Int
ern
at
i
onal
Journ
al of Ele
ctrical
an
d
Co
mput
er
En
gin
eeri
ng
(IJ
E
C
E)
Vo
l.
9
, No
.
5
,
Octo
ber
201
9
, pp.
3833
~
38
42
IS
S
N:
20
88
-
8708
,
DOI:
10
.11
591/
ijece
.
v
9
i
5
.
pp3833
-
38
42
3833
Journ
al h
om
e
page
:
http:
//
ia
es
core
.c
om/
journa
ls
/i
ndex.
ph
p/IJECE
A cost
-
ef
fective
2
-
tier s
ecurity p
aradi
gm to saf
eg
u
ar
d
cloud
data
with fast
er auth
en
tica
ti
on
Veen
a R.
S
.
1
, Ram
achan
dra V.
Pu
jeri
2
, I
n
diramm
a M
.
3
1
Depa
rtment of
Com
pute
r
Scie
n
ce
and
Engi
ne
ering
,
RV Col
le
g
e of
Engi
n
ee
rin
g,
I
ndia
2
MIT
Coll
ege of
Engi
n
ee
ring
,
In
dia
3
Depa
rtment of
Com
pute
r
Scie
n
ce
and
Engi
ne
ering
,
BMS
Coll
eg
e
of Engin
ee
ring
,
Indi
a
Art
ic
le
In
f
o
ABSTR
A
CT
Art
ic
le
history:
Re
cei
ved
Dec
17
, 201
8
Re
vised
Ma
r
25
, 2
01
9
Accepte
d
Apr
10
, 201
9
The
re
ce
nt
te
ch
nologi
c
al
adv
an
ce
m
ent
has
t
ak
en
cl
oud
comp
uti
ng
(CC)
infra
struc
ture
to
a
sign
ifi
c
ant
level
wher
e
the
i
ncr
ea
sing
l
eve
l
of
rese
a
rch
int
er
est
laid
upon
cost
-
eff
e
ct
iv
e
storage
m
ana
ge
m
ent
.
Ow
ing
to
the
pote
n
tia
l
distri
bute
d
and
per
vasive
stor
ag
e
facil
i
t
y
,
i
t
lac
ks
eff
ic
i
ency
to
wards
fully
pre
serving
the
i
nte
grity
of
user
dat
a
attributes.
The
reb
y
,
th
e
c
oll
abor
at
iv
e
sharing
of
user
dat
a
le
ads
to
a
situa
ti
on
whi
ch
opens
up
var
iou
s
form
s
o
f
sec
urity
loop
-
h
ole
s.
In
th
e
p
a
st
var
ious
form
s
of
sec
uri
t
y
p
rotoc
ols
are
witne
ss
ed
whic
h
have
a
tt
em
pte
d
to
solve
thi
s
sim
il
ar
issue
with
cr
y
p
togra
ph
ic
s
olut
ions
but
at
the
s
ame
ti
m
e
l
ac
ks
sus
ta
in
abi
lit
y
and
robustness
from
a
computa
ti
ona
l
per
spec
t
ive.
Th
e
reb
y
,
the
stud
y
i
ntroduc
es
a
2
-
ti
er
fra
m
ewor
k
which
offe
rs
highe
r
-
degr
ee
o
f
ac
ce
ss
cont
rol
al
ong
with
Virtua
l
Mac
h
ine
(VM
)
storage
s
ec
uri
t
y
.
Th
e
stud
y
basi
ca
l
l
y
opt
imize
s
th
e
per
form
anc
e
of
the
m
odel
b
y
spee
ding
up
t
he
au
the
nt
icati
o
n
proc
ess.
The
p
erf
orm
ance
va
li
da
ti
on
of
the
s
y
s
te
m
has
bee
n
don
e
wi
th
respe
c
t
to
conve
nt
iona
l
en
cr
y
p
ti
on
st
anda
r
ds.
The
ou
tc
om
e
obtained
d
emons
tra
te
that
the
proposed
sol
uti
on
outp
erf
or
m
s
the
exi
sting
s
ec
uri
t
y
standard
s
in
te
rm
s
of
proc
essing
t
ime,
ti
m
e
to
gen
era
t
e a
sec
r
et key
and
ke
y
siz
e
for
en
cr
y
pt
ion.
Ke
yw
or
d
s
:
Access c
ontr
ol
Au
t
hen
ti
cat
io
n
Cl
oud
c
om
pu
ti
ng
Cl
oud data sec
ur
it
y
Virtual m
achin
es secu
rity
Copyright
©
201
9
Instit
ut
e
o
f Ad
vanc
ed
Engi
n
ee
r
ing
and
S
cienc
e
.
Al
l
rights re
serv
ed
.
Corres
pond
in
g
Aut
h
or
:
Veen
a
R.S
.
,
Dep
a
rtm
ent o
f
Com
pu
te
r
Scie
nce a
nd E
ng
i
ne
erin
g
,
RV Colle
ge
of
En
gin
eeri
ng,
Be
ng
al
uru,
Ka
rn
at
a
ka,
India
.
Em
a
il
:
veen
a.vt
ur
esea
rch
sc
ho
la
r@
gm
ai
l.com
1.
INTROD
U
CTION
The
increa
sin
g
adoption
of
cl
oud
-
base
d
sto
r
age
has
been
witnesse
d
in
va
rio
us
ap
plica
ti
on
s
s
uch
as
Gove
rn
m
ent,
el
ect
ro
nic
healt
h
recor
d,
m
i
li
t
ary/
def
e
ns
e
an
d
oth
e
r
[
1].
H
ow
e
ve
r,
due
to
per
va
sive
co
m
pu
ti
ng
and
op
ti
m
iz
ed
m
od
el
ing,
the
cost
struct
ur
e
fo
r
st
or
a
ge
m
anag
em
ent
go
t
sign
ific
a
ntly
i
m
pr
ov
e
d
but
at
the
sam
e
t
i
m
e,
diff
ere
nt
f
orm
s
of
te
ch
nolo
gical
ad
vancem
ent
m
a
de
it
vulne
r
able
to
va
rio
us
f
or
m
s
of
sec
ur
it
y
threats
w
her
e
sign
ific
a
nt
us
e
r
data
at
trib
utes
can
be
c
ompr
om
ise
d
for
m
al
ic
iou
s
m
ea
ns
[2
-
3].
U
nlu
ckily
,
secur
it
y
vi
olati
on
s
m
easur
ed
in
2011
a
nd
sh
owe
d
t
hat
r
epu
te
d
c
om
pan
ie
s
(lik
e
Goo
gle,
S
ony,
A
m
azon
,
UK
Hea
lt
hcare
Syst
e
m
and
so
on)
al
l
ex
pe
rience
d
secu
r
it
y
occu
rr
e
nce
s.
In
t
he
cl
oud,
consum
er’
s
da
ta
are
ob
ta
ine
d
t
o
cl
oud
se
r
vice
pr
ov
i
der
s
w
hich
can
be
tr
us
te
d
or
untr
us
te
d
[
4]
.
The
reb
y,
a
need
f
or
tr
us
twort
hy
serv
ic
es
,
w
hich
can
facil
it
at
e
the
data
avail
abili
t
y
on
tim
e
and
al
so
e
nforce
s
the
acce
ss
con
t
ro
l
re
qu
i
re
m
ents
arises.
The
st
ud
y
al
so
ex
pl
or
e
d
sig
nifica
nt
lim
it
at
ion
s
in
the
existi
ng
syst
e
m
in
te
r
m
s
of
com
pu
ta
ti
on
al
eff
ic
ie
ncy
an
d
stora
ge
cost
a
nd
al
so
f
ound
fe
w
draw
bac
ks
in
existi
ng
sec
uri
ty
patches
w
hich
ar
e
exten
s
ively
discusse
d
in
t
he
co
ns
ec
utive
sect
ion
s
1,
3,
and
5
.
A
ddre
ssing
the
se
issues
,
the
pro
posed
stu
dy
for
m
ula
te
d
a 2
-
ti
er
clo
ud s
ecur
it
y arc
hitec
ture
t
o
m
ini
m
iz
e the possi
ble thr
eat
s t
ow
a
r
ds
vio
la
ti
ng d
a
ta
integr
it
y. T
he
stud
y
perform
ed
a
c
om
par
a
ti
ve
an
al
ysi
s
wh
ere
th
e
pr
op
os
e
d
2
-
ti
er
secur
it
y
m
od
el
ing
ac
hieve
d
bette
r
pe
rform
ance
as
com
par
ed
to
existi
ng
secur
it
y
so
luti
ons.
The
overall
pa
per
is
orga
ni
zed
as
fo
ll
ows
:
sect
ion
2
il
lustrate
s
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
9
, N
o.
5
,
Oct
ober
201
9
:
3
8
3
3
-
3
8
4
2
3834
the
desi
gn
m
od
el
ing
of
the
pro
posed
syst
em
fo
ll
ow
e
d
by
a
com
p
reh
e
nsi
ve
disc
us
sio
n
of
res
ults
ob
ta
i
ned
i
n
Sect
ion
3
a
nd
f
inall
y, Sect
ion
4
c
on
cl
ud
e
s th
e overall
c
on
t
ribu
t
or
y as
pect
of the
stu
dy.
W
it
h
t
he
in
cre
asi
ng
gr
ow
t
h
i
n
t
he
dev
el
opm
ent
of
cl
ou
d
com
pu
ti
ng
te
chnolo
gy,
the
secur
it
y
has
beco
m
e
a
seriou
s
co
nce
rn
w
hi
c
h
nee
ds
to
im
pro
ve
over
the cloud,
since o
f
con
ti
nu
ous
acce
ssing
o
r
up
l
oa
di
ng
the
data
an
d
app
li
cat
io
n
ser
vi
ces
fr
om
the
virtu
al
m
achine
stora
ge.
