Space Complexity Analysis of RSA and ECC Based Security Algorithms in Cloud Data

: Cloud computing is an important development trend in information technology all over the world. Nowadays, the cloud data security technique exploits the symmetric encryption and asymmetric encryption algorithms within the capability of the stronger authentication techniques. A major risk of data security in cloud computing environment becomes a serious problem by reason of the data which is stored diversely over the cloud. Both the data security and privacy are the two main characteristics of cloud information technologies for user‟s concern. We discuss in this paper, a number of existing techniques used to provide security in the field of cloud computing on the basis of different parameters. It will be helpful to improve assure the security of data storage in a cloud environment


I. INTRODUCTION
Today"s, the cloud computing is a well-known technology to improve data security and privacy. Companies such as Microsoft, Google and Amazon are improving or developing the services provided for their user"s requirements. Privacy acts that are exploit in or out of date, after which are not protecting the private information of user in the cloud environment. For the reason that, they are not applicable to three parties such as cloud provider, cloud service user, cloud service provider. Privacy risk becomes worse when applications are present in multiple locations. The nonadequate security characteristics and measures of the cloud service providers such as audit, control, confidentiality, and data integrity availability have been added [1]. In cloud systems, security issue is a barrier for users to adapt into cloud systems. Afterward, an application runs in the public domain or beyond the firewall and then there occurs security concerns and consciousness. In cloud computing, the consumers can allow to access resources online at anywhere or anytime via Internet without controlling the original resources problems such as technical and physical management. Cloud computing resources are accessed in the form of scalable and dynamic manner. Enterprise control loss opposed to particular technical challenge by the cloud security with the significant difference. The application of security, infrastructure and platform is under provider"s control. In cloud based application access control is important [5]. Responsibility of the providers, they affords the physical security, virtualization security and environmental security depends upon IaaS offering by Amazon"s EC2, the security responsibility of the consumers, is up to perform with operating system, data and application. For example of Salesforce.com"s Customer Resource Management (CRM), which is a SaaS offering. The complete responsibility lies with the provider which means that it will take care of environmental, physical, data and application security controls and this will relieve the customer. Service provider and customer depend on keeping in the view of the service model have total responsibility of security of infrastructure in cloud computing [6]. The security controls in cloud computing are same as in any other IT environment, due to different technologies and deployment models are utilized to afford cloud computing services that may pose some different risks to the organization [7]. The cloud service providers have to manage the security and also to deliver diverse services to several users and then they take steps to enhance security the services become more rigid. It may pose some different risks to organization and these risks arise mostly at the network layer of security controls. Data Integrity: The consumer desires that [8] 1. To protect the data integrity by using fine-grained access control and protection from intruders or hackers and single sign-on or sign-off. 2. It may allow to access cloud resources with security protocols such as Secure Sockets Layer (SSL) or HTTPS with the compliance checking and the security auditing control. 3. Shared datasets are protected against from copyright violation or deletion, and malicious alteration. Data Theft: To encrypt the data using one possible solution [9]. Personal firewalls and Shared datasets are securely protected from ActiveX Applets, Java, and JavaScript with established VPN channels between resource sites and cloud clients [8]. Infected Application: The vendor must have access to the servers with the intention that they can check whether if any malicious user has uploaded any infected application. In that _______________________________________________________________________________________ case, they may take the crucial actions to avoid any inconvenience to the customer. Privacy Issues: The provider and client must have an equal privacy policy for performing better results. The provider has been assigned to every user an access control mechanism indicating when and who is available to access the data. Clients also want to look or prefer at all the access log of the vendor employees and also of their employees [10]. Compliance: Compliance refers to the responsibility of an organization to work under a specific agreement with established standards, laws and regulations. Compliance becomes a c omplex issue for cloud service provider due to varying privacy and security laws administrated in different countries [11]. Governance: Governance means to have proper control over measures, principles and policies for IT service achievement [11]. If governance is compromised after that the measures and policies for security can be ignored. IT infrastructure manages a complex set of software and hardware environments. These services are supplied to a customer with an authorization level of service level. 1) Law and Regulations: Laws like HIPAA and SOX etc.
involve the customer to be responsible for utilizing the privacy and security of data hosted in the cloud. Although cloud service providers are becoming responsive to different laws and regulations, which may store data in specific control and apply needed protection for privacy and security. 2) Data Location: Nowadays, the data location is one of the most essential compliance risks faced by every organization [12]. In that case, the data center housed within organization premises, when the data is transparent to protect the security controls with the data location. In the typical cloud computing environment, the data is stored in numerous physical locations and data location is unknown to the service customer. Trust: In a cloud environment, an organization handles control over many aspects of security to protect by placing its trust in the cloud service provider [11] [12]. An organization brings with the intrinsic level of risk while performing data is being stored outside the physical boundaries [11]. The Insider access issue or threats include theft information, fraud access, and information resources sabotage as equally true in the cloud environment, and it"s apart from causing an incident intentionally or unintentionally happens as possible. While moving organizational data covert into the cloud do not only broaden the domain of threat from organizational staff but also from other cloud customers utilizing and performing with sharing resources and cloud services such as virtual machine instances for computational requirements in cloud computing. Data Ownership: Cloud service provider should not be given all rights to use or alter the data for its own purpose or gain. Data Ownership is significantly handled that an organization holds possession over all its data. Data Protection: Data is stored in a shared environment and that the shared data is located with other customer"s data in cloud. To keep data against or away from unauthorized user access control as well encryption is the only choices and data types that are stored in the cloud. When access control mechanism is typically identity based, and encryption remains the only way to protect and assure the data. Identity and Access management: Illegal identification and access prevention have also become one of main concern for cloud service providers and to move toward adopting cloud handles data sensitivity problems and privacy issues. Nowadays, SAML standard is being used by the number of cloud service providers to manage users in the cloud. In cloud computing, the security issues have categorized into two levels. They are given below, Security issues faced by cloud providers then cloud: The cloud provider should protect the data and application of the cloud users. The cloud provider guarantees that the infrastructure is secured and protected against from unauthorized access. Security problems faced by customers: Majority of security issue regard as virtualization that can be properly managed, configured and secured. At the same time as the customer should authorize that the provider has makes the proper security measures to protect their infrastructure.

