=Paper=
{{Paper
|id=Vol-1580/6
|storemode=property
|title=Homomorphic Encryption as a Solution of Trust Issues in Cloud
|pdfUrl=https://ceur-ws.org/Vol-1580/id6.pdf
|volume=Vol-1580
|authors=Khalid El Makkaou,Abdellah Ezzati,Abderrahim Beni Hssane
|dblpUrl=https://dblp.org/rec/conf/bdca/MakkaouEH15
}}
==Homomorphic Encryption as a Solution of Trust Issues in Cloud==
https://ceur-ws.org/Vol-1580/id6.pdf
Proceedings of the International Conference on Big Data, Cloud and Applications
Tetuan, Morocco, May 25 - 26, 2015
Homomorphic Encryption as a Solution
of Trust Issues in Cloud
Abdellah EZZATI, Khalid EL MAKKAOUI* Abderrahim BENI HSSANE
LAVETE laboratory, Mathematics and Computer Science LAROSERI laboratory, Computer Science Department
Department, Sciences and Techniques Faculty, Hassan 1er Sciences Faculty, Chouaïb Doukkali University
University El Jadida, Morocco
Settat, Morocco abenihssane@yahoo.fr
abdezzati@gmail.com, kh.elmakkaoui@gmail.com
Abstract—With the emergence of cloud computing, the compose it. In Section V, we will illustrate the issues,
concept of trust has become a major issue. Indeed, the key confidence levels and the value of using homomorphic
challenge is to ensure to customers that the selected cloud encryption techniques. In Section VI, we will illustrate the
provider may store and process the raw data safely. If this is a limits of HE cryptosystems. Finally, we will finish with section
storage service, data can be encrypted before sending them to the VII, in which we will present our conclusions and future work.
cloud server; in this case, data confidentiality is assured.
However, before performing treatments, these data must be
decrypted. It is this step that can be considered a breach of II. CLOUD COMPUTING
security. Indeed, the fear of seeing sensitive data be processed in
crude is a major obstacle in adopting cloud services. To A. Definition:
overcome this obstacle and strengthen confidence in the cloud According to a definition given by the NIST (US National
services, in this article we will propose the adoption of of Standards and Technology), “Cloud computing is a model
Homomorphic Encryption methods that are able to perform for enabling ubiquitous, convenient, on-demand network
operations on encrypted data without knowing the key secret. access to a shared pool of configurable computing resources
(e.g., networks, servers, storage, applications, and services) that
Keywords—Cloud Computing; Security; Trust; Confidentiality;
can be rapidly provisioned and released with minimal
Homomorphic Encryption.
management effort or service provider interaction”[1].
I. INTRODUCTION This cloud model is composed of three service models
(Software as a Service, Platform as a Service and
Cloud computing is becoming more and more a magic Infrastructure as a Service) and four deployment models
solution, thanks to the gains it presents at the level of cost of (Private, Public, Community and Hybrid Cloud) [1].
software, maintenance computer park and servers maintenance.
However, safety concerns, including the fear of seeing
B. Essential characteristics:
confidential information processed in plain, is usually the main
obstacle to the adoption of cloud services. Cloud computing services have characteristics that
distinguish them from other technologies. The main
In this article, we will propose to the cloud providers using characteristics are:
the homomorphic encryption technique to ensure the
confidentiality of confidential data storage and processing in On-demand self-service: Ability to provide a computing
order to overcome the problem with the confidentiality of resource automatically without requiring human
information and to build confidence in the adoption of cloud interaction on the side of the provider [1].
services.
Broad network access: Services are available on the
The principle of this technique is to encrypt data before network and accessible through standard mechanisms
sending them to the cloud provider, which allows to perform that promote use of client platforms (eg, mobile phones,
encrypted data operations without having the secret key, and tablets, laptops and desktops) [1].
return a result that is the same as if we had worked directly on
Resource pooling: The provider’s computing resources
the raw data.
are pooled to serve multiple consumers using a multi-
The rest of this paper is organized as follows: In Section II, tenant model, with different physical and virtual
we willl define cloud computing, we will present its service resources dynamically assigned and reassigned
and deployment models, and its essential characteristics. In according to consumer demand. There is a sense of
Section III, we will illustrate some applications of the location independence in that the customer generally has
technique of homomorphic encryption in various areas of the no control or knowledge over the exact location of the
real world. In Section IV, we will define homomorphic provided resources but may be able to specify location at
encryption and present its operation and the categories that
40
� a higher level of abstraction (e.g., country, state, or server cloud). This system has reduced the cloud server
datacenter) [1]. calculations and at the same time has preserved the confidential
information of the user [3].