T
her
e
f
or
e
,
in
orde
r
to
extend
th
e
secur
it
y
le
vel
of
cl
oud
i
nfrastr
uctu
re,
Chan
dr
a
kala
a
nd
Ra
o
[
6]
des
ign
e
d
a
v
i
rtual m
achine
(
VM)
m
igrati
on
to
ol
wh
ic
h
is
util
iz
ed
to
ba
la
nce
the
loa
d,
fa
ult
m
anag
e
m
ent,
m
ai
ntain
the
syst
em
per
f
or
m
ance
an
d
re
du
c
e
the
powe
r
consum
ption
.
The
pro
po
s
ed
VM
m
igrati
on
te
chn
iq
ue
ca
pa
ble
to
util
iz
e
the
VMs
placem
ent
owin
g
t
o
pe
rfor
m
high sec
ur
it
y a
nd im
pr
ov
es
th
e res
ource
util
iz
at
ion
with m
i
nim
u
m
en
erg
y
consum
ption
.
Zha
ng
an
d
Le
e
[
7],
hav
e
int
rod
uced
VM
c
loud
a
rch
it
ect
ure
a
nd
nam
ed
as
"C
loud
-
Mo
natt"
is
an
exten
ded
ve
rsi
on
of
the
pre
vi
ou
s
stu
dy
[
8].
The
pro
posed
arc
hitec
ture
is
res
pons
ible
t
o
m
on
it
or
the
VM’s
healt
h
secu
rity
.
Additi
on
al
ly
,
authors
de
sig
ned
a
nd
valid
at
ed
the
netw
ork
prot
oco
ls
inside
the
dist
rib
uted
syst
e
m
and
c
om
m
un
ic
at
ion
perform
ance
of
hard
war
e
or
so
ft
war
e
m
od
ul
es
are
validat
ed
within
the
cl
oud
serv
e
r.
The
re
su
lt
pe
rfor
m
ance
of
the
pro
pose
d
Cl
oud
-
M
on
at
t
arc
hitec
ture
a
ble
to
de
li
ver
the
at
te
st
at
ion
serv
ic
es
to
t
he users
in
a r
el
ia
ble m
ann
er.
The
pre
vious
work
of
Zha
ng
an
d
Lee
[8
]
hav
e
e
xplo
red
the
prot
otype
so
ft
war
e
m
od
e
l
i.e.
Cl
ou
d
-
Mon
at
t
w
hich
m
on
it
or
t
he
virtu
al
m
achines
s
ecu
rity
healt
h
inside
th
e
cl
oud
e
nv
ir
on
m
ent.
The
a
ddit
ion
al
featur
e
s
of
t
he
pro
posed
s
of
t
war
e
m
od
ule
a
re;
m
ai
ntain
the
secu
rity
le
ve
l
with
m
ulti
ple
secu
rity
pro
pe
rtie
s.
Also
,
it
s
how
s
how
to
m
ap
an
d
inte
rpre
t
the
colle
ct
ed
inf
or
m
at
ion
to
sec
ur
it
y
fea
tures
wh
ic
h
c
an
be
unde
rstan
dab
le
by
t
he
cl
oud
us
ers
.
From
the
resu
lt
,
analy
sis
authors
co
nclu
ded
that
the
pro
posed
C
loud
-
Mon
at
t"
f
ram
ewor
k
offer
s
highe
r
sec
uri
ty
healt
h
f
or
cl
oud
i
nfrast
ru
ct
ur
e.
I
n
t
he
cl
oud
c
om
pu
ti
ng
env
i
ronm
ent,
VM’s
sec
ur
it
y
is
the
pr
im
ary
c
on
ce
r
n
f
or
t
he
researc
hers
to
im
pr
ov
e
t
he
secur
it
y
re
qu
ir
e
m
ent
for
m
ulti
ple
pr
os
pe
ct
ive
f
or
e
xam
ple;
co
m
mu
nicat
io
n
acce
ss
con
t
ro
l,
st
orage
m
on
it
or
in
g,
ne
tw
ork
an
om
aly
detect
ion
a
nd s
o on. In t
hat conte
xt, Yin
et al
. [9] pro
vid
e
d a resea
rch
stu
dy
o
n sec
uri
t
y as a ser
vice
for virtua
l
m
achines
on
i
nfrastr
uctu
re
a
s
a
ser
vice
(I
a
aS)
platfo
rm
.
The
propose
d
secur
it
y
ser
vic
e
m
od
el
em
pl
oyed
3
disti
nct
la
ye
rs
wh
ic
h
orchest
r
at
e
diff
ere
nt
s
ecur
it
y
so
luti
ons
an
d
pro
vide
d
secu
rity
prov
isi
on
s
for
V
M'
s
an
IaaS
platfo
rm
.
In
a
no
t
her
res
earch
st
ud
y
of
Liu
et
al
[1
0]
pr
op
os
ed
a
sec
ur
e
VM
f
r
a
m
ewo
r
k
w
hic
h
im
pr
ov
es
the
VM
sec
ur
i
ty
ov
er
t
he
cl
oud
e
nvir
on
m
ent.
The
ai
m
was
to
determ
ine
the
sta
tus
of
us
ers
ap
plica
ti
on
s
on
gu
e
st
virt
ual
m
achines
w
hich
hav
e
ope
rated
for
a
ce
rtai
n
pe
ri
od
of
ti
m
e.
Fo
r
this,
it
integrates
m
easur
e
m
ent
pr
i
nciples
with
VM
m
on
it
or
in
g.
U
nlike
othe
r
VMs,
the
propose
d
fr
am
ewo
r
k
doesn'
t
req
ui
re
virtu
al
proc
ess
or
te
chnolo
gy.
Al
so
,
pr
opos
e
d
te
chn
i
qu
e
a
ble
to
detect
the
an
om
alies
at
us
er
le
vel
app
li
cat
ion
s
by
analy
z
ing
the
m
easur
em
ent
changes
.
As
a
r
esult,
pro
pose
d
VM
f
ram
ewo
r
k
offe
rs
m
ini
m
um
per
form
ance
ov
e
r
head.
C
loud
infr
a
struct
ur
e
has
a
dynam
ic
natu
re
a
nd
fle
xib
le
acce
ss
c
ontr
ol.
Cl
oud
s
erv
ic
e
pro
vid
e
rs
face
m
ulti
ple
risks
li
ke; d
at
a c
orrupti
ng, m
issi
ng
the in
fo
rm
at
io
n
si
nce
of
lac
k of ha
rdwa
re c
ontr
ol on
t
heir o
utsource
d data.
Access
c
ontrol
poli
cy
has
the
abili
ty
to
ov
e
r
com
e
this
kin
d
of
secu
rity
ch
al
le
ng
es.
Dif
fe
ren
t
acce
s
s
con
t
ro
l
syst
em
s
are
intr
oduce
d
f
or
cl
ou
d
f
or
exam
ple;
in
Aluv
al
u
et
al
.
[
11]
propose
d
hi
erarch
ic
al
at
tribu
te
-
base
d
enc
rypti
on
schem
e
whic
h
enc
rypts
a
nd
dec
rypt
the
store
d
data
fi
le
s
in
the
cl
oud
us
in
g
"B
lo
w
fish"
al
gorithm
.
Au
thors
pro
ve
d
th
at
pr
opose
d
sc
hem
e
red
uces
the
syst
e
m
co
m
plexity
and
im
pro
ve
the
eff
ic
ie
ncy
by
m
axi
m
iz
ing
the
nu
m
ber
of
dom
ai
n
le
vels.
Me
an
wh
il
e,
in
Ch
en
nam
and
La
kshm
i
[1
2]
propose
d
a
ci
ph
e
r
-
te
xt
at
tribu
te
-
ba
sed
e
ncr
ypti
on
sc
hem
e
wh
ic
h
en
sures
a
str
ong
sec
ur
it
y
poli
cy
fo
r
data
sh
ari
ng
a
nd
pr
otect
s
the privacy
of t
he
cl
ou
d users
with sec
ur
e
d
y
nam
ic
p
ro
cessi
ng.
The
bi
gg
e
st
c
ha
ll
eng
e
f
or
a
ny
distribu
te
d
s
yst
e
m
s
is
m
a
i
ntainin
g
the
se
cur
it
y
durin
g
data
delivery
process
.
The
ba
sic
te
chn
ol
ogy
to
add
ress
th
e
data
delivery
pr
oble
m
is
an
acce
ss
con
tr
ol
m
echan
ism
.
It
is
an
e
m
erg
in
g
te
ch
no
l
og
y
es
pecia
ll
y
app
li
cable
for
distrib
ution
syst
e
m
s
to
bo
os
t
sec
ur
it
y
issues
a
nd
pre
ve
nt
the
fr
a
ud
[
13
]
.
Anothe
r
acce
ss
co
ntr
ol
ci
ph
e
r
te
xt
at
trib
ute
-
ba
sed
encr
y
ption
sc
hem
e
is
intro
duce
d
by
He
et
.al
[1
4]
to
add
ress
the
P2
P
sto
rag
e
se
cur
it
y
prob
le
m
s.
Hen
ce
the
a
ut
hors
desig
ne
d
an
eff
ic
ie
nt,
se
cu
r
e
and
fine
-
gr
ai
ne
d
acce
ss
c
ontrol
sc
hem
e,
especial
ly
fo
r
t
he
cl
oud
sto
ra
ge
syst
e
m
.
Fr
om
the
exp
e
ri
m
ental
analy
sis
hav
e
con
cl
ud
e
d
that
a
pr
op
os
e
d
se
cur
it
y
m
echan
i
sm
is
hig
hly
eff
ic
ie
nt
f
or
P
2P
cl
oud
sto
rage
and
reduces t
he pr
oc
essing o
ve
rh
e
ad.
