Nowadays, the Cloud has become an essential technology and the data stored there is generally of a sensitive nature and this is the reason why malicious people want to corrupt the data hosted. Given the number of attacks which overwhelm the latter every second, security components such as firewalls or existing intrusion detection systems are not suitable for detecting distributed attacks which are subdivided into sub-attacks in order to be undetectable. By such a security system. It should be mentioned that if authenticated access is not clearly identified, then it will be impossible to trace the connection and the resulting modification of the data or service. For this we will propose a data encryption solution which will use the techniques of AES to secure cloud authentication and ensuring the integrity of the data. This solution will ensure data preservation and security in a more reliable manner.
Cloud computing plays an essential role in the architecture of the new generation of IT systems within
companies [
Cloud computing security refers to the measures and practices put in place to protect data,
applications and infrastructure hosted in cloud computing environments [
In 2009, a survey conducted by the International Data Corporation IDC revealed that 74% of IT
managers and business people considered security concerns related to cloud computing to be the main
barrier preventing them from using cloud services [
To minimize these problems, we propose a new remote access control system that guarantees secure communication and authentication between cloud multi-users and their data. The data is diferent in nature, therefore, whenever a user changes their location, they need to register with the nearest trusted authority. We ofer remote user registration via the access control mechanism which takes place in two phases, the remote authentication phase and the key agreement phase, during which, after successful authentication, a session key will be calculated using techniques AES cryptographic ifles. The calculated session key will be used to ensure secure communications in the future. The AES standard (Advanced Encryption Standard) is used in this approach, data encrypted using AES before being uploaded to a cloud. The SMS (Short Message Service) alert mechanism will be taken into account to prevent unauthorized access to user data. A security analysis and security verification will be applied to show the reliability of our system by comparing it with other existing systems in terms of calculation costs.
This paper is presented as follows. The related works are discussed in Section 2. The proposed solution is explained in Section 3. The discussions and result in Section 4. Finally, the conclusion are given in Section 5.
In this part, we analyze a variety of security solutions. Several improved authentication protocols have been proposed telling us that:
The virtual access techniques in [9] are used to ensure the confidentiality of user profiles and the protection of their data, making it possible to apply security protocols to the diferent layers of the Cloud. Confidentiality can be achieved by using appropriate encryption techniques taking into account the encryption type. In reality, it all depends on the security policy of the Cloud provider and also depends on whether customers decide to encrypt their data before downloading it, taking into account the encryption type.
In [10], authors examined access control solutions used by organizations as a cyber security strategy for authorizing users and data to access cloud computing, the Internet of Things (IoT), blockchain, and networks defined by software (SDN).
In their article [11], authors studied the trends in blockchain technology with IoT. Additionally, the paper highlights blockchain-based IoT applications to bring more security to IoTs.
The article [12] has proved the need for intra- and inter-cloud authentications to protect cloud service providers against threats. for this, one of the open source cloud software, called Reddit, was audited.
In [13], authors ofer a three-factor authentication protocol based on ECC which guarantees the confidentiality of patients afected by covid 19, they ofer secure access based on mutual authentication. Session key security has been carried out using BAN logic and the ROR model.
In [14], to ensure security, confidentiality and authentication of data between the patient and the healthcare service provider, authors proposed a system that will focus on the development of an IoT-based CHD system to improve authentication and data security in a cloud environment.
Awan et al. [15] proposed a 128 AES method to speed up the encryption process. The technique uses less energy, better load balancing and improved trust and resource management on the network.
In [16] Shah and Philip mentioned that authentication plays a vital role in data security. The biometrics system was used for authentication to create a biometric cloud for online signature recognition making the signature recognition system more scalable and faster. This system, based on biometrics, can be used successfully in banking and e-commerce applications.
Finally, one of the most efective and cost-efective solutions to ensure data security and authentication is the implementation of cloud computing technologies [17-18]
Our proposal work is based on the principle of encryption to ensure and guarantee the security of data hosted in the Cloud, nevertheless, there are several data encryption algorithms and each one has these advantages and disadvantages, in the solution we are going to present, The user can have complete confidence that, this data can be stored securely in a Cloud provider without fear of loss or risk of hacking. In our work, we used encryption with the AES algorithm [19], and which allows access and downloading of data while ensuring the integrity of this data thanks to a MAC protocol. The proposed solution depends on three basic elements or rather three key words, namely data encryption, AES algorithm and data integrity, these are the three factors we focus on in our work.