Rapid elasticity: Possibility to change very quickly the
capacity provided, either more or less [1].
IV. HOMOMORPHIC ENCRYPTION
Measured service: Cloud systems automatically control
and optimize resource use by leveraging a metering A. History
capability at some level of abstraction appropriate to the In 1978, Ronald Rivest, Leonard Adleman and Michael
type of service (e.g., storage, processing, bandwidth, Dertouzos suggested for the first time homomorphic encryption
and active user accounts). Resource usage can be concept [4]. RSA is a public key cryptosystem, which is a
monitored, controlled, and reported, providing multiplicative homomorphic encryption system. The Shafi
transparency for both the provider and consumer of Goldwasser and Silvio Micali (GM) encryption system was
the utilized service [1]. proposed in 1982, it was an additive homomorphic encryption,
but it can encrypt just a single bit [5]. In 1984, Taher ElGamal
III. RELATED WORKS proposed a public-key cryptosystem, which is a multiplicative
Applications using the homomorphic encryption technique homomorphic encryption system [6]. In 1999, the French
in the real world are very diverse and numerous. We will mathematician, Pascal Pailler proposed a new encryption
present here some. algorithm, named cryptosystem Pailler, who was also an
additive homomorphic encryption system [7]. In 2005, Dan
The cloud private system of storage of electronic medical Boneh, Eu-Jin Goh and Kobi Nissim invented an encryption
records of patients, has been proposed. In this system, all data system (BGN), with which we can perform an unlimited
in these files are encrypted by health care providers, before number of additions, but with only one multiplication [8]. In
being transferred to the cloud storage system. Secret keys for 2006, Xing Guangli et al have proposed a homomorphic
access to the raw data folders are shared between the patient encryption scheme which is extended to real numbers. In this
and the specific suppliers. However, this system does not allow system, the operations of addition, subtraction, multiplication
the cloud to perform processing on the data without search by and division are possible [9]. In 2008, Chen Liang and
keywords. With the implementation of fully homomorphic Chengmin Gao proposed Algebra Homomorphic Encryption
encryption, cloud allows to perform operations on encrypted Scheme Based On Updated ElGamal (AHEE) [10, 11]. In
data, and send patient updates, alerts and relevant information 2009, Craig Gentry implemented the fully homomorphic
based on the received data [2]. encryption scheme that was able to make many additions and
In the financial sector, there is a potential application multiplications using ideal lattices and with the bootstrap
scenario, with the objective of safeguarding confidential data method [12]. In 2013, Gorti VNKV Subba Rao proposed
and business customers and functions calculated on the data. Enhanced homomorphic Encryption Scheme (EHES) for
Dissemination of relevant information such as data on homomorphic encryption / decryption with the IND-CCA
companies, the stock price etc., are essential in making secure system. This system allows you to perform operations
investment decisions. These data should be disse possible. The of addition, multiplication and mixed operations [13].
functions which make calculations on these data must be
owners. They are based on new predictive models of the B. Homomorphic Encryption (HE)
performance of share prices, which can be the result of costly Homomorphic encryption systems are capable of
research carried out by financial analysts. Most companies performing operations on encrypted data without knowing the
want to hide these private models to their competitors in order secret key. These operations generate a result, which is
to preserve their investments. With the use of fully itself encrypted (i.e. incomprehensible even to cloud provider).
homomorphic encryption, some of these functions will be The result obtained is the same as if we performed these
evaluated in private mode. The client will thus transfer an operations on the raw data [14].
encrypted version of the function to the cloud, for example a
program where some of the evaluations are specified encrypted Mathematically speaking, we say that a system is
entries. Streaming data is encrypted by the client's public key homomorphic encryption if: from Enc(x) and Enc(y), it is
before being transferred to the cloud. Then the cloud service possible to calculate Enc(f(x, y)), where f can be : +, ×, ⊕
evaluates the private function on encrypted inputs using the [15].