Anothe
r
at
tri
b
ute
-
based
acce
ss
co
ntr
ol
e
ncry
ption
m
echan
is
m
was
pro
posed
by
Xia
et
.
al
[1
5],
wit
h
the
ai
m
to
acce
ss
the
entire
encr
y
pted
s
hared
data
t
hat
is
nam
ed
as
"ke
y
escrow
pr
oblem
".
Ad
diti
on
al
ly
,
the
aut
hors
in
tro
du
ce
d
a
n
e
ff
ic
ie
nt
r
ev
oca
ti
on
sc
hem
e
t
o
s
upports
bot
h
backwar
d
a
nd
f
orward
se
cur
it
y
.
In
X
ue
et
al
[16]
ex
plo
re
d
a
n
appr
oach
of
c
loud
side
acce
ss
co
ntr
ol
m
ec
han
ism
fo
r
e
nc
rypted
data
sto
rag
e
.
Fr
om
the
pro
po
s
ed
sc
hem
e
can
sec
ur
e
the
cl
ou
d
sto
r
age
f
r
om
the
exter
nal
at
ta
cks
a
nd
offe
r
s
powe
r
consum
ption
a
ccounta
bili
ty
.
Also
intr
oduce
d
tw
o
sig
nificant
sec
ur
it
y
pr
oto
c
ols
wh
ic
h
help
t
o
m
easure
an
d
analy
ze the sys
tem
p
erfor
m
ance.
The
inc
reasin
g
ada
ptio
n
of
cl
ou
d
-
e
nab
le
d
data
com
pu
t
ing
an
d
sto
ra
ge
m
anag
em
ent
has
cl
early
fo
c
us
e
d
on
e
nhanci
ng
it
s
pe
r
form
ance
in
te
rm
s
o
f
util
it
y
a
nd
c
os
t
fact
or
s
wh
ic
h
ha
ve
a
sign
ific
a
nt
i
m
pact
on
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N:
20
88
-
8708
A co
st
-
ef
fe
ct
iv
e
2
-
ti
er security
pa
r
adig
m
t
o
s
af
eguar
d
cl
ou
d da
t
a
…
(
Veen
a R.S
.
)
3835
the
ec
onom
ic
conditi
ons.
Th
e
bette
r
pe
rv
a
sive
c
om
pu
ti
ng
s
olu
ti
ons
ne
ed
bette
r
acce
ss
co
ntr
ol
as
well
a
s
secur
e
sto
ra
ge
m
anag
em
ent
to
e
nsure
the
re
li
abili
ty
of
dat
a
in
VMs.
The
reb
y,
the
e
xisti
ng
resea
rc
h
prob
le
m
per
ta
ini
ng to s
ecur
it
y o
f
cl
oud wh
ic
h
is
over
looked
in
m
os
t o
f
the
abo
ve
si
gn
i
ficant st
ud
i
es are a
s foll
ows:
−
Existi
ng
sec
ur
i
ty
patches
runni
ng
on
the
to
p
of
cl
ou
d
i
m
po
s
es
com
par
at
ively
weak
secur
it
y
patches
w
hic
h
do
no
t
e
ns
ure
bette
r
acc
ess
c
on
t
ro
l
of
the
cl
ie
nt
up
l
oad
e
d
data
in
the
cl
oud.
It
is
al
so
f
ound
that
m
os
t
of
the
a
uth
e
ntica
ti
on
an
d
acce
ss
co
ntr
ol
m
echan
ism
is
ver
y
m
uch
c
on
te
m
po
r
ary
w
hich
do
es
n'
t
yi
el
d
a
bett
er
secur
it
y s
olu
ti
on
wh
e
n
t
he
at
ta
ck patt
ern cha
nges.
−
Most
of
the
c
onve
ntio
nal
cl
oud
-
based
a
uth
e
ntica
ti
on
poli
ci
es
are
crypto
gr
aph
y
ba
sed
whic
h
of
te
n
f
ound
ens
ur
in
g
ef
fecti
ve
sec
ur
it
y
pa
tc
hes
ow
i
ng
to
it
s
pote
ntial
e
ncr
y
ption
s
olu
t
ion
but
at
t
he
sam
e
t
i
m
e
la
c
ks
cost
-
e
ff
ect
ive
ne
ss
f
ro
m
a
co
m
pu
ta
ti
on
al
vi
ewpoin
t,
w
hic
h
is
e
ssentia
l
wh
e
n
t
he
ubiq
uitous
patte
rn
of
com
pu
ti
ng
is
c
on
ce
r
ned f
or tr
ansacti
onal
d
at
a.
−
Ther
e
has
bee
n
ver
y
le
ss
em
ph
a
sis
giv
e
n
towa
r
ds
secu
rin
g
the
cl
oud
stora
ge
(i.e.
VM
instances)
w
he
r
e
heter
og
e
ne
ou
s
data
up
l
oad
e
d
by
cl
ie
nts
get
s
tore
d.
The
em
e
rg
e
nt
data
sto
ri
ng
poli
cy
the
re
by
ne
eds
a
c
os
t
-
eff
ect
ive
s
ecu
r
it
y
m
od
el
wh
i
ch
ca
n
se
ns
e
t
he
le
vel
of
vu
lnera
bili
ty
arises
to
br
id
ge
t
he
gap
betwee
n
secur
it
y an
d
c
om
m
un
ic
at
ion
pe
rfor
m
ance.
−
Existi
ng
s
ecu
rity
loo
p
-
hole
s
in
a
cl
oud
st
orage
syst
em
du
e
to
com
plex
big
-
data
at
trib
utes
are
ye
t
to
be
addresse
d
with
a
f
ull
-
pro
of
s
ol
ution
.
It
ca
n
be
so
lve
d
by
sto
rin
g
the
data
a
m
on
g
ra
ndom
VMs
wit
h
a
non
-
conve
ntion
al
f
i
le
-
ind
e
xing sys
tem
.
Ther
e
f
or
e,
t
he
pro
blem
identifie
d
in
t
his
re
ga
rd
s
is
-
“
It
is
quit
e
a
ch
all
en
gi
ng
ta
sk
to
design
an
al
go
rit
hm
th
at
can
en
su
re
co
st
-
ef
fe
ct
iv
e
da
t
a
sec
ur
it
y
afte
r
the
cl
ie
nts
uplo
ads
the
dat
a
in
cl
oud
sto
ra
ge
.
Th
e
ch
al
le
ng
e
increase
s
m
ulti
fold
wh
en
t
he
big
data
stre
am
is
c
on
si
dere
d
”
T
he
pr
ese
nt
ed
stu
dy
the
re
by
inten
ds
t
o
s
olv
e
t
he
identifie
d
pro
bl
e
m
with
a
j
oi
nt
fr
am
ework
wh
ic
h
is
two
-
f
old
wh
e
re
fir
s
tl
y
i
t
intro
duc
es
i)
a
novel
cl
oud
acce
ss
co
ntr
ol
m
echan
ism
fo
ll
ow
e
d
by
ii
)
a
cost
-
e
ff
ect
i
ve
f
ram
ewo
r
k
for
a
hi
gher
de
gr
ee
of
VM
secur
it
y
so
luti
on.
The
pr
opos
e
d
s
yst
e
m
of
fer
s
hi
gh
-
le
vel
sec
ur
i
ty
so
luti
on
by
pr
ese
ntin
g
a
co
m
bin
ed
fr
am
e
work
w
hich
involves
t
wo
sta
ges
of
operati
ons
s
uc
h
as
i
)
S
tag
e
-
1
:
A
novel
a
ccess
c
on
tr
ol
poli
cy
al
ong
wit
h
ii
)
St
age
-
2
:
A
cost
-
ef
fecti
ve
fr
am
ewo
r
k
f
or
VM
secu
rity
.
It
basi
cal
ly
op
ti
m
iz
es
the
perform
ance
of
the
so
luti
on
by
in
corp
or
at
in
g
li
ght
-
weig
ht
cryp
tograp
hy
poli
cy
wh
ere
a
pe
r
vasive
patte
rn
of
the
com
puta
ti
on
m
ade
it
com
p
utati
on
al
ly
eff
i
ci
ent
an
d
r
obust
.
The
acce
ss
con
t
ro
l
po
li
c
y
basical
ly
app
li
es
a
li
near
kecca
k
te
chn
iq
ue wh
ic
h
al
so
e
nhance
d
it
scala
bili
ty
perform
ance to
a h
ig
her
e
xten
t. Th
e f
ollo
wing Fig
ur
e
1
s
ho
ws
a
n
ov
e
r
view
of
th
e
propose
d
2
-
t
ie
r
secu
rity
m
od
el
in
g.
The
pro
posed
a
rc
hitec
tural
bl
ock
-
base
d
re
pr
ese
nt
at
ion
cl
early
sh
ows
that
the
syst
em
m
od
el
ing
is
of
2
-
fo
ld
se
gm
ents
wh
ic
h
sh
are
a
c
omm
on
researc
h
go
al
of
stren
gth
in
g
t
he
secu
rity
arch
it
ect
ur
e
ta
r
ge
te
d
to
be
im
pl
e
m
ented
on
m
ulti
ple
cl
oud
or
VMs.
The
syst
e
m
m
od
el
ing
is
s
uppo
rted
with
t
wo
di
ff
e
ren
t
al
gorithm
s
wh
ic
h
a
re
a
naly
ti
ca
ll
y
fr
am
ed
and
i
m
ple
m
ented
ov
e
r
a
nu
m
erical
platf
or
m
.
The
syst
em
design
a
nd
im
ple
m
entat
ion
re
qu
ire
m
ini
m
um
64
-
bit
wi
ndows
sup
porte
d
with
4G
B
inte
rn
al
m
e
m
or
y
and
1.2
GH
z
proces
sing
s
pee
d.
