A Searchable Re-encryption Storage Method in Cloud Environment

Symbols in the Searchable Re-encryption method are defined in the in Table I.

TABLE I.

The keyword can be edited in three cases while searching. We can edit the keyword while inserting, deleting or substituting. Let us suppose thatⁿ is this notation and the keyword edited is^ED(Key).

These three different cases can help us edit the keywords easily. The user handles some of the wrong situations by using the keyword. And we can edit the keyword to recover errors through these three different situations.

The core of the searchable re-encryption method is to generate a re-encryption key only when the keyword matches to the character. Re-encryption operates over two groups G ₁ and G ₂ of prime order q with a bilinear map e : G ₁×G ₁→G ₂. The parameters of the cloud system are random generators g∈G ₁ and Z = e(g, g)∈G ₂. The Searchable Re-encryption can be defined in the following algorithms.

Next, the algorithm 2 is described in detail. In algorithm 2, the keywords should be searched first. The file would be decrypted with this keyword only when the keyword matches. And then the data can be received, stored, and accessed in the cloud.

The keywords are included in the private key and will be searched in the database. Keyword contained in the private key should be validated in the cloud storage database. In the cloud system, the data will be transmited to the servers and then be stored in the database. Data can be accessed from the database through this keyword. The mode of “Keyword Editing” can be used to insert, delete, and replace when the keyword does not match. On the contrary, the data will be received from the cloud server once the keyword matches.

The data may be shared between the owners and the users through the cloud server, which is introduced in detail in algorithm 3. First, the public key and the private key will be created by the data owners. Next, the public key is shared to the cloud server and the private key is shared to the data receiver. There is the keyword in each private key and public key, and the data users can retrieve data through this keyword. Finally, the data will be transfered by the cloud server only when the keyword of the public key and the keyword of the private key is matched.

Algorithm 4 introdeces the scheme of data encryption, in which the data will be encrypted through the RSA algorithm. First, the two prime numbers are multiplied together, and then compute the product. Each data may be encrypted with Euler’s function of E(r). Keyword of the public key and private key are contained in encrypted data. And each data is modeled by using function of E(r).

Algorithm 5 introdeces the scheme of data re-encryption, in which the data will be encrypted through the AES algorithm. The re-encryption keys for authorized user’s list will be generated by the user ‘M’. The public key and private key of the users’ can be used by ‘V’.

The CSReSM generates the v I ∈ Z q * and encrypts the data through the following steps randomly: Z n e w v I = Z v I P U ( K e y ) ( E N ( D a t ) ⋅ Z n e w v I ) = ( Z v I ⋅ M ) E N ( C ) = Z v I ⋅ M , E N ( C M ) = g v I x M

The encrypted data ‘EN(C)’ will be uploaded through CSReSM and ‘EN(C_M)’ represents the mobile user ‘M’. The CSReSM transforms ‘EN(C_M)’ into ‘EN(C_M) _Re ’ using the re-encryption key PU(Key) _Re and EN(C_M) as shown in the following equation: E N ( C M ) Re = e ( P U ( K e y ) , E N ( C M ) ) = e ( g x i x M , g x M v I ) = e ( g , g ) x i v I

Algorithm 6 introdeces the scheme of data decryption, in which the data will be decrypted through the steps described above. First, the decryption key will be used by the user, and the decryption key contains the keyword of the private key. After selecting the number of files, the data will be decrypted through modulo function.

Assuming that the reliability of the cloud storage system is identified by symbol A. The time of encryption through different encryption algorithms is A _t , the encryption time A _t is reversed first, and after the normalization processing, A _j , is got from A_t. The storage cost of the different node is normalized to be the value A_k. The number of the storage states for the cloud storage is the value n the reliability model of the system is shown in formula (1).

It can be concluded from the analysis of the reliability model. When the vale t tends to be infinite, which means t →∞, the storage cost of the node in the cloud system also tends to a certain stable value, and the state of storage strategy tends to be stable. When the value of A_j and A_k are more closer to 1, and the value of n is more large, the cloud storage system will be more reliable and with higher security.

The data response tests are performed on file upload, file copy and file movement, for large files and small files respectively.It can be known that 94 percent of transactions in a mobile cloud storage system can be implemented quickly within two seconds. The experimental results show that the system responds fast. Table II and Table III are the test result.

TABLE II.

TABLE III.

The ratio of CPU occupancy to upload speed is shown in table II, which the data on the mobile side are tested before the encryption and after the encryption respectively.