II .SECURITY ALGORITHMS 2.1. RSA
In RSA schema, integer performs between the interval [0, n-1] such as block cipher, original message and cipher message. RSA is broadly used algorithm in various fields such as bank, e-commerce, military and so on.In which the encrypted message and original message are represented h*h square matrices in another schema. For encryption and decryption order, they don"t have any restriction and also consider as more efficient, dynamic and scalable [4]. For the above security purpose, the hardware implementation of RSA schema make use of the modular exponentiation [5] and also provide security and facilitate to save to computation time and processing time. Due to the increasing demand of security issues in communication channel its essential to improve a new technological development and efficient hardware security module. It is an encryption-decryption technique and consists of plaintext and ciphertext in the form of integers within 0 to n-1. This plain text is encrypted in blocks; each and every block has a binary value which should be less than n. This algorithm procedure is completed in three steps: In key generation, two prime numbers are considered (i.e.) p and q and consists of public key and a private key. The public key is well-known to everybody. Calculate the value of n and choose a random encryption key e evaluates the gcd and that should be equal to 1. Subsequently, find out the decryption key d. At last evaluate the public key and private key in an effective manner. The plain text is encrypted in blocks, each block contain a binary value less than that number n i.e., for block size i bits, 2 i <n<2 i+1 .  Input: None  Calculations: Choose two comparatively prime numbers p and q. Where n=p*q and v-(p-1)*(q-1).  Compute the integer d such that (d*e)%v=1.  e is the integer.  Output: n, e and d

Encryption process:
The encryption process represents a plaintext in the form of numbers modulo n to obtain cipher text C from plaintext M is very trouble-free. It can be formulated as: C=M e mod n If C = cipher text D = private key E = public key M = message text The file can be encrypted by transmitting a symmetric file encrypted key (FEK) concurrently asymmetric public key will be automatically generated and then both are combined to form an encrypted FEK with a header file.
 Input: Integers n, e, M  Integer representation of the plain text is M  Let C be Evaluated as the integer representation of the cipher text. C=(M e mod n)  Output: Encrypted text or cipher text C.