T
he
perform
ance
of
th
e
pro
pos
ed
m
od
el
ing
ha
s
bee
n
validat
ed
with
resp
ect
to
t
hr
e
e
diff
e
re
nt
para
m
et
ers
su
ch
a
s
i)
Ti
m
e
to
gen
erate
a
sec
re
t
key,
ii)
Proc
essin
g
tim
e,
iii)
Key
s
iz
e
for
enc
rypt
ion
.
The
exte
nsi
ve
disc
us
si
on
of
t
he
pro
po
se
d
f
ram
ewo
r
k
de
sign
a
nd
m
odel
ing
is i
ll
us
trat
ed
in
the c
onsecuti
ve
secti
on
A
n
o
v
e
l
m
e
c
h
a
n
i
s
m
t
o
e
n
s
u
r
e
h
i
g
h
-
l
e
v
e
l
a
c
c
e
s
s
c
o
n
t
r
o
l
i
n
C
l
o
u
d
E
f
f
i
c
i
e
n
t
S
e
c
u
r
i
t
y
S
o
l
u
t
i
o
n
t
o
S
t
r
e
n
g
t
h
e
n
V
M
O
p
e
r
a
t
i
o
n
s
A
n
o
v
e
l
2
-
t
i
e
r
S
e
c
u
r
i
t
y
F
r
a
m
e
w
o
r
k
i
)
C
l
i
e
n
t
r
e
g
i
s
t
r
a
t
i
o
n
,
i
i
)
k
e
y
g
e
n
e
r
a
t
i
o
n
,
i
i
i
)
G
e
n
e
r
a
t
i
n
g
s
e
c
u
r
i
t
y
t
o
k
e
n
s
,
i
v
A
d
m
i
n
c
o
n
t
r
o
l
U
S
E
R
C
o
m
p
u
t
i
n
g
I
n
t
e
r
f
a
c
e
U
n
i
t
<
A
c
c
e
s
s
R
e
q
>
<
R
e
s
p
o
n
s
e
>
S
H
A
-
1
2
8
i
)
E
n
c
r
y
p
t
i
o
n
o
f
U
s
e
r
u
p
l
o
a
d
e
d
D
a
t
a
I
i
)
S
p
l
i
t
d
a
t
a
a
n
d
k
e
y
a
t
t
r
i
b
u
t
e
Figure
1. Pro
pose
d
arc
hitec
tu
re
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
9
, N
o.
5
,
Oct
ober
201
9
:
3
8
3
3
-
3
8
4
2
3836
2.
SY
STE
M DESIGN
The
pro
pose
d
syst
e
m
aims
t
o
ex
plore
acc
ess
con
t
ro
l
an
d
virt
ual
m
achine
sec
ur
it
y.
The
detai
le
d
syst
e
m
d
esi
gn
is give
n belo
w.
2.1.
Ph
as
e
-
on
e:
access c
ont
rol for cl
ou
d
u
sers
This
phase
of
the
resea
rch
ai
m
s
to
pr
ovide
a
hig
hly
s
ecu
r
e
authen
ti
cat
io
n
m
echan
is
m
fo
r
the
cl
ou
d
stora
ge
syst
em
(CSS)
.
T
he
blo
c
k
re
pr
e
sentat
ion
of
t
he
pro
pose
d
authe
ntica
ti
on
m
echan
ism
i
s
sh
own
in Figu
re
2 where the
clo
ud is
accessed
b
y c
on
si
der
i
ng user
cre
den
ti
al
s a
nd
dev
ic
e a
ut
he
ntica
ti
on
.
I
n
f
o
r
m
a
t
i
o
n
,
P
a
s
s
w
o
r
d
U
s
e
r
R
e
q
u
e
s
t
C
o
n
f
i
r
m
a
t
i
o
n
k
e
y
L
i
n
e
a
r
C
o
n
g
r
u
e
n
t
i
a
l
O
p
e
r
a
t
i
o
n
G
e
n
e
r
a
t
e
S
e
c
r
e
t
K
e
y
E
n
c
r
y
p
t
i
o
n
U
s
e
r
/
D
e
v
i
c
e
G
e
n
e
r
a
t
e
B
a
r
c
o
d
e
U
n
i
q
u
e
i
d
D
e
v
i
c
e
v
a
l
i
d
a
t
i
o
n
C
l
o
u
d
s
t
o
r
a
g
e
a
c
c
e
s
s
Figure
2. Bl
oc
k rep
rese
ntati
on
of an
access
con
t
ro
l
In
the
init
ia
l
sta
ge,
the
us
e
r
cred
e
ntial
s
will
be
ta
ken
an
d
pr
oc
ee
de
d
f
or
the
enrollm
ent
pr
oces
s.
The
us
e
r
re
gistrati
on
is
pe
rform
ed
by
us
er'
s
pr
e
form
at
ion
,
fo
r
that,
a
see
d
value
is
ge
ner
a
te
d
wh
ic
h
help
s
i
n
secur
e
a
uth
e
nt
ic
at
ion
.
Lat
er,
encr
y
ption
is
a
pp
li
ed
i
n
each
la
ye
r
fo
r
the
sam
e
cred
entia
ls
of
use
rs
.
For
this
us
er
will
be
pro
vid
e
d
with
a
uniq
ue
ide
nt
ific
at
ion
nu
m
ber
.
T
he
n,
a
se
ed
or
to
ken
f
or
secu
rity
wi
ll
be
gen
e
rate
d
f
or
wh
ic
h
sim
il
ari
ty
m
at
ch
will
be
i
niti
al
iz
ed
f
or
prel
im
inary
aut
hen
ti
cat
ion.
I
n
t
he
ne
xt
s
ta
ge,
to
prov
i
de
furt
her
sec
ur
it
y
to
the
tok
e
n
us
e
r
cred
e
ntial
s
is
ob
ta
ined
as
a
re
qu
e
st
fo
r
sec
uri
ty
key
con
fi
r
m
at
ion
.
Fu
rt
her,
a
li
ne
ar
c
ongrue
ntial
op
e
rati
on
i
s
pe
rfor
m
ed
to
gen
e
rate
a
ra
ndom
nu
m
ber
f
or
enc
ryptio
n.
The
e
ncr
y
ption
is
pe
rfor
m
ed
to
handle
bo
t
h
t
he
tr
us
te
d
use
r
an
d
dev
ic
e.
T
his
ge
ne
rates
a
secret
key
w
hi
ch
is
e
m
bed
de
d
as
a
bar
c
ode
to
pe
rfor
m
us
er
de
crypti
on.
Fi
na
ll
y,
the
secure
d
in
form
at
ion
from
the
bar
c
od
e
is
extracte
d
an
d
an
a
dm
inist
rat
or
m
od
ule
is
buil
d
to
c
on
tr
ol
the
use
r
act
ivit
ie
s.
The
al
gori
thm
i
m
ple
m
ented
f
or
acce
ss contr
ol
is give
n belo
w:
Algori
th
m
for
a
ccess
contr
ol
o
f
clou
d u
ser
s
Sta
rt
L
-
1
.
Initialize
Nu
,
Sp
,
Uid
L
-
2
.
Se
t
U
i
n
f
(M
N
,
E
id
,
Uid
),
Pw
L
-
3
.
Sto
r
e
U
i
n
f
S
m
L
-
4
.
Match
Uin
f
|
|
S
t
L
-
5
.
Initialize
Pw
L
-
6
.
D
ef
in
e
C
L
L
-
7
.
Co
n
v
ert
Pw
ASCII
chara
cter
L
-
8
.
G
en
erate
Ran
d
o
m
nu
m
b
e
r
sec
ret
k
ey
L
-
9
.
Pe
rf
o
r
m
E
n
cry
p
tio
n
L
-
1
0
.
E
m
b
ed
d
ed
key
B
arcod
e
L
-
1
1
.
Valid
ate
User Cr
ed
en
tials
L
-
1
2
.
Dec
r
y
p
t
B
arcod
e
L
-
1
3
.
Sto
re
Clo
u
d
L
-
1
4
.
Ve
rif
y
Up
Allo
w or den
ied
p
er
m
iss
io
n
L
-
1
5
.
Cre
ate
b
u
c
k
et f
o
r
Clien
t activities
L
-
1
6
.
M
an
ag
e
f
iles&f
o
ld
ers
L
-
1
7
.
Exa
m
in
e all
th
e ac
tiv
ities
L
-
1
8
.
Pe
r
m
it
Cs
End
The
al
go
rithm
beg
i
ns
with
th
e
init
ia
li
zat
ion
of
the
nu
m
ber
of
us
e
rs
(Nu
),
ser
vice
pro
vide
rs
(
Sp)
of
cl
oud
a
nd
uniq
ue
ide
ntific
at
io
n
(
Uid)
num
ber
(Li
ne
-
1.).
Usi
ng
these
cre
de
ntial
s
each
us
e
rs
in
form
at
ion
is
set
with
a
m
ob
il
e
nu
m
ber
(M
N
)
,
e
m
ai
l
id
(Eid),
un
iq
ue
ide
ntific
at
ion
(
Uid)
nu
m
ber
an
d
th
en
the
pa
sswo
r
d
is
set
(Line
-
2.).
All
these
inf
or
m
at
i
on
of
us
er
s
is
consi
der
e
d
as
t
he
pri
vate
inf
orm
ation
colle
ct
ed
by
the
S
p
a
par
t
from
oth
er
m
is
cel
la
neous
in
form
ation
capt
ured
a
nd
is
st
or
e
d
in
t
he
syst
em
(Line
-
3).
Th
us,
the
al
go
rithm
aim
s
to
secu
re
al
l
these
pr
ivat
e
inf
or
m
at
ion
it
ta
kes
a
s
ecur
it
y
m
echan
i
sm
to
pr
ote
ct
this
inf
orm
at
ion
.
