A Lightweight Hybrid Key Management Scheme using Third Party Auditor for Data Security in Cloud

— Authentication and key management are the key challenges in the cloud environment while exchanging the confidential information. It requires a lightweight key management protocol for communication in the cloud environment. This paper presents a lightweight hybrid key management scheme for improved data security in the cloud computing environment. A Third Party Auditor (TPA) ensures secure data communication between the data owner and cloud service provider using the proposed key management scheme. The hybrid scheme is developed by combining identity-oriented key management and pairwise probabilistic key pre-distribution schemes. The lightweight two-level session key is generated using the Hash Message Authentication Code (HMAC) and Exclusive OR (XOR) operations. It involves two level of session key establishment to reinforce the key against the traffic analysis attack. The Advanced Encryption Standard (AES) key and session key are required to download and decrypt the file. The cloud server schedules the tasks to the Virtual Machines (VMs) by applying the Genetic Algorithm (GA). The experimental analysis shows that the proposed key management scheme requires lower minimum key size, energy consumption, file uploading time, file downloading time and encryption time than the existing schemes.

data security in the cloud environment. The attribute authority issues a set of attributes to generate an access policy for encrypting the data file. Only the users having attributes that satisfy the access policy can decrypt the file. The unauthenticated or third-party person cannot access the file.
The CP-ABE based access control schemes [18][19][20][21] are flexible and scalable. The main problem is key revocation management. The attributes are shared by multiple users. In the case of user or attribute revocation, the non-revoked users should update their keys. If the revoked attribute appears in the access policy, the files should be re-encrypted under the new policy to prevent the unauthorized decryption of the keys comprising revoked attributes. It requires revocation cost andcomputational complexity. In most of the existing methods, the user has to manage a set of keys.
Cryptographic key management plays a main role to provide secure communication between end-users. The symmetric key pre-distribution techniques are found to be more appropriate, due to the resource-constrained property. With Elliptic Curve Cryptography (ECC), many researchers explored the application of asymmetric key for authentication and secure key distribution. ECC consumes less energy and requires minimum key sizes while achieving same security strengths. Encryption guarantees the data security and privacy [22].
To overcome the existing key management issue, this paper proposes a lightweight hybrid key management scheme using the TPA to enhance the data security in the cloud environment. It involves two level of session key establishment to reinforce the key against the traffic analysis attack. Both, the AES key and session key are required to download and decrypt the file. The GA is applied for scheduling the tasks to the VMs.
The following sections in the manuscript are organized in the way: Section II describes a brief overview of the existing key management schemes in cloud. Section III explains the proposed work including AES, twolevel session key establishment protocol and GA-based task scheduling. Section IV shows the performance evaluation analysis of the proposed key management scheme. The proposed work is concluded in Section V.
II. RELATED ART Li et al. [23] proposed a new structure for the secure distribution of the convergent key sharing across multiple shares. The Ramp secret sharing scheme is used to implement the proposed structure. The proposed structure incurs minimum overhead in the real-time environment. Wu et al. [24] developed the time-based hierarchical key management scheme in the cloud environment. From the security analysis, it is observed that the proposed scheme is secure against both the outsider and insider attacks. Chu et al. [25] defined public key cryptosystems for efficient allocation of the decryption rights to a set of ciphertexts. The set of secret keys can be aggregated to form a single compact key that can be transmitted conveniently or stored in a smart card without requiring more secure storage. Tysowski and Hasan [26] proposed novel modifications to the ABE scheme for enabling authorized access of the cloud data. Data access control is achieved based on the satisfaction of required attributes. The higher computational load from the cryptographic operations is assigned to the cloud service provider and the total communication cost is reduced for the mobile user. Li et al. [27] presented ABE techniques for efficient data access control of the Personal Health Record (PHR). The ABE technique achieved high scalability and reduction in the key management complexity for the data owners and users. Beak et al. [28] proposed a secure big data management framework for the smart grids. A security solution is presented to address the issues in the proposed framework.
Kao et al. [29] developed a user-centric key management scheme called as uCloud for efficient data protection in the cloud. Zhou et al. [30] proposed a key management scheme depending on the collaboration of the patients in the social group. From the security analysis and simulation results, it is observed that the proposed scheme is robust to the time and location-based mobile attacks. Xie et al. [31] presented a hierarchical key management system for improving security in cloud-based smart grid. Zhao et al. [32] introduced a completely homomorphic encryption algorithm for enhancing the security and storage capacity in the cloud system. Effective processing and retrieval of the encrypted data can be achieved and data transmission security can be improved without requiring much storage. Cui et al. [33] proposed a lightweight key management technique for ensuring high data security in the cloud system. All authorized data can be decrypted using a single key and a set of public information stored on the server. Ren et al. [34] presented a lightweight key management scheme that guaranteed both forward and backward secrecy. This scheme does not depend on the trusted third party. Cui et al. [35] presented a security model for Internet of Things (IOT) and proposed an access control method and an authorization update method to reduce the key management cost. The IOT owner can easily manage the sensitive data and authorization irrespective of the need to change the authorization policy. Yao et al. [36] presented a lightweight ciphertext access control device for the mobile cloud computing environment. The proposed scheme is based on the authorization certificates and secret sharing. Efficient and fine-grained ciphertext access control can be achieved without requiring much cost than the ABE scheme. Belguith et al. [37] proposed a novel lightweight encryption algorithm comprising the combination of symmetric and asymmetric algorithms for data encryption and key distribution. The proposed algorithm requires minimum processing time than the existing cryptographic algorithms.
This requires the need for the management of hundreds of keys, while storing a huge amount of data in the cloud and using multiple key management servers in a possible way. If the key management function is carried out using a Hardware Security Module (HSM), it requires the creation and maintenance of multiple HSM partitions. Hence, this paper proposes a lightweight key management scheme for the secure processing of the data in the cloud environment. .