Decryption process:
The reverse process of encryption will be decryption. It can be generated using the formula: m= e d mod n. Where C =cipher text M=message text E =public key D =private key  Input : d, n, C  C is the cipher text. At the center point of South Asia is Indi and it has more than 1.2 billion people. In South Asia, India is the seventh largest country in the world by area wise and also the most populous democracy in the world. New Delhi is the capital of India and coastline of India is about of 7,517 km (4,671 mi) long. India is a peninsula region, bound with the Bay of Bengal in the east region, the Arabian Sea on the west region and Indian Ocean in the south region. In the world survey, India has the third largest military force and is also a nuclear weapon state. India has seven neighbor countries followed by: Myanmar in the east, Bhutan and Bangladesh in the north-east, Pakistan in the north-west, China and Nepal in the north, and Sri Lanka, an island, in the south.

Vii) Decryption D (M) ≡ M 15233 (mod 25283).
Viii) Benny sends Alex the message "sample.txt" files as follows:  The Input text will be separated into segments of Size 1 (the symbol '#' is used as separator).

Elliptic curve cryptography (ECC)
Elliptic curve cryptography (ECC) is a cryptographic scheme that uses the properties of elliptic curves to generate cryptographic algorithms. In the 1980s Koblitz and Miller proposed using the group points on an elliptic curve defined over a finite field in discrete logarithmic cryptosystems. An elliptic curve is the solution set over a non-singular cubic polynomial equation with two unknowns over a field F. In short terms it is a discredited set of solutions to a curve that is in the form: y 2 = x 3 + ax + A straight line that intersects the curve within two points and also intersects the curve in a third point that is either on the point or the curve of infinity (also referred to as the neutral element). An additional significant property of elliptic curves is the symmetric over the x-axis that means if you have a point P(x, y) then -P will be (x, -y). By using these properties can describe some useful and interesting arithmetic rules. In case that you have a point A and a point B on an elliptic curve, and you desire to perform an addition operation of these two points. After that, a line draws from A via B, if the line will intersect the curve in a third point that takes it and mirror it over the x-axis and provide the result of the addition. The main benefit of ECC becomes clear when surveying the security level that keys of different bit sizes provide. ECC based keys generate the physically powerful level of security. On the other hand, the ratios illustrate that the double size of ECC based key but the RSA key size has to be increased more than double that and also observe that escalates for even greater key sizes. In some case of the RSA, we discuss doubling-up the length of the key saves the performance by a factor of 5-7 [21]. Due to Mark Knight also states that the key generation can be a 1,000 times faster with ECC than with RSA. A combination of these benefits outcomes such as reduction of network and memory, storage overheads.

ALGORITHM FOR ECC
There has to be some information that is publicly known to all the users, thus making it the public key cryptography.  where Bpub is the public key for B.  Finally, A generates key, Ka = Apriv * Bpub  B generates key, Kb = Bpriv * Apub Signature Generation Algorithm  Calculation of message digest with a HASH function, preferable SHA-1, where e is the message digest, m is the message such that e = HASHfun(m)  Generate a random integer rand between 1 and n-1.  The first of the signature, sign1 is calculated from sign1 = x mod n where x is the product of B with rand i.e. x = xcod(rand * B) where xcod is a function to get the x co-ordinate.  But if sign1 is 0, then redo the previous step.  The second part of the signature, sign2 is calculated from the equation sign2 = rand -1( e + (Apriv*sign1)(mod n)  But if sing2 is 0, then re-generate r and follow the procedure again.  The signature generated is a pair (sign1, sign2).

Signature Validation Algorithm
 Check if sign1 and sign2 lie between the range of 1 and n-1 when the signature is not valid move to next step.  Evaluation: the message digest calculated from the received message using the same hash function, e = HASHfun(m).  Calculate var1, where var1 = sign2 1(mod n)  Calculate var2, such that var2 = (e*var1) mod n  Calculate var3, such that var3 = (sign1*var1) mod n  We then calculate X, such that X = (var2*B) + (var3*Apub)  If sign1 (mod n) is equal to xcod(X), then signature is verified.