As
c
oncat
enat
ion
of
the
uni
qu
e
num
ber
r
esults
in
a
nother
uniq
ue
nu
m
ber
;
therefor
e,
the
c
oncat
e
nation
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N:
20
88
-
8708
A co
st
-
ef
fe
ct
iv
e
2
-
ti
er security
pa
r
adig
m
t
o
s
af
eguar
d
cl
ou
d da
t
a
…
(
Veen
a R.S
.
)
3837
op
e
rati
on
act
s
as
one
of
t
he
s
i
m
ple
ste
ps
in
desig
ning
tra
pdoo
r
f
unct
ion.
This
op
e
rati
on
is
perform
ed
to
do
encodin
g
of
use
r
inf
or
m
at
ion
an
d
pass
word.
If
the
syst
e
m
info
rm
at
io
n
(S
m
)
and
it
s
con
cat
e
nated
data
m
at
ches
then
secur
it
y
tok
e
n
St
is
ob
ta
ined
(Line
-
4).
I
f
posit
ive
sim
il
ari
ty
m
a
tc
h
a
m
on
g
tw
o
c
on
cat
enated
secur
it
y
tok
e
ns
is
ob
ser
v
ed
then
the
al
gori
thm
reco
gniz
e
s
it
as
a
le
gitim
at
e
us
er
or
el
se
it
ind
ic
at
es
it
as
il
le
gitim
at
e
m
e
m
ber
s.
This
al
gorithm
al
so
aim
s
to
gen
e
rat
e
a
secret
key
that
co
uld
offe
r
a
bette
r
enc
r
ypti
on
process
.
For
th
is,
the
inputs
N
u,
S
p,
Ui
d,
St.
The
ge
ner
at
e
d
se
cur
it
y
tok
e
n
is
need
e
d
to
be
pr
otect
e
d
fro
m
any
form
of
m
an
-
in
-
m
idd
le
at
ta
ck.
Also
,
t
he
se
cret
key
is
util
iz
ed
f
or
a
uth
e
ntica
te
d
pas
sphrase
ge
ner
at
i
on
from
the v
i
rtual m
ac
hin
e
w
hich
is
larg
e
in n
um
ber
as wel
l as it
is
highly
d
ist
rib
ut
ed.
Hen
ce
,
virt
ual
m
a
chines
to
be
highly
secu
red.
The
pr
opos
e
d
syst
e
m
c
onfig
ur
e
s
the
le
ng
t
h
of
the
cod
e
(C
L
)
us
in
g
t
w
o
net
wor
k
pa
ram
et
ers
(L
ine
-
6)
.
T
he
se
cur
it
y
to
kens
a
re
cl
assifi
e
d
w
it
h
res
pect
t
o
dev
ic
e
identit
y
Did.
T
he
obta
ine
d
in
f
or
m
at
ion
of
th
e
encr
y
ption
is
furthe
r
enc
od
ed
in
t
he
f
or
m
of
t
he
A
SCI
I
f
or
m
at
that
al
lows
pe
rfor
m
ing
ci
pherin
g
the
obta
ined
te
xt
f
ur
t
he
r
(Line
-
7)
.
F
ur
t
her
sec
ur
it
y
is
incorporat
ed
by
app
ly
in
g
f
or
a
ps
e
udo
-
ra
ndom
nu
m
ber
to
obf
us
cat
e
the
cod
e
(Lin
e
-
8)
wh
ic
h
does
no
t
al
low
the
at
ta
cker
t
o
perform
de
crypti
on
on
th
e
ci
ph
e
re
d
data.
T
he
pro
posed
s
yst
e
m
i
m
ple
ments
a
li
near
cong
ru
e
ntial
operati
on
wh
ic
h
br
in
gs
op
ti
m
iz
ation
of
pse
ud
o
-
rand
om
nu
m
ber
s
wh
ic
h
offer
s
a
dual
la
ye
r
of
secu
rity
towa
rd
s
t
he
il
le
gitim
at
e
ac
cess.
Furthe
r
e
ncr
y
ption
op
e
r
at
ion
is
perf
orm
e
d
us
in
g
the
has
hing
f
un
ct
i
on
(Hf)
t
hat
le
ads
to
a
gen
e
rati
on
of
encr
y
pted
data
(Line
-
9).
It
shou
l
d
be
know
n
that
this
enc
r
ypte
d
data
will
be
only
re
qu
ir
ed
to
perform
inv
ol
unta
ry
a
uth
e
ntica
ti
on
m
echan
is
m
ov
er
the
cl
oud
en
vir
onm
ent.
The
al
gorith
m
do
es
ve
rifi
c
at
ion
of
the
in
form
a
ti
on
en
gr
a
ve
d
within
the
de
vi
ce.
This
op
e
r
at
ion
is
fu
rt
he
r
fo
ll
owe
d
by
the
extracti
on
of
the
encr
y
pted
i
nform
at
i
on
f
r
om
the b
a
rcodes
(Li
ne
-
10).
This
operati
on
is
carried
out
by
any
pro
pr
ie
ta
ry
app
li
cat
ion
r
unning
over
the
us
er
dev
ic
e.
It
is
al
so
safer
from
a
secur
it
y
view
point;
as
su
c
h
f
or
m
s
of
the
reade
r,
the
a
ppli
cat
ion
ca
n
perfor
m
the
on
ly
ext
racti
on
of
the
e
nc
od
e
d
inf
orm
ation
and
not
the
ori
gin
al
inf
or
m
at
ion
.
F
or
e
xtra
ct
ing
the
ori
gi
nal
inf
or
m
at
ion
,
th
e
encr
y
pted
data
has
t
o
be
pass
e
d
ov
e
r
t
o
t
he
cl
oud
stora
ge
w
he
re
it
is
s
ubj
ect
ed
t
o
decr
y
ptio
n.
The
in
form
a
ti
on
ob
ta
ine
d
from
the
dec
ryptio
n
is
no
t
f
orwa
r
ded
t
o
the
us
e
r,
a
nd
only
the
acce
ss
rig
hts
are
f
orwarde
d
to
the
us
ers
in
the
for
m
of
g
ra
nt
or de
nial (Li
ne
-
11)
.
This
al
gorithm
pr
es
e
nts
the
pr
ocess
of
a
uth
e
ntica
ti
on
le
vel
-
2.
T
he
al
gorith
m
sta
rts
with
a
un
i
qu
e
key
wh
ic
h
de
note
s
by
Ukey
.
O
nc
e
the
uniq
ue
key
is
pro
vid
e
d,
the
n
the
de
vice
will
chec
k
f
or
a
uth
e
ntica
ti
on
.
Ther
e
a
re
tw
o
m
ajo
r
ste
ps
f
or
authe
ntica
ti
on
wh
ic
h
is:
a)
Au
t
hen
ti
cat
e
de
vice
re
gistr
at
ion
wh
ic
h
de
no
te
s
by
Dr.
b)
Decr
y
ption
of
the
bar
c
od
e
wh
ic
h
de
note
s
by
#.
T
he
nex
t
ste
p
dem
on
st
rates
f
or
th
e
us
er
dev
ic
e,
wh
i
c
h
is
Decr
y
pt,
the
Ba
r
Co
de
for
the
us
e
r
dev
ic
e
(Cd)
(
Line
-
12
).
Her
e
,
the
use
r
de
vice
will
decr
y
pt
the
bar
co
de.
A
nd
in
t
he
e
nd,
cl
oud
st
or
a
ge
will
be
acce
ss
ible
by
the
us
e
r
w
ho
al
rea
dy
reg
ist
ere
d
int
o
the
cl
oud
(Lin
e
-
13)
.
The
acce
ss
ri
ghts
are
offe
red
by
a
m
at
ch
of
the
cor
r
ect
use
r
w
hile
the
pri
vilege
is
of
fe
r
ed
by
the
subs
cripted
op
te
d by the
use
r by payi
ng a
sp
eci
f
ic
am
o
un
t t
o
their
servic
e pro
vid
e
r.
In
ca
se
of
un
a
uthorize
d
acce
ss
eve
nt,
the
a
dm
inist
rator
f
orwa
rd
s
a
m
essage
of
de
nial
of
any
form
of
serv
ic
es
to
t
he
unaut
horized
us
er
ot
herwise
,
it
grants
the
acce
ss
(
Line
-
14)
.
Af
te
r
the
a
ccess
is
gr
a
nte
d,
t
he
us
er
wil
l
be
able
to
us
e
the
app
li
cat
io
n.
A
nothe
r
interest
in
g
i
m
ple
m
entat
i
on
of
the
propose
d
syst
e
m
is
that
the
us
e
r
is
offe
red
a
rig
ht
to
c
on
st
ru
ct
cl
oud
bu
c
kets
(Line
-
15)
f
or
re
posit
ing
it
s
file
con
t
ents.
Cl
ou
d
bu
ckets
are
the
locat
io
n
of
sto
ra
ge
unit
s
create
d
by
an
adm
inist
rat
or
to
re
posit
t
he
file
s
of
the
us
er
(
Line
-
16)
.
Su
ch
cl
oud
buckets
are
highly
interco
nnect
ed
wit
h
each
ot
her
as
well
as
hig
hly
distribu
te
d
in
natu
re.
A
sig
ni
ficant
m
ul
ti
-
thread
i
ng
process
is u
ti
li
zed for
e
nsuri
ng t
he dist
rib
ut
ed fil
e m
anag
e
m
ent.
Ap
a
rt
from
thi
s,
the
pro
po
s
e
d
syst
e
m
al
so
entit
le
s
the
adm
inist
rator
to
edit
any
fo
rm
of
ope
rati
on
that
is
c
urren
tl
y
in
us
e
by
a
ny
us
e
r.
The
a
bove
al
gorithm
de
m
on
strat
es
ov
er
at
ta
inin
g
t
he
acce
ss
c
ontr
ol
to
t
he
cl
oud
sto
ra
ge,
and
it
is
not
ne
cessi
ti
e
s
that
the
us
e
rs
ha
ve
gr
a
nted
entire
the
pri
vileges
to
al
lo
w
act
ivit
y
int
o
the
cl
oud
sto
r
age
(Li
ne
-
17).
