mi) is the raw data and its value are unknown, such as Paillier and Goldwasser-Micali algorithms.

Functions of homomorphic encryption
HE consists of key Functions that collectively constitute the process of securing data before storing it in the cloud in addition to retrieving the results in a secure manner these functions are [19]: a. Key generation: for each client a pair of keys will be generated these keys are usually called public key and a secret or private key (pk, sk). b. Encryption (E): Using public key pk client encrypts the plain text m and generate the cipher text (c), this (c) will send to the server.
Epk (m) =c (3) c. Evaluation (EV): Server has a function f for doing evaluation of c EV (f(c)), and performed this as per the required function using client's public key Cpk. d. Decryption (D): Generated EV (f(c)) will be decrypted by client using its sk and gets the original result.  [16]. Algorithm 1 describe RSA algorithm [19].
Chose two large prime numbers p and q randomly and independently of each other 2.
Compute c=m e mod n c∈Zn c) Decryption D(c, sk) 1.
Compute message m m=c d mod n m∈Zn

Paillier algorithm
The Paillier algorithm cryptosystem proposed by French researcher Paillier in 1999 is public key cryptography algorithm [21]. And it is one of the supporting methods for PHE, which supports only one operation on cipher text [22]. In this method for each user will generate pair of keys public key (pk) that can be published and distributed to the rest of the parties and the private key (sk) that remains secret and cannot published. When a message is sent from the party Bob to the party Alice, the message will be encrypted with Alice's public key and then sent as an encrypted message and when it arrives to Alice, he uses his private key that corresponding to the public key to decrypt it [19,23]. Algorithm 2 describe Paillier algorithm [23,24].
Chose two large prime numbers p and q randomly and independently of each other 2.
Select random r where r ∈ ℤ*n 3.
Compute Chiper text according to the equation (3) c=g m . r n mod n 2 b) Decryption D(c, sk) 1.

2.
Compute message m according to the equation (4) m=L(c λ mod n 2 ). mod n

Proof of additive homomorphic properties for Paillier algorithm
Paillier algorithm support an Additive HE properties that allows performing one operation on the encrypted data [25]. Suppose that we have c1 and c2 two ciphers where: c1= g m1 .r1 mod n 2 . c2= g m2 .r2 mod n 2 .

PROPOSED MODEL
In this paper we will present a solution for secure banking data storage and processing it in the cloud servers remotely by using PHE and re-encryption proxy server to enhance the security. The bank can exposed the resources of cloud computing to store its banking data that belongs to its customers and perform mathematical operations on it remotely on the cloud in a secure manner. We assume that we have a cloud storage server SS, and we have bank's application which represent the data provider which will use paillier algorithm to encrypt its data before storing it on the cloud storage server to be shared or sent to the customer. And we assume that we have a proxy server PS use to perform re-encryption operation to enhance the security, also we have the customer's application that represents the investigator that might be a customer or perhaps one of the bank branches sites. Figure 2 shows the structure of the proposed model for secure banking data. The proposed model will be working as the following: a. By using paillier algorithm for both of SS and PS the two keys (pk, sk) will be generated and their (pk) keys will be combine to generate shared public key (SHpk) which will be published and send to bank's application and customer's application. b. The bank's application splits the data and uses the SHpk to encrypt the data using paillier cryptosystem method and sends it to be storing on the cloud SS as encrypted data. c. When the customer's application sends a request which is either an inquiry about the value of the balance or a request to withdraw an amount from the existing balance it must send its (Cpk) along with the request, and then it must receive an authentication. d. The desired results are obtained which are either a the customer's balance status or the amount remaining in the credit card balance after the withdrawal process, the SS will perform the mathematical operations to obtain the amount remaining in the credit card balance, after that a re-encryption process will performing. e. In re-encryption process each of SS and PS will sequentially decrypts the data (status, result) using its private key and re-encrypts it using (Cpk) and will send it to the customer. The statues f. The customer's application will decrypt the status or result using its private key (Cpk) and thus he will obtain the required result. Figure 2. The structure of the proposed model for secure banking data

RESULTS AND DISCUSSIONS
When measuring efficiency while simulating our proposed method, we set up the proxy server and storage server on separated cloud to prevent the collision. By Intel E5-2680 V3 processor, frequency 2.50 GHz. And 1 GB RAM. And at the customer part we used laptop device with Intel Core i5 processor M-4300, frequency 2.6 GHz, RAM 8 GB. Table 1 show the database stored in bank's application. While Figure 3 shows the encrypted database on the cloud storage server.  We measured the average time to encrypt the 1 KB database in the bank's application and the average time for re-encryption in the cloud. The preliminary results obtained are shown in Table 3 with minimum key size (128 bit) and maximum key size (2048 bit). The difference between the time taken to encrypt 1 KB of data and the time taken to encrypt 10 KB using paillier algorithm by different sized keys is shown in Figure 4. While Figure 5 will show that the key size is an important factor that affects time spent reencryption and decryption using Paillier algorithm.

CONCLUSION
In spite of the increasing trend by companies, medical institutions and banks to use cloud computing technologies now fears are still present about the possibility of data being exposed to the risk of disclosure while storing them or performing mathematical operation on them, especially sensitive data such as account numbers or personal information that pertains to the customer such as address, phone numbers and others. Conventional encryption is not feasible in cloud computing. Because the bank will have to send its private key to the cloud to decrypt the data and perform addition or subtraction operations, so the data in the cloud is exposed to disclosure. In this paper we proposed a good way to encode bank data before sending it to the cloud using homomorphic encryption algorithm which is Paillier algorithm, data will be stored as encrypted data and any process that will take place inside the cloud will perform on encrypted data and the result that we get will also be encrypted and the customer or the party who owns the private key is alone who can decode and get the result. These operations will decrease the time and cost that required in the banking systems.