Encryption Algorithm
 The plain text M is mapped onto the elliptic curve at a point P.  Generate a random integer rand between 1 and n-1.  The cipher text is then encoded as a pair C, where C = [( rand * B),(P + (rand * Bpub)]

ECDH -Elliptic Curve Diffie Hellman
Elliptic Curve Diffie Hellman (ECDH) represents an Elliptic Curve variant of using the standard Diffie Hellman algorithm. ECDH performs with a key agreement [9] [10]. It enables two parties to establish between the public key and the private key to exchange the shared key. By using the shared keys consists of a key or the derived key and also perform to encrypt following communications using a symmetric-key cipher. For authentication purpose, each key pair of one of the party is trusted by using other party so as to provide secure authentication. Therefore, the systematic efforts are seem to be performed for providing a very faster public key cryptosystem and concurrently this scheme should be a very practical and protective, for the most constrained environments. For example, a shared secret key is exchanged between E and F by using EC -Diffie hellman, both of EC domain parameters to agree up or to be obtained. A private key is randomly picked integer less then n, if n is the order of the curve and another public key is randomly picked as Q= d*G (G is represent the generator point). Both the sender and receiver have a key pair that consists of a public key and a private key. Let (d E , Q E ) be the private-public key pair of E and (d F , Q F ) be the private-public key of F.
Hence K E = K F and hence X E =X F  (Where G represents generator point)  Thus the shared secret is K E . Diffie-Hellman key exchange system Using ECC  Initially, Alex and Benny first select a finite field Fp and an elliptic curve E defined over it (E(Fp)).  After that, they publicly pick a random base point B belongs E.  In third stage, Alex chooses a secret random integer e. Alex

Elliptic Curve Digital Signature Algorithms (ECDSA)
Three kinds of algorithm are derived from ECDSA as follows: key generation, signing, and verification. At first, the Elliptic Curve Digital Signature Algorithm was proposed in the year of 1992 by Scott Vanstone. The main benefit of ECDSA is to achieve the same security level as with DSA, however with smaller keys. By using smaller keys can also be evaluated more rapid calculations and smaller public keys to pass around. A public and private key utilize to perform the signing process and verification process by computing the key generation algorithm. The signing procedure is completely executed to generate the actual digital signature. At last procedure, the verification process controls or performs to prove the authenticity of the signature. In ECDSA, that has a alternative approach of the Digital Signature Algorithm (DSA) that works on elliptic curve groups. A signed message sent out from A to B and to agree up on Elliptic Curve domain parameters. A private key dA and a public key QA = dA * G where G is represent the generator point, an elliptic curve domain parameter [11]. Following steps briefly explained about this algorithm.

ECC Domain Parameters
The elliptic curve domain parameters determine a finite field number of arithmetic operations for performing these public key cryptographic schemes and ECC domain parameters represent over F q (where F q is either F p and F 2 m ) are a septuple: T = (q,FR,a,b,G,n,h) A number of q specifies a prime power (q = p or q = 2 m ), an indicator FR (field representation), for representing field elements ε F q , two field elements a and b ε F q , that specify the equation of the elliptic curve E over F q.

ECDSA Key Generation
The user A follows these steps where p is a large prime:  Choose a random integer d ∈ [1, n -1].  Calculate Q = d x P.