These
pri
vile
ges
sho
uld
prov
i
de
by
the
a
dm
inist
rator
.
On
ly
adm
in
m
ay
giv
e
these
pri
vilege
s
li
ke
a
gr
a
nt
or
de
ny
pe
rm
iss
ion
to
t
he
us
e
r
(Line
-
18)
.
T
he
se
pr
i
vileges
giv
e
the
us
ers
t
o
m
ake
a
bucket
i
n
the
cl
oud
st
or
a
ge,
per
m
it
s
the
use
r
to
orga
nize
the
file
s
as
well
as
f
old
e
rs.
It
a
lso
pe
rm
it
s
the
us
e
r
to
uploa
d
s
ome
diff
e
re
nt
kinds
of
file
s
with
m
ine
ty
pe
authorizat
ion
a
nd
even
pe
rm
i
ts
hi
m
/her
to
exec
ute
th
e
delet
e
perf
or
m
ance.
T
hese
pri
vileges
a
re
s
et
or
pr
e
sente
d
by
t
he
adm
inist
rato
r
w
ho
exam
ines
entire
the
act
ivit
y i
nto
th
e cloud.
2.2
.
Ph
as
e
-
tw
o
fo
r
inte
grate
d v
ir
tual mac
hine securi
t
y on
m
ultipl
e cl
ou
ds
This
sta
ge
of
de
sign
a
nd
anal
ysi
s
includes
t
he
de
v
el
opm
ent
of
an
i
nteg
rated
no
vel
sche
m
a
fo
r
cl
ou
d
-
base
d
sto
ra
ge
secur
it
y
w
hic
h
al
so
offe
rs
a
hi
gh
e
r
degree
of
pr
ivacy
prese
rv
at
io
n
i
n
VM
s.
T
he
sec
ure
s
tora
ge
acce
ss
m
echani
s
m
is
con
cept
ually
design
e
d
and
ta
r
geted
to
be
im
ple
m
ented
on
cl
ou
d
-
e
nab
le
d
VMs
w
it
h
the
pur
po
se
of
re
du
ci
ng
i)
vulnerabil
it
y
as
so
c
iated
wi
th
pu
blic
storage
a
nd
al
s
o
ii
)
da
ta
le
akage
prob
le
ms.
Desig
ning
t
he
secur
it
y
m
od
el
for
cl
oud
st
or
a
ge
al
s
o
a
pp
ly
a
n
op
ti
m
iz
ed
secur
it
y
pri
nci
ple
w
hich
e
nhan
ces
th
e
op
e
rati
onal
process
of
enc
ryption
sta
nd
a
rds
by
m
eans
of
m
ai
ntaining
a
well
-
balance
d
between
f
orw
ard
i
ng
and
bac
kwar
d
secrecy
.
T
he
proces
s
of
op
ti
m
i
zed
encr
y
ption
poli
cy
al
so
enh
a
nces
t
he
a
uth
e
ntica
ti
on
a
nd
data
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
9
, N
o.
5
,
Oct
ober
201
9
:
3
8
3
3
-
3
8
4
2
3838
exch
a
nge
pa
ra
dig
m
to
of
fer
m
uch
secur
e
and
c
os
t
-
ef
fecti
ve
fr
am
ework
of
sec
ur
e
sto
ra
ge
on
m
ult
iple
cl
ou
ds.
It
al
so
ai
m
s
t
o
offe
r
a
high
er
de
gr
ee
of
data
secu
rity
in
te
rm
s
of
pri
vacy
preser
vat
io
n,
c
onfi
den
ti
al
it
y,
and
inte
gr
it
y.
The
fr
am
ewor
k
basical
ly
ap
plies
the
secu
re
s
plit
ti
ng
m
echan
ism
to
s
tore
e
nc
rypted
data
at
tribu
te
s
to
th
e
cl
oud
-
e
na
ble
d
data
center
s
wh
ic
h
gen
e
rat
e
VM
insta
nce
s.
T
he
f
ollo
wing
Fig
ur
e
3
shows
a
blo
c
k
-
base
d
str
uctu
red arc
hit
ect
ur
e
of the
syst
e
m
m
od
el
ing
f
or this
ph
a
se.
U
S
E
R
C
l
o
u
d
A
p
p
I
n
t
e
r
f
a
c
e
S
y
n
c
h
r
o
n
o
u
s
D
a
t
a
C
e
n
t
r
e
F
i
l
e
M
a
n
a
g
e
m
e
n
t
f
o
r
d
i
f
f
e
r
e
n
t
d
a
t
a
a
t
t
r
i
b
u
t
e
A
E
S
B
i
n
a
r
i
z
a
t
i
o
n
o
f
P
r
e
-
p
r
o
c
e
s
s
e
d
d
a
t
a
E
n
c
r
y
p
t
e
d
D
a
t
a
V
M
I
n
s
t
a
n
c
e
s
I
n
s
t
a
n
c
e
I
D
/
S
t
o
r
e
/
E
n
c
r
y
p
t
e
d
d
a
t
a
/
D
i
r
e
c
t
o
r
y
A
p
p
l
y
V
M
S
e
c
u
r
i
t
y
S
o
l
u
t
i
o
n
S
e
g
m
e
n
t
a
t
i
o
n
Figure
3. A
rch
i
te
ct
ur
e f
or
VM secu
rity
so
luti
on
The
e
ff
ic
ie
nt
c
loud
sto
ra
ge
m
anag
em
ent
intends
to
sa
fegua
r
d
the
data
sto
ri
ng
poli
cy
,
w
he
re
data
get
up
l
oad
e
d
by
the
cl
oud
us
e
rs
thr
ough
di
ff
e
r
ent
cl
oud
a
ppli
cat
ion
s.
T
he
s
yst
e
m
fo
rm
ula
te
s
a
m
ulti
-
le
vel
an
d
distrib
uted
cl
oud
a
rch
it
ect
ure
wh
e
re
cl
oud
secur
it
y
get
im
po
sed
to
at
ta
in
bette
r
secu
rity
of
data.
U
su
al
ly
,
us
ers
are
m
or
e
con
ce
r
ned
a
bo
ut
secu
rin
g
the
ir
pr
i
vate
inf
or
m
at
i
on
wh
ic
h
can
be
us
e
fu
l
f
or
fu
t
ur
e
re
qu
ir
e
m
ent
and
a
naly
sis.
T
he
co
re
desig
n
pr
i
nciple
of
th
e
pro
po
se
d
te
c
hn
i
qu
e
is
c
omplet
el
y
analy
tical
and
al
s
o
rei
nfor
c
e
pr
i
vacy
protec
ti
on
of
data
to
fu
lfil
l
the
requirem
ent
of
i)
Op
ti
m
izing
com
plexity
pr
oble
m
wh
il
e
han
d
ling
bigger
key
siz
e,
ii
)
stren
gth
e
ning
the
key
gen
e
rati
on
pro
cess
wh
il
e
ii
i)
i
m
ple
m
enting
a
robu
st
sim
plifie
d
secur
e
a
uth
e
ntica
ti
on
schem
a.
The
co
re
ste
ps
inv
ol
ve
d
to
as
sess
the
com
puta
ti
on
of
t
he
pr
opos
e
d
al
gorit
hm
i
s
pr
ese
nted
bel
ow.
In
this
sta
ge
the
a
lg
or
it
hm
form
ulati
on
,
th
e
us
e
r
ha
s
to
gi
ve
in
put
of
a
n
entit
y
C
req
,
w
hi
ch
is
furthe
r
s
ubj
ect
ed
t
o
c
onsecuti
ve
operati
ons.
Her
e
,
C
req
ref
e
r
s
to
t
he
us
e
r
re
qu
e
st
to
sto
re
s
pecific
data
at
trib
ute
into
cl
oud
st
orage
or
VM
i
nst
ance.
A
fter
proces
sin
g
the
a
lgori
thm
in
a
nu
m
erical
com
pu
ti
ng
e
nvir
onm
ent,
the alg
or
it
hm
generates e
nc
rypted dat
a
wh
ic
h
is
furthe
r
se
gm
ented
pri
or
pl
aci
ng
to
the
VM
stor
a
ge
el
e
m
ent.
Algori
th
m
for
secure cl
ou
d
sto
r
age m
ana
gemen
t
usi
ng
key
-
spli
tt
in
g/
Segme
ntati
on
Inpu
t:
C
r
eq
(User
r
eq
u
est to
sto
re
sp
ecif
ic data attribu
te)
O
utp
ut:
VM
D
E
cr
y
p
t
(Success
f
u
l place
m
en
t of
encr
y
p
ted
data attribu
te)
Start
L
-
1
: I
n
itiali
ze:
DB
C
o
n
.