III. PROPOSED LIGHTWEIGHT HYBRID KEY MANAGEMENT SCHEME
The data owner employs the AES algorithm to encrypt and decrypt the input data file. The data owner sends the session key generation request to the cloud service provider through the TPA. The service provider checks whether the data owner is valid based on the identity (ID) of the owner. If the data owner is found to be valid, the provider sends nonce to the owner. Then, Message authentication code (MAC) value of the ID and nonce is computed. The session key is generated. The AES key for the data owner is generated to upload the data to the service provider. To download the data file, the owner has to enter the session key. If the session key is found to be valid, the file name is displayed. The AES key should be entered to decrypt the data file. The GA algorithm is applied for scheduling the tasks to the appropriate VMs. Fig.1 depicts the system architecture of the proposed lightweight hybrid key management scheme.

A. AES algorithm
The AES algorithm is used for encrypting the plaintext into ciphertext and decrypting it back into the plaintext. It is a symmetric block cipher with the fixed block size of 128 bits. The size of the cryptographic keys is 128, 192 and 256 bits. The size of the cryptographic key mentions the number of rounds required to convert the input plaintext into a ciphertext. The mathematical calculations in AES are performed in a special finite field. Table I shows the length of the key and number of rounds. A 128-bit round key is required separately for each encryption and decryption round. Fig.2 shows the operation of the AES algorithm. The steps for encryption and decryption are Sub-bytes: The substitution box is used for replacing each byte in the array by another byte. Shift rows: Every row is shifted left to about 'k' bytes in a cyclical manner. The 'k' value depends on the key and number of the rows. Mix columns: The linear mixing operation mixes the four bytes in each column. Add round key: The XOR operation is applied for adding a unique round key to each byte. The transformation sequence of the decryption process is different from the encryption process. The key expansion is similar for the encryption and decryption processes.
The decryption operations are described below Inverse sub-bytes: The inverse of the substitution box is used.

Inverse shift rows:
The row operation is inversed by shifting the elements in the row to the right side. Add round key: This process is same as the encryption process. Inverse mix columns: In this process, linear mixing is performed but with different matrix.

B. Two level session key establishment
The TPA checks the data integrity based on the requirements of the user and outputs the audit reports to calculate the risk of the services [38]. The TPA ensures secure data communication between the data owner and service provider. The TPA can reveal a secret session key to the service provider and request for a fresh MAC for comparison during each audit. In the hybrid scheme, an identity-predicated key management scheme is combined with a pairwise probabilistic key pre-distribution scheme. Fig.3 depicts the cloud storage service.

Two-level Session key establishment protocol
Step 1: → : , , , Step 2: : 1 ⊗ ⊗ ⊗ Step 3: → : 1 , , Step 4: , : ⊗ 1 ⊗ ⊗ The data owner sends data uploading request to the cloud service provider and send the identity (ID) of the data owner, session key request, nonce for the data owner and MAC value of the data owner ID and nonce. The Hash-MAC (HMAC) is used to integrate the message. The service provider and data owner generate primary session key 1 using the nonce value and performing XOR with the pairwise symmetric key between the data owner and service provider. The service provider uses the primary session key for data encryption, including the identity and nonce value for the service provider and HMAC of the ID and nonce value. Finally, the session key is obtained by performing XOR of the primary session key and nonce value along with the ID of the data owner and service provider [22]. Fig.4 illustrates the two-level session key establishment process.