encrypted program description. After the performance of
operations on these data, cloud returns a result itself encrypted The principles of the operation of the Homomorphic
to the client [2]. Encryption are as follows, and as shown in Figure 3[10, 14]:
Also, Sutar and Patil proposed an authentication framework 1) Key generation: The client generates the public key
in the Cloud, considering three parts, namely: Server Cloud, 2) (pk) and the secret key (sk).
the cloud user and third parties. Then, using homomorphic 3) Encryption: The client encrypts the data with pk. And
encryption mechanism, the exchange of information between sends the encrypted data and pk to the Cloud server.
the parties mentioned will be preserved. Here, the 4) Storage: The encrypted data and pk are stored in
authentication process is carried out by a third party after the cloud database.
comparing the information of two other parties (user and the
41
� 5) Request: The client sends a request to the server to Table I presents the categories different homomorphic
perform operations on encrypted data. encryption systems.
6) Evaluation: The processing server processes the
request and performs the operations requested by the TABLE I. CATEGORIES OF HE SCHEMES
client. HE scheme PHE SWHE FHE
7) Response: Cloud provider returns to the client the RSA
processed result.
GM
8) Decryption: The client decrypts the returned result,
ElGamal
using sk.
Pailler
BGN
AHEE
Graig's
EHFS
C. HE cryptosystems:
HE systems are numerous. We present two cryptosystems
are: ElGamal and EHES.
1) ElGamal cryptosystem
Figure 1. Homomorphic Encryption functions
Among the homomorphic encryption systems are
distinguished, depending on the operations that evaluates raw
data, multiplicative homomorphic encryption and additive
homomorphic encryption.
Multiplicative Homomorphic Encryption: A
homomorphic encryption is multiplicative, if there is an
algorithm that can calculate Enc (x × y) from Enc (x)
and Enc (y) without knowing x and y [16].
Additive Homomorphic Encryption: A homomorphic
encryption is additive, if there is an algorithm that can
calculate Enc (x + y) from Enc (x) and Enc (y) without
knowing x and y [16].
Among Homomorphic Encryption systems, we
distinguish three categories, depending on the operations
performed on the data :
Partially Homomorphic Encryption (PHE) : allows
to perform operations on encrypted data, let
multiplication or addition, but not both [17].
Somewhat Homomorphic Encryption (SWHE) :
allows to perform more than one operation, but a
Figure 2. ElGamal Algorithm
limited number of multiplication and addition
operations [17].
Suppose we have two encrypted messages C1 and C2 by
Fully Homomorphic Encryption (FHE): This is a the ElGamal algorithm, such as: C1=(c11, c12) et C2=( c21, c22)
cryptographic system that supports an unlimited
number of both additions and multiplications [17]. Multiplicative:
(c11, c12).( c21, c22) ≡ (c11c21, c12c22)
≡ (gk1gk2, (m1×yk1) (m2×yk2) mod p
≡ (gk1+k2, (m1×m2)yk1+k2) mod p
≡ Enc (m1×m2, pk)
42
� A. Level one of the trust:
2) EHES cryptosystem At this level, customers can trust the cloud service
providers if privacy, data integrity and service availability are
ensured. The following figure shows level one of the trust.
Figure 4. Level one of the trust
Availability: is the property of information to be
accessible and usable upon demand by an authorized
entity[19].
Integrity: is the property of information not to be altered.
This means that the system must prevent undue
modification of information (i.e, of a modification by
unauthorized users or incorrect modification by
Figure 3. EHES Algorithm authorized users) [20].
Privacy: refers to the will of a user to control the
Let x, y ∈ Zp, pk = (n) and sk =(p, q) disclosure of private information (authentication,
authorization and access control) communication of
Multiplicative: encrypted data, and management of user identity [21].
Enc (x y) ≡ (Enc (x) Enc (y)) ( mod n), or
x y = Dec (Enc (x) Enc (y)) B. Level two of the trust:
≡ (Enc (x) Enc (y)) (mod p) Even security associated with level one of the trust is
assured, in the case of confidential data, customers require to
Additive: ensure the confidentiality of storing and processing data.
Enc (x + y) ≡ Enc (x) + Enc (y) ( mod n), or Figure 5 presents level two of the trust.
x + y = Dec (Enc (x) + Enc (y))
≡ (Enc (x) + Enc (y)) (mod p)
V. TRUST ISSUES IN CLOUD COMPUTING
With the services offered by the cloud providers,
companies can increase their productivity in the shortest
possible time, with fewer staff and reduced costs. However, the
adoption of such a service can only be done if security is
ensured. Indeed, the major challenge is to strengthen the trust
of customers by assuring them that the cloud providers may
store and process data securely [18].