U
Ap
p
(
i
)
,
D
1
,
C
r
eq
L
-
2
: Obtain
U
ID
an
d
U
pa
s
s
L
-
3:
Ԑ
M
D5
(
U
pa
s
s
)
L
-
4:
Valid
ate
U
I
D
a
n
d
U
p
ass
L
-
5:
Co
n
v
ert
[0,
1]
D
1
L
-
6:
[
#
1
, #
2
]
G
k
e
y
-
1
,
2
(
Ԑ
,
U
pa
s
s
)
//
S
ecre
t ke
y
G
en
erati
o
n
ph
ase
L
-
7
:
∆
A
ES
En
(
D
1
)[
#
1
,
#
2
]
//
Encr
y
p
tio
n
of
data
L
-
8
: App
ly
Rijn
d
el key
sch
ed
u
lin
g
pro
cess
and
co
m
p
u
te
R
k
e
y
L
-
9
: Co
m
p
u
te Bit
XOR
f
(S
b
y
te
,
Bl
o
ck
-
R
k
e
y
)
L
-
1
0
: App
ly
No
n
-
Linear Sub
stitu
tio
n
L
-
1
1
: Ch
eck f
o
r
th
e state of
St
r
o
w
,
St
C
o
l
L
-
1
2
: Ch
eck Size
o
f
the d
ata S
∆
L
-
1
3
: Co
m
p
u
te R
em
=
S
∆
/ nu
m
b
e
r
o
f
VMs
L
-
1
4
: perf
o
r
m
seg
m
e
n
tatio
n
of
data and
esti
m
ate the
si
ze of
seg
m
en
ted
data
S
Data
(
∆)
S
∆
-
R
em
/ Nu
m
b
er
o
f
VM
s
L
-
15:
Co
m
p
u
te las
t data size
=
S
Data
(
∆)
+
R
em
L
-
1
6
: Ke
y
Sp
lit
[
#
1
, #
2
]
attribu
tes
L
-
17
:
for
(i
== 1: n
)
f
o
r
all VM
i
N
(
VM
)
L
-
1
8
:
Ran
d
o
m
ize
clou
d
ele
m
en
ts
L
-
1
9
:
Proces
s
C
r
eq
L
-
2
0
:
sto
p
L
-
2
1
: I
n
sert ke
y
va
lu
es alo
n
g
with
S
Data
(
∆)
rand
o
m
ized
V
Ms
Stop
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N:
20
88
-
8708
A co
st
-
ef
fe
ct
iv
e
2
-
ti
er security
pa
r
adig
m
t
o
s
af
eguar
d
cl
ou
d da
t
a
…
(
Veen
a R.S
.
)
3839
In
ste
p
-
1
of
the
al
gorithm
,
a
con
necti
on
gets
est
ablished
betwee
n
the
us
er
inte
r
face
w
here
app
li
cat
io
n
int
erf
ace
basical
ly
pr
oc
ess
an
d
validat
es
the
r
equ
e
ste
d
data
(
D
1
)
seq
ue
nce.
The
syst
em
b
asi
cal
ly
ta
kes
us
e
r
ID
(
U
ID
)
and
pa
s
s
w
ord
(U
pass
)
in
to
consi
der
at
i
on
w
hich
is
highli
gh
te
d
in
li
ne
-
2.
In
li
ne
-
3,
a
secur
e
data
is
ge
ner
at
ed
us
in
g
M
D
5,
in
w
hich
t
he
us
er
pa
sswo
rd
get
protect
ed.
Fu
rt
her,
t
he
sy
stem
al
so
ap
plies
the
1
st
la
ye
r
of
a
ut
hen
ti
cat
io
n
pol
ic
y
to
validat
e
the
us
e
r
I
D
an
d
Pass
w
o
r
d
(L
ine
-
4)
.
Furthe
r,
the
data
w
hic
h
is
to
be
sec
urel
y
pla
ced
i
ns
ide
a
V
M
stora
ge
is
s
ubj
ect
ed
to
go
thr
ough
a
pre
-
processi
ng
sta
ge
w
her
e
the
da
ta
get
conve
rted
i
nto
a
se
qu
e
nce
of
bin
a
ry
bit
pat
te
rn
(Line
-
5)
.
O
n
the
oth
er
hand,
a
functi
on
nam
ed
G
ke
y
-
1,
2
(
),
app
li
es
a
secre
t
key
gen
erati
on
process
wh
ic
h
is
fu
rt
her
us
e
d
in
enc
ryptin
g
the
data
at
tribu
te
s
us
in
g
AE
S
-
128
encr
y
ptio
n st
an
dard
(Line
-
6 a
nd Line
-
7).
The
process
f
ur
t
her
optim
ized
the
key
sc
hedulin
g
by
m
eans
of
ap
pl
yi
ng
a
novel
Ri
j
ndel
key
sche
du
li
ng
p
rocess
w
hich
is
highly
ci
te
d
in
m
os
t
the
sig
ni
ficant
sec
ur
it
y
pa
rad
i
gm
and
al
so
c
om
pu
te
the
rou
nd
key
at
tri
bu
te
s
R
ke
y
(Lin
e
-
8)
.
Th
e
e
ncry
pted
data
at
tr
ibu
te
siz
e
i
n
te
rm
s
of
byte
al
ong
with
a
bloc
k
of
rou
nd
key
en
ti
ty
is
fu
rthe
r
su
bject
ed
to
cor
re
spo
nd
i
ng
Bi
tXOR
co
m
pu
ta
ti
on
where
the
opera
ti
on
al
functi
onal
it
y
i
s
com
pu
ta
ti
onal
ly
enh
anced
with
resp
ect
to
pr
oce
ssin
g
sp
eed.
T
he
f
ur
t
her
com
pu
t
at
ion
al
process
a
pp
li
es
non
-
li
ne
ar
s
ubsti
tuti
on
w
her
e
the
old
byte
ge
t
su
bs
ti
tuted
with
the
new
ly
arr
ive
d
byte
of
data
at
tribu
te
s
wh
il
e
ref
e
ren
ci
ng
the
L
ookUp
Ta
ble
(Li
ne
-
9
-
10
).
T
he
process
al
so
chec
ks
for
the
sta
te
of
r
ow
an
d
sta
te
of
t
he
c
ol
um
n
wh
ic
h
is
associat
ed
wit
h
the
enc
rypte
d
data
at
tribu
t
e
an
d
al
so
co
m
pu
te
the
siz
e
of
the
data. T
his ste
p furthe
r
assist
i
n
the
co
m
pu
t
at
ion
of se
gm
ent
ed data
size a
nd als
o
in
k
ey
s
plit
ti
ng
(Li
ne
-
12
-
16).
Finall
y,
the
process
ra
ndom
i
zes
the
cl
oud
env
i
ronm
ent
and
sel
ect
ra
nd
om
VMs
to
st
or
e
e
xtracte
d
key
at
tribu
te
s
al
ong
with
the
S
Data
(∆)
(Line
-
17
-
21)
.
The
acce
ssing
un
it
of
the
ap
plica
ti
on
i
nterf
ac
e
on
ly
respo
ns
ible
f
or
deali
ng
with
C
req
an
d
the
process
of
th
e
response
f
or
storag
e
al
loc
at
ion
.
T
he
dat
a
get
segm
ented
an
d
furthe
r
un
dergo
e
s
thr
ough
da
ta
ind
exi
ng
w
her
e
t
he
ge
ne
r
at
ed
secret
key
perform
encr
ypti
on
with
AE
S
enc
ryptio
n
sta
nda
rd.
The
n
the
segm
ented
dat
a
al
ong
with
sp
li
t
key
at
tribu
te
s
get
store
d
into
m
ul
ti
ple
-
rack
serv
e
rs
wh
ic
h
are
m
a
intai
ned
by
a
distri
bute
d
r
an
dom
cl
oud
en
vir
on
m
ent.
The
pr
opos
e
d
syst
e
m
of
fer
s
hi
gh
e
r
-
degree of
VM
st
or
a
ge
s
ecur
it
y
eve
n
if a
chun
k
of
d
at
a
gets
com
pro
m
is
ed
wh
il
e
at
ta
ining
high
-
le
vel
scal
abili
ty
per
form
ance
as
it
do
es
n'
t
op
erate
with
a
sp
eci
fic
ty
pe
of
file
siz
e.
The
ne
xt
sect
ion
of
this stud
y hig
hl
igh
ts a com
pr
ehensi
ve
disc
ussi
on
on
the
pe
rfor
m
ance assessm
ent o
f
the p
rop
os
ed
s
olu
ti
on
a
nd
al
so
s
hows
t
he ou
tc
om
e o
btained
fro
m
the si
m
ula
ti
on
e
nv
ir
on
m
ent
.
3.
RESU
LT
A
N
ALYSIS
A
te
st
-
be
d
is c
on
st
ru
ct
e
d
to m
ake a
rep
li
cative en
vir
onm
e
nt f
or the cloud environm
ent. To
assess th
e
eff
ect
ive
ness
of
t
he
inte
rn
al
processi
ng
of
the
pr
opos
e
d
al
gorithm
,
no
e
xisti
ng
pro
pr
ie
ta
ry
cl
ou
d
-
base
d
serv
ic
es
ar
e
analy
zed.
It
is
because
it
is
no
t
feas
ible
to
assess
the
inte
rn
al
proc
essin
g
of
any
cl
oud
-
base
d
serv
ic
es
.
3.1.
Analysis
of
ac
cess co
nt
r
ol
The
f
reque
ntly
ado
pte
d
sec
ur
it
y
protoc
ols
are
the
Data
Encr
ypti
on
S
ta
nd
a
rd
(
DE
S),
Adva
nced
Encr
y
ption
Stand
a
r
d
(
AES),
and
Secu
re
Hash
Algo
rith
m
(S
HA)
a
nd
are
us
e
d
to
buil
d
the
sec
ure
cl
oud
serv
ic
e.
T
he
i
ndus
trie
s
al
s
o
aim
ed
to
dev
e
lop
sec
ur
it
y
pa
tc
hes
with
th
e
sa
m
e
pr
oto
c
ols
to
en
han
c
e
their
secur
it
y.
As
the
propose
d
secur
it
y
m
od
el
wh
ic
h
gi
ves
a
li
gh
tw
ei
gh
t
authe
ntica
ti
on
m
echa
nism
;
thu
s
,
it
choose
s
processi
ng
ti
m
e
as
per
f
or
m
ance
pa
ram
et
ers
for
pe
rfo
rm
in
g
a
com
par
at
iv
e
analy
sis
with
AES
and DE
S.
Figure
4
s
how
s
DES
al
gorit
hm
con
su
m
es
m
axi
m
u
m
pr
oc
essing
t
i
m
e
as
it
con
s
um
es
triple
tim
es
the
no
rm
al
pr
ocessin
g
s
pee
d
ow
i
ng
to
it
s
inh
e
re
nt
de
pende
ncies
of
the
m
axi
m
um
s
iz
e
of
t
he
blo
c
k.