The ratio of CPU occupancy to download speed is shown in table III, which the data on the mobile side are tested before the decryption and after the decryption respectively. It can be known from the table II and the table III, if the encryption and decryption mechanism are used for transmission, then the CPU utilization will be increased by an average of 22% ∼ 25% and the overall file transfer rate will be reduced by 30% ∼ 35%. As we can see, when the encryption and the decryption mechanism are used, more than three times the performance loss can be caused on the mobile end side.

The keyword can be set and searched in proposed method SReCSM. Only if the value of the keyword just matches, data can be received. Suppose that the number of the users in proposed method SReCSM is 600 users, and the available number of the searching keywords range from 600 to 6000. The cloud server store the keywords and all encrypted data through the database.

There are two questions to be considered: One is the impact of encryption and decryption on file speed.The other is the impact of encryption and decryption on the performance of the client host. The experimental data are listed in Table IV, which includes the time spent on encrypting the different sizes or different type files by using SReCSM and the time spent on transmitting the file.

TABLE IV.

It can be concluded from the above test data, the time spent on encryption or decryption by using SReCSM is regardless of the file type.

The same size files are encrypted by different CReS, MReS, or SReCSM algorithms and then the re-encryption time is different, as shown in table V and Figure 1. The 167.58 MB file in table V is the test case.

Figure 1.

TABLE V.

In the SReCSM proposed in this paper, the time of encryption or decryption is relatively short. It may take a relatively long time to encrypt files by using the CReS, which cause a significant additional time overhead for HDFS. However, the encryption time that MReS encrypting the file was not significantly increased compared to SReCSM. Besides the impact on overall transmission rates, the impact of encryption and decryption on mobile performance is also important.

The comparison of the storage space required in different schemes is shown in Figure 5a. As the number of keywords increase, the storage space required by the cloud system also becomes larger. More storage space have been required by the existing schemes such as CReS and MReS. However, we can see in figure 2a that SReCSM utilize the data transfer effectively and moreover reduce the storage space requirements in the system.

Figure 2.

It can be observed from the trends presented in Figure 2b that the searching time varies according to the number of keywords. The available number of the searching keywords range from 600 to 6000. As the number of keywords increases, searching time required by the system also increase. More searching time have been need by CReS and MReS. And we can see in Figure 2b that lesser time was need to search using SReCSM. If the searching keyword does not match, SReCSM will immediately use the edit function.

MReS, CReS, and SReCSM offload the re-encryption operations in cloud system. And then in the following experiment, we examined the energy consumption and turnaround time while the re-encryption operation were performed. The experimental results are shown in Fig. 3.

Figure 3.

We can see from Figure 3a and 3b, while re-encryption operations were performed in mobile terminal, the turnaround time and energy consumption will increase according to the file size increases.In the same way, Figure 3c and 3d show that, while decryption operations were performed in mobile terminal, the turnaround time and energy consumption will increase according to the file size increases.

Using the reliability model formula (1) of the cloud storage system proposed in 3.4, combine the time required for processing the same size of file in table III, when a different algorithm CReS, MReS and SReCSM is used, the encryption time required for encrypting file, after that the encryption time is reversed, A_j then be got after the encryption time is normalized.In the same way, after normalizing, storage cost A_k is got. If both A_j and A_k are closer to 1, and the number of storage state in the cloud storage system is larger, then the reliability of the system is higher. According to the above analysis, the data in one hour is sampled continuously, combined with the data in table III and table IV, the reliability contrast diagram for SReCSM is shown in figure 4.

Figure 4.

It can be know the reliability of the system through different algorithm by comparing the data in figure 4. The reliability of the system is relatively high. That is, it has little impact on file transfer and user experience by using CreS re-encryption. It may take a relatively long time to re-encrypt files by using the MReS.However, the re-encryption time that MReS combined with CReS for re-encrypting the file was not significantly increased compared withCReS. The value of the reliability is consistent with the use of CReS, which can be maintained around one. It is concluded that the system is relatively reliable by using SReCSM encryption.

Through these simulation experiments, it is verified that SReCSM has a good user experience. It is also verified that the mechanism of SReCSM can effectively improve the efficiency of the cloud storage.When a mobile terminal makes a request, the optimal node is selected and then the time can be saved effectively. In the SReCSM presented in this paper, the re-encryption and decryption has the following characteristics:transport security and storage security of the user data are guaranteed.