Figure 5. Level two of the trust
Indeed, ensuring optimum level of security has become a
necessity to preserve the integrity, confidentiality and Confidentiality: ensures that data remains confidential
availability of services associated with the Cloud. for and invisible to the cloud provider, and even if the
strengthen the trust of customers. We will classify this trust provider data centers have been attacked, customer data
into two levels, according to the requirements of customers can neither be stolen nor reused [14].
(businesses, consumers, etc.):
In an unreliable environment , like in the public cloud , the
confidentiality of the storage of confidential data and their
treatment must be ensured. Thus, researchers noted a useful
encryption method in this type of environment: homomorphic
43
�encryption. Homomorphic encryption methods are able to
perform operations on encrypted data without decrypting them Enc(x) = x + prq (mod n)
and to give us results that are the same as if we had performed
these operations on the raw data. This would allow us to
outsource the calculation and storage of confidential data to the
cloud, while keeping the secret keys that are essential to Demonstration:
decrypting the results of operations performed on encrypted r(q-1)
data. If prq = α×n = α×pq ⇔ p = α ×q
we get: p, q ∊ ℙ so now, ∄ α ∊ ℕ* such that p = α×n
rq
VI. LIMITS OF HE CRYPTOSYSTEMS Therefore, always: Enc(x) ≠ x
Today, HE technique appears as the most effective and the
safest for outsourcing the calculation and storage of VII. CONCLUSION AND FUTURE WORKS
confidential data to the cloud. However, HE systems have In this article, we discussed the importance of adopting the
certain limitations. In the following we will present the limits homomorphic encryption technology for cloud providers. This
of the ElGamal and EHES algorithms. technique allows them to preserve the confidentiality of
sensitive data in order to strengthen the trust of their clients.
A. Limits of ElGamal and EHES Also, we have presented the limits of the ElGamal and EHES
cryptosystems and we proposed an improved version of the
The table below presents the limits of cryptosystems: EHES algorithm.
ElGamal and EHES.
In our future work, we will focus on the analysis and
TABLE II. LIMITS OF ELGAMAL AND EHES
improvement of homomorphic encryption algorithms of
different systems, and we will determine their limits and
Cryptosystem Limits performance.
ElGamal pk=(p, g, y), sk=(a), et m1, m2,..., mk ∊ ℤp
Multiplicative is true iff: ACKNOWLEDGMENT
Π mi < p , with i={1,2,...,k}. I would like to thank my supervisor Mr. Abdellah EZZATI
and my framing Mr. Abderrahim BENI HSSANE for the help,
EHES pk=(n), sk=(d), et x1, x2,..., xk ∊ ℤp encouragement and guidance they have given me, in order to
Multiplicative is true iff: achieve this modest work.
Π xi < p , with i={1,2,...,k}. REFERENCES
Additive is true iff:
[1] P. Mell, T. Grance, “The NIST Definition of Cloud Computing,”
∑ xi < p , with i={1,2,...,k}. National Institute of Standards and Technology, U. S. Department of
Commerce, September 2011.
[2] M. Ogburn, C. Turner, P. Dahal, “Homomorphic Encryption,” In
B. Exception of EHES Complex Adaptive Systems, Publication 3, Cihan H. Dagli, Editor in
Chief Conference Organized by Missouri University of Science and
In some cases the encrypted message by EHES algorithm is Technology 2013 - Baltimore, MD, Elsevier, 2013, pp. 502 – 509.
itself that the clear message. [3] S. Sutar, G. Patil, “Privacy Management in Cloud by making use of
homomorphic Functions,” International Journal of Computer
As indicated in Figure 3, the EHES encryption algorithm is Applications, 2012, 37(2), pp. 13 – 16.
as follows: [4] Rivest, Ronald L., Len Adleman, and Michael L. Dertouzos, “On
data banks and privacy homomorphisms,” Foundations of secure
Enc(x) = x + r×pq (mod n), with pk=(n) and sk=(p, q). computation 4, N°. 11 (1978), pp 169 – 180.