C. GA-based task scheduling
The main aim of the scheduling process is to minimize the makespan and overall execution time by assigning the tasks to a set of optimal VMs. Let us assume a group of 'm' tasks , , , … , and 'q' number of VMs , , , … , are required to complete the tasks. The Directed Acyclic Graph (DAG) , denotes the dependence among the tasks. 'V' and 'E' denote the set of vertices and edges respectively. The vertices of the graph indicate the tasks and edges represent the priority between the tasks. An edge between the vertices and is represented by ∈ and → denotes that should be executed before . The size of the dependency matrix 'S' is represented using the following equation ∑ ( 1 ) Initially, 'l' number of chromosomes is generated in the form of 1 arrays whose size is equal to the number of tasks. The assignment of j th task in the i th chromosome to the k th VM is represented by , where1 , 1 ≪ . The operation of the GA algorithm is described below 1) Initial population The initial population represents the set of randomly generated chromosomes. The number of tasks defines the length of the chromosomes. Fig.5 shows the chromosome representation. Let us consider there are 15 tasks and 5 VMs. As there are 15 tasks, the length of the chromosome is 15. Each task is allocated randomly to the VMs.

Derivation of fitness function
The makespan of each chromosome is determined as the fitness function of the GA algorithm. The completion time of the task is the addition of execution time and waiting time. The completion time for each task should be calculated before computing the makespan for a chromosome. Let , denotes the execution time of task on the VM . If the task depends on the task , then the task cannot start its execution before the completion of task . But, the task should wait for the completion of the parent task . The task may depend on multiple parent tasks. The waiting time for the task is calculated as 0 , → ,  , ∈ , ∈ The completion time for each task denoted by in the chromosome is given as follows , Where ∈ is the assigned VM for the task for the chromosome. Hence, the makespan is the sum of the task completion time in the chromosome.
Selection Best chromosomes are selected from the population to generate better solutions using the crossover and mutation operation. Best chromosome is selected by using the roulette wheel selection policy.

4) Crossover
In crossover, some information of two chromosomes is exchanged to produce two better child chromosomes.

5) Mutation
In the mutation process, the quality of the child chromosomes is improved by reducing the makespan and improving the resource utilization rate. The mutation is performed on the selected gene rather than performing random mutation. Initially, the busy VM is found out and a task is selected randomly. If the selected task is independent, the task is removed and assigned to the least utilized VM. If the task is dependent, all the tasks are assigned to the same VM [39].

IV. PERFORMANCE ANALYSIS A. Security Analysis
In the proposed scheme, a session key is established to secure the communication between the data owner and cloud service provider. The data freshness is provided by using the concept of the nonce and two-way session key. As the session key is changed after every data transaction, it is difficult for the brute force attacker to find the correct session key. Also, the replay attack can be prevented as the session keys can be used once. The data integrity is guaranteed by using a hash function. The proposed scheme can determine party authentication built on the HMAC with a shared session key between the data owner and cloud service provider to determine whether the parameters are changed or not. The attacker cannot be able to analyze the transmitted data as the session keys are changed using the proposed scheme. Mutual authentication is achieved using the ID of both the data owner and service provider. High scalability and robust security can be achieved due to the two-level session key establishment.

B. Storage Cost Analysis
The efficiency of the proposed scheme is analyzed by comparing the key size and energy consumption of the proposed Lightweight Hybrid Key Management Scheme (LHKMS) and existing AES, ECC, Two-level Session Key (TSK), Elliptic Curve Digital Signature Algorithm (ECDSA) and Secure Hash Algorithm 1 (SHA-1) schemes. Fig.6 shows the impact of the key sizes and Fig.7 shows the energy consumption for the proposed and existing schemes. The key size of our proposed scheme is 55 bits and consumes 41 microJoules. The TSK scheme uses a 64 bit key and consumes 46.08 microJoules. The AES scheme uses a 128 bit key and consumes 92.16 microJoules. The ECC scheme uses a 108 bit key and consumes 77.76 microJoules and ECDSA scheme uses a 160 bit key and consumes 115.2 microJoules. The SHA-1 algorithm uses a 128 bit key and consumes 92.16 microJoules. From the graph, it is observed that the key size and energy consumption of the proposed LHKMS scheme is lower than the TSK, AES, ECC, ECDSA and SHA-1 algorithms. Our proposed scheme is compared with the RSA and advanced secret sharing key management scheme [40]. File uploading time includes the time required to encrypt the file as requested by the client. It is the time between the points when the data owner requests the cloud service provider to upload the file, the finishing time of the encryption and key generation tasks and the encrypted file is actually stored in the cloud data storage. Fig.8 shows the time taken for uploading the file of different sizes. File downloading time is the time required to collect the shares, generate the secondary key, merge the master key and the secondary key and time needed to decrypt the input file. It is the time between the two points when the user makes a request to download a file and user actually receives his file. Fig.9 shows the time taken for file downloading for different file sizes. Fig.10 shows the comparative analysis of the encryption time of the proposed scheme and existing Blowfish, AES, RC4 and lightweight key [41]. Our proposed LHKMS scheme requires minimum encryption time than the existing cryptographic schemes.