III.EXPERIMENTAL RESULTS
Performance and analysis measurements has utilized on the Amazon EC2 environment. Nimbus toolkit affords an infrastructure clouds to scientific users. As a cloud service to its client through WSRF-based or Amazon EC2 web service APIs. Nimbus is free software as well as open source software of the Apache License version 2.
Nimbus Infrastructure is an open source S3-compatible or EC2 Infrastructure-as-a-Service. Particularly, the main targeting features of interest to the scientific community such as besteffort allocations, batch schedulers, proxy credentials, etc. Our performance result has some values for utilizing all the Single-Job benchmarks and in particular time. Optimizations, tuning the benchmarks process were compiled using JAVA command-line arguments. Moreover, we did not use any instance-dependent optimizations or additional architecture. Moreover, an ECC or a RSA standard server certificates are configured by using a SSL handshake between a server and a client. After that the test methodology is planned to determine the relative differences. The primary difference is articulated because of the public-key cryptographic algorithms as considered in ECC or RSA based algorithms. For that reason, the key exchange is performed on the option of ephemeral ECDH that have to keep and forward the secrecy on that it affords and we do see a popular move towards this as well performed. The SSL handshake also includes and completes the operations which are identified in the table on Public Key Cryptographic Operations. In this environment model, it has reputation gaining and is simply run the tests available public information to enable the reader to repeat same tests: Amazon EC2. This kind of the test is simultaneously loaded to the server by running the same transaction repetitively through multiple clients and gathering latency (response time) and throughput at the client desktop. It enables setup on the Red Hat Linux Server, High-CPU Extra Large Instance (c1.xlarge) and the Linux. By applying test data the security algorithms is evaluated in terms of the execution time required to store or retrieve the text data at cloud. Encryption and decryption process generate an efficient result. After the successful encryption/decryption process the analytical table is created and makes sure all the data processed in the right way and it is depend upon execution time (Encryption and Decryption time) as parameters. A cryptographic technique depends a lot on the size of the key used for security purpose. The Encrypt/Decrypt algorithm will be known to all. This algorithm is always a better choice to have a big key size and also we should keep in mind the computational load after we increase the key size. ECC based algorithms afford by using a lesser key size compare to other cryptographic technique and still keep at high level of security. The key length of the implementation is a 160 to 192 bit that is quit better to protect against naive attack. The key length is increased for better security by using the encryption and decryption process. The ECC, RSA, ECDH and ECDSA algorithms can provide to determine the length of the encryption keys and an arbitrary level of security used for each algorithm. Tables represent the required key length using different encryption algorithms in order to complete a level of security similar to the RSA key length provided by 1024-bit RSA encryption. The times for key generation, signature, and verification algorithms have computed with comparable key sizes for RSA, ECC, ECDH and ECDSA. The results of the report showed that ECDSA outperformed RSA in both key and signature generations. ECDSA able to verify messages faster than RSA and the key sizes range from 163 to 571 bits for ECDSA algorithm and 1024 to 15360 bits for RSA algorithm. In ECDSA key generation are consistently faster than those of RSA. By the last comparison, RSA has taken a total of 1142.5455 seconds while ECDSA lasted 315.5778 seconds, significantly faster. Meanwhile, the signature generation had slightly different results. RSA started out by executing faster than ECDSA. As a final point, with signature verification, ECDSAs times are significantly quicker than RSAs, times and barely enhanced as the size of key lengths grew. . In Table 1 and 2, Figure 1 and 2 shown, By using the various algorithms performs with the encryption process, and decryption process that are heavily influenced and difficult to measure through software/hardware optimizations and system architecture. Particularly at RSA bit lengths of 1024 and above RSA encryption is slightly lesser than ECC, while ECC decryption can be several times quicker compare than RSA, even though both are commonly efficient enough not to provide a practical system bottleneck. The ECDSA and _______________________________________________________________________________________ ECDH technique is assumed to provide a similar processing time as RSA due to similarities in algorithm implementation however will possibly take longer due to the multiple exchanges involved. ECC provides dramatically superior key pair generation performance compared to RSA, with the large primes generated for RSA requiring those orders of magnitude more computation time when compared to a much smaller ECC key.      Table 3 and Figure 3 demonstrate Key Pair Generation algorithm and Signature Verification of algorithms of ECDSA requires a random number to be produced. By using the random number as the private keys are generated. Likewise, the secret integer "K" generated while the signature verification algorithm must be random in nature. The algorithm used to generate the random number is not cryptographically secure protection against an attacker can utilize this vulnerability i.e. it must be unpredictable so as to the probability of given value being selected should be very small. Since an upcoming scope of our proposed work cryptographically secure random number must be included at the same time as generating private keys.
The space complexity is analyzed between private key length which is in bits and run time memory consumed by system. Space complexity is usually communicated as an order of magnitude, for example O(N^2) , other than the size of the issue (n) get twice subsequently it four times enhanced as working storage capability will be needed. At this point, RSA needs the storage requirements in bytes to perform with an elliptic curve cryptosystem and a 1024-bit modulus over GF(p) wherein p is 160 bits in length while making a rough comparison between the beneath four systems. Table 4 and Figure 4 have shown Space complexity optimizations in an effective manner.

IV.CONCLUSION
An encryption and decryption algorithm plays a vital role within data security on the cloud. Different encryption algorithms have been offered to create cloud data secure, vulnerable and provided concern to security challenges and risks. From this paper, the comparisons between ECC and RSA based algorithms to find out the best security algorithm that is performed in cloud computing for making cloud data secure and not to be hacked by unauthorized entry or attackers. In this paper for the experimental results exposed ECDSA is better performance for the remaining algorithms like ECC, ECDH, and RSA according to the space complexity. The upcoming scope of this work is to evaluate or find out an efficient proposed algorithm to make the data secure than ECC and RSA based algorithms.