For data encryption, we have chosen to work with symmetric encryption [15]. Secret key (symmetric) algorithms are algorithms, where the encryption key can be calculated from the decryption key or vice versa. In our case, the encryption key and the decryption key are the same. Here is a diagram which illustrates the principle of secret key encryption. The AES algorithm which is a symmetric block encryption method [16], In summary, AES is widely adopted due to its proven security, high performance and versatility, making it a popular choice for ensuring privacy data in many applications and environments. AES includes several encryption modes [20], and for our work, we used the CBC blockchain mode which is illustrated in Figure 2. Diferent key sizes do not mention how the algorithm works. The only diference is in the number of times the four operations of the second phase are performed. Figure 3 indicates the number of iterations (Nr) carried out. This number depends on the number of columns contained in the matrix containing the key (Nk), as well as, its number of rows (Nb). So, in 128-bit AES, the number of loop turns will be equal to Nr - 1. Its operation takes place in several stages (usually called "rounds").
The initial round allows to perform an initial key operation. Then, four operations are repeated nine times. These operations are: • SubBytes
This operation [21] allows to make a non-linear substitution on the state 8 matrix. Each byte is replaced by another byte chosen from another table, called SBox. This S-Box is a two-dimensional array with 16 boxes in X and Y, which represents 256 distinct values. Let’s take the example of the letter A which has the ASCII value 65 or 0100 0001 in binary. By separating these 8 bits into two groups of 4 bits, the values are 4 and 1. These two values correspond to the x and y indices of the matrix which point to the new value of A. • Shift Rows
In this step, each box of the table modified by the previous step is shifted [22]. If we represent the data of the state matrix in the form of a matrix of 4 boxes by 4 (each box containing 8 bits which always makes a total of 128 bits), the first line is shifted by 0 positions to the left, the second line is shifted by one position, the third line by two positions and the fourth line by three positions as indicated in Figure 4 below. • MixColumns
In this step, we calculate the matrix product between each column of the state matrix and another matrix [23]. Mathematically, this other matrix is calculated with finite fields of 28 elements. For instance, the state column used is a polynomial a(x) of degree 3. The polynomial () = 033 + 2 + + 02.
() * ()(4 + 1).
Then, to calculate the new values, the following calculation is carried out: It is important to emphasize that the modulo achieved here is not obvious. It allows you to always come across a number between 0 and 255. Then, c(x) and (x4 + 1) must be co prime, otherwise the result of the modulo could give 0. If this is the case, the data would not be deciphered by performing the reverse operation.
Computationally, these calculations are performed as matrix products [24]. Taking the example in Figure 5, the calculation would look as follows to obtain the first value of the column: 2 * 4 + 3 * + 1 * 5 + 1 * 30. (3) Then the same calculation is applied to the second row of the matrix, and so on, giving the new values. (1) (2) • AddRoundKey
This step will perform a simple xor operation between the key and the state [27]. Once nine rounds have been completed, there is a final round. This round uses the same four steps explained previously with the exception of the “MixColumns” step. Once the final round is over, the message is encrypted. To decipher a message, we simply use the inverse functions of each step, which are generally named InvShiftRows, InvSubBytes, and InvMixColumns.
To control the integrity of the encrypted data and to ensure that they are not modified during decryption, we chose to work with the MAC protocol [28], because encryption helps protect the confidentiality of the data, but, it does not protect their integrity [22]. A message authentication code or MAC (Message Authentication Code) is a method of calculating a control value which allows the recipient of a message to verify the integrity of received data [18]. The sender calculates the MAC code with the “generate_mac()“ function and attaches it to the message that will be send. The recipient receives the message and the associated MAC code. Then it verifies the MAC code with the verification function. If the verification is valid, the message is not modified during transport. If the MAC received during decryption is equivalent to that of encryption, then the data is correct and it is not modified.