[5] S. Goldwasser, S. Micali, “Probabilistic encryption and how to play
if r×pq = α×n, with α ∊ ℕ* therefore, Enc(x) = x mental poker keeping secret all partial information,” in Proceedings of
14th Symposium on Theory of Computing , 1982, pp. 365 – 377
Demonstration: [6] T. ElGamal, “A public key cryptosystem and a signature scheme
if r×pq = α×n = α×pq ⇔ r×pq-1 = α ×q based on discrete logarithms,” IEEE Transactions on Information
Theory, 1985, pp. 469 – 472.
we get: p, q ∊ ℙ so now, q divides r. [7] Pascal Paillier, “Public-key cryptosystems based on composite degree
Therefore, ∃ r ∊ ℕ* such that r×pq = α×n residuosity classes,” In 18th Annual Eurocrypt Conference
(EUROCRYPT'99), Prague, Czech Republic , volume 1592, 1999.
C. Enhanced EHES: [8] D. Boneh, E. Goh, K. Nissim, “Evaluating 2-DNF formulas
on ciphertexts,” In Theory of Cryptography Conference, TCC’05, pp.
We improved EHES encryption algorithm, in in a way that 325–341,Springer, 2005.
the encrypted message is always different from the clear [9] Xing Guangli, CHEN Xinmeng, ZHU Ping, MA Jie. “A method of
message. The new encryption algorithm of Enhanced EHES is homomorphic encryption,” Wuhan University Journal of Natural
Sciences, Vol.11, No.1, pp.181-184, 2006.
as followings:
44
�[10] Payal V. Parmar, Shraddha B. Padhar, Shafika N. Patel, Niyatee I. [16] Xing Guangli, CHEN Xinmeng, ZHU Ping, MA Jie. “A method of
Bhatt, Rutvij H. Jhaveri, “Survey of Various Homomorphic Encryption homomorphic encryption,” Wuhan University Journal of Natural
algorithms and Schemes,” In International Journal of Computer Sciences, Vol.11, No.1, pp.181-184, 2006.
Applications (0975 - 8887), Volume 91 -No. 8, April 2014, pp. 26 – 32 [17] M. Ogburn, C. Turner, P. Dahal, “Homomorphic Encryption,” In
[11] Chen, Liang and Chengmin Gao, “Public Key Homomorphism Based on Complex Adaptive Systems, Publication 3, Cihan H. Dagli, Editor in
Modified ElGamal in Real Domain,” In International Conference on Chief Conference Organized by Missouri University of Science and
Computer Science and Software Engineering, Vol. 3, pp.802-805. 2008. Technology 2013 - Baltimore, MD, Elsevier, 2013, pp. 502 – 509.
[12] Graig Gentry, “A fully homomorphic encryption scheme,” Ph.D. [18] Reem Alattas, “Cloud Computing Algebraic Homomorphic Encryption
dissertration, Stanford University, 2009. Scheme,” In International Journal of Innovation and Scientific Research,
http://crypto.stanford.edu/craig/craig-thesis.pdf. ISSN 2351-8014 Vol. 8 No. 2 Sep. 2014, pp. 191-195.
[13] G. VNKV Subba Rao, Md.Sameeruddhin Khan, A.Yashwanth Reddy, [19] Cloud Select Industry Group (C-SIG) of European Union, “ Cloud
K.Narayana, “Data Security in Bioinformatics,” In International Journal Service Level Agreement Standardisation Guidelines,” June 2014.
of Advanced Research in Computer Science and Software Engineering [20] Mazhar Ali, Samee U. Khan , Athanasios V. Vasilakos, “Security in
3(11), November - 2013, pp. 590 – 598. cloud computing: Opportunities and challenges,” Elsevier, 2015.
[14] M. TEBAA, S. EL HAJJI, A. EL GHAZI, “Homomorphic Encryption [21] Sweta Agrawal and Aakanksha Choubey, “Survey of Fully
Applied to the Cloud Computing Security,” In Proceedings of the World Homomorphic Encryption and Its Potential to Cloud Computing
Congress on Engineering 2012 Vol I, WCE 2012, July 4 - 6, 2012 Security,” In International Journal of Advanced Research in Computer
London, U.K. Science and Software Engineering, Volume 4, Issue 7, July 2014.
[15] Ronald L. Rivest, Leonard Adleman, and Michael L. Dertouzos, “On
Data Banks and Privacy Homomorphisms”, chapter On Data Banks
and Privacy Homomorphisms, pages 169-180. Academic Press, 1978.
45