Function to generate MAC Key Def generate_mac(key, data) : h = HMAC.new(Key, digestmod=SHA256) h.update(data) return h.digest() • Step 1: We will generate a message authentication code (MAC) from a key and specific data. We create a new Hash-based Message Authentication Code (HMAC) object with the specified key and the SHA256 hashing algorithm (digestmod=SHA256). HMAC is a method for calculating a message authentication code using a cryptographic hash function and a secret key. • Step 2: It updates the HMAC object with the data provided. This adds the data to be used to calculate the MAC. • Step 3: It returns the MAC calculated from the updated data. "h.digest()" calculates the HMAC of the updated data using the specified key and returns the result as bytes.
In summary, this function takes a key and data as input, uses HMAC with SHA256 as a hash function, calculates the MAC of the data with the given key, and returns the result as bytes. This MAC can be used to verify the integrity and authenticity of data during transmission or storage.
Encryption algorithms such as AES, DES, RSA, SHA or others play a key role in cloud data security. The international data encryption algorithms AES, IDEA, RSA, Blowfish and DES are compared to determine the best security algorithm (see Figure 7).
The evaluation results are shown in Table 1. Table 1 knows that the only asymmetric algorithm is RSA [29-30], but AES, IDEA, Blowfish and DES are symmetric algorithms. IDEA and RSA are the least secure compared to AES, Blowfish and DES. In our study, the AES algorithm takes the least time to encrypt cloud information and can be used to encrypt huge amounts of data with extreme speed, and also the AES algorithm is the best algorithm in terms of encryption parameters. Authentication Blowfish algorithm requires the least memory space, and RSA consumes the most memory and requires a lot of encryption time.
Information security in the cloud is a major concern for any organization or individuals considering its use. Currently and with the development of technology, encryption remains one of the safest and most reliable solutions to block unauthorized access. Diferent encryption techniques are used in cloud environments to secure data and reduce hacking to some extent. This study provided an in-depth look at cloud security issues and encryption algorithms used in cloud environments. A literature review was carried out in the field of cloud data security, in which several encryption algorithms were compared to ifnd the optimal security algorithm. The results show that the AES algorithm has high authentication capability and can be used to encrypt huge amounts of data. AES is also faster than other algorithms. Researchers suggest using the AES algorithm to achieve maximum security and speed.
The author(s) have not employed any Generative AI tools. 26. R. C. A. Naidu, A. Srujan, K. Meghana, K. S. Rao, and B. Madhuravani, “Secure privacy preserving of personal health records Using attribute-based encryption in cloud computing,” in First International Conference on Artificial Intelligence and Cognitive Computing , Springer Singapore, 2019, pp. 59–66. 27. C. Xu, J. Wang, L. Zhu, C. Zhang, and K. Sharif, “PPMR: A privacy-preserving online medical service recommendation scheme in eHealthcare system,” IEEE Internet of Things Journal, vol. 6, no. 3, pp. 5665–5673, Jun. 2019, doi: 10.1109/JIOT.2019.2904728. 28. S. Kumar, J. Shekhar, and J. P. Singh, “Data security and encryption technique for cloud storage,” in Conference: CSI-2015;50th Golden Jubilee Annual Convention on Digital Life, 2018, vol. 729, pp. 193–199, doi: 10.1007/978-981-10-8536-9_19/COVER/. 29. P. More, S. Chandugade, S. M. S. Rafiq, and P. Pise, “Hybrid encryption techniques for secure sharing of a sensitive data for banking systems over cloud,” in 2018 International Conference on Advances in Communication and Computing Technology (ICACCT), Feb. 2018, pp. 93–96, doi: 10.1109/ICACCT.2018.8529545 30. S. Biswas, R. Roy, M. R. Chowdhury, and A. B. Bhattacharya, “On the advanced strategies of next generation online examination system implementing cloud based standardization: Next generation online examination system,” in 2016 IEEE 6th International Conference on Advanced Computing (IACC), Feb. 2016, pp. 834–839, doi: 10.1109/IACC.2016.159.