Fu
rt
her
m
or
e,
AES
ca
nnot
be
te
rm
ed
as
secur
e
al
gorithm
al
though
it
s
s
peed
is
sl
ig
htly
slow
e
r
tha
n
DES
a
s
the
blo
c
k
de
ve
lop
e
d
by
AE
S
durin
g
enc
ryp
ti
on
bea
rs
sim
i
la
r
dim
ension
a
l
aspects
m
aking
the
patte
rn
m
or
e
vu
l
ner
a
ble.
H
oweve
r,
the
pro
po
s
ed
syst
em
do
e
sn
'
t
us
e
an
y
of
these
exis
ti
ng
schem
es
no
r
do
es
it
i
m
ple
m
ent
any
com
plex
r
ounds
ov
e
r
inc
reasin
g
sim
ula
ti
on
tria
ls.
He
nce,
t
he
pro
po
sed
syst
em
of
f
ers
faste
r
pr
oc
essing
com
par
ed
t
o A
ES as wel
l as
DES
.
Ther
e
are
tw
o
var
ia
nts
of
t
he
SHA
as
seen
to
be
exe
rcise
d
in
the
e
xisti
ng
syst
em
,
i.e.,
S
HA
-
1
an
d
SHA
-
2.
S
HA
-
1
is
t
he
prel
i
m
inary
ver
si
on
wh
ic
h
is
sti
ll
us
e
d
by
m
any
ser
vice
pro
vid
ers
ir
resp
ect
i
ve
of
it
s
repor
te
d
to
bei
ng
ob
s
olete
;
howe
ve
r,
S
HA
-
2
cl
aim
s
of
offer
in
g
m
or
e
secur
it
y
ben
e
fits.
Figure
5
sho
ws
the
m
easur
em
ent
betwee
n
t
he
propose
d
te
c
hn
i
ques
a
nd
bo
t
h
t
he
var
ia
nts
of
the
S
HA
al
gor
it
h
m
.
The
pro
po
s
ed
te
chn
iq
ue
at
ta
ins
superi
or
c
om
pu
ta
ti
on
al
outc
om
es
in
evaluate
to
the
SHA
-
1
al
gorithm
;
the
pr
op
os
e
d
m
et
ho
d
is
al
so
est
ablis
hed
to
have
s
up
e
rio
r
c
om
pu
ta
ti
on
al
com
po
ne
nts
e
valuat
ed
to
t
he
S
H
A
al
gorithm
.
I
t
giv
es
a
su
pe
rio
r
sec
uri
ty
char
act
eris
ti
c
by
creati
ng
a
secur
e
d
c
od
e
in
evaluate
to
SHA
that
it
sel
f
has
bee
n
a
vic
tim
of
var
io
us
at
ta
cks
in
the
pa
st.
Both
the
va
ri
ants
of
S
H
A
le
ads
to
the
ge
ner
at
io
n
of
col
li
sion
at
ta
ck
to
so
m
e
extent
of
ti
m
e.
The
pro
posed
analy
sis
al
so
fin
ds
no
sig
nif
ic
ant
dif
fe
re
nc
e
in
processin
g
ti
m
e
fo
r
bo
t
h
th
e
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
9
, N
o.
5
,
Oct
ober
201
9
:
3
8
3
3
-
3
8
4
2
3840
var
ia
nts
of
SHAs
w
hile
the
pro
posed
syst
e
m
of
fe
rs
sli
gh
t
ly
faster
com
pu
ta
ti
on
j
ust
by
us
in
g
the
norm
al
has
h
functi
on.
Hence
,
the
pro
pos
ed
syst
em
of
f
ers
m
or
e
sec
uri
ty
and
al
s
o
is
consi
der
e
d
as
the
highly
faster
respo
ns
e
ti
m
e.
Figure
4. Com
par
at
ive
an
al
ys
is wit
h AES
and
DES
Figure
5.
Com
par
at
ive
an
al
ys
is wit
h SH
A
-
1
and S
HA
-
2
3.2.
Analysis
of
vi
rtu
al ma
c
hine
securit
y
The
syst
em
exp
l
or
es
t
he
diff
e
re
nt
da
ta
-
centers
a
nd
cl
oud
pro
vi
der
util
iz
es
t
he
dif
fe
ren
t
crypto
gr
a
phic
al
gorithm
s
l
ike
AES
, D
ES,
R
SN
an
d
Bl
owfi
sh
f
or
the
e
ncry
ption
pr
ocess.
Hen
ce,
t
he
res
ults
of
the
propose
d
stud
y
ha
ve
be
en
com
par
ed
with
al
l
these
cryptogra
ph
ic
al
go
rithm
s.
The
keys
siz
e
i
s
the
perform
ance
pa
ram
et
er
wh
ic
h
r
eq
uires
a
s
pe
ci
fic
m
e
m
or
y
w
her
e
it
ca
n
be
store
d.
T
he
de
vices
with
m
e
m
or
y
const
raints
will
al
ways
hav
e
dep
e
nd
e
ncies
on
m
e
m
or
y
eff
ic
ie
nt
al
gor
it
h
m
s
i.e.
al
g
or
it
hm
s
with
highl
y
reduce
d
key
si
ze.
H
oweve
r,
the
key
siz
e
i
s
al
so
pro
portion
al
t
o
sec
ur
it
y.
The
pro
pos
ed
al
gorit
hm
us
es
a
discrete
c
rypto
gr
a
phic
has
h
a
lgorit
hm
in
an
easi
er
m
ann
er
w
her
e
the
al
gorithm
com
ple
xity
is
al
ways
ta
ke
n
care
of
by
discard
i
ng
it
if
it
is
al
read
y
ap
plied.
T
her
e
f
or
e,
this
lowest
key
siz
e
will
pr
ovi
de
an
e
qual
le
vel
of
secur
it
y
w
hat
"R
SA
"
can
ge
ner
at
e
w
it
h
bi
gg
e
r
siz
e
of
the
key
an
d
th
eref
or
e
pro
po
s
ed
syst
em
can
be
consi
der
e
d
as
on
e
of
the
co
st
-
eff
ect
ive
al
gorithm
s.
Figur
e
6
il
lustrate
s
that
RSA
prot
oco
l
gr
oups
th
e
la
rg
er
nu
m
ber
of
ke
y
siz
e
al
so
def
ines
hi
gh
m
e
m
or
y
dep
e
nd
ency
wh
ic
h
usual
ly
no
t
co
nf
li
ct
s
with
existi
ng.
Conver
sel
y,
Bl
owfish
a
nd
AE
S
al
so
hav
e
the
sam
e
featur
e
bu
t
from
the
com
pu
ta
ti
on
al
point
of
view
,
AES
is
bette
r
tha
n oth
er s
ec
ur
it
y p
ro
t
oco
ls
.
Figure
6. Com
par
at
ive
an
al
ys
is
of k
ey
-
siz
e use
d for e
ncr
y
ption
On
e
of
the
sig
nificant
perf
orm
ance
pa
ram
e
te
r
to
asses
s
th
e
eff
ect
ive
ness
of
the
pro
po
s
ed
syst
em
is
to
cal
culat
e
the
total
pr
ocessin
g
tim
e.
In
this
researc
h
stu
dy,
the
syst
e
m
evaluates
the
al
l
al
gorithm
pr
ocessing
tim
e
wh
ic
h
in
cl
ud
es
s
om
e
e
ssentia
l
ste
ps
li
ke
secret
key
gen
e
rati
on,
ke
y
updation,
a
nd
e
nc
ryptio
n
so
on.
Fo
r
al
l
these
i
m
ple
m
entat
io
ns
,
the
syst
e
m
ta
kes
m
ini
m
u
m
tim
e
irresp
ect
ive
of
ha
rdwar
e
an
d
s
of
t
war
e
resou
rces
pres
ents
in
the
use
r
dev
ic
e.
T
he
pr
ocessin
g
of
the
al
go
rithm
with
hi
gh
e
r
sp
ee
d
is
al
s
o
assist
ed
with
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N:
20
88
-
8708
A co
st
-
ef
fe
ct
iv
e
2
-
ti
er security
pa
r
adig
m
t
o
s
af
eguar
d
cl
ou
d da
t
a
…
(
Veen
a R.S
.
)
3841
eff
ect
ive
im
plem
entat
ion
in
t
he
com
pu
ta
ti
onal
de
vice
wit
h
res
ource
c
on
strai
nts.
Fi
gure
.6
represe
nts
that
the
pro
po
se
d
fr
am
ewor
k
will
pr
ov
i
de
fa
ste
r
c
om
pu
ta
ti
on
al
s
peed
f
or
al
gor
it
h
m
pr
oce
ssin
g
as
c
om
par
ed
with
oth
e
r
existi
ng
m
et
ho
ds.
Fig
ur
e
7
il
lustrate
s
t
hat
com
plexity
of
ti
m
e
will
m
axim
iz
e
fo
r
R
S
A
with
m
axi
m
i
zi
ng
the
traff
ic
loa
d.
Th
ough
util
iz
at
ion
of
RSA
cou
l
d
be
furn
i
sh
e
d
best
f
or
c
om
pu
ti
ng
dev
i
ces
with
no
re
so
urc
e
const
raints
it
'
s
no
t
m
or
e
ap
pl
ic
able
to
low
energize
d
dev
i
ces
and
res
our
ce
com
pu
ti
ng
dev
ic
e.
C
onve
rsely
,
Bl
ow
fis
h,
DE
S
,
an
d
AES
co
nt
ai
n
high
sup
porta
bili
ty
of
lo
w
e
nergized
de
vices,
but
due
to
it
s
co
ns
ta
nt
key
-
le
ng
th
s,
it
s
inc
reasin
g
proces
sing
ti
m
e
per
io
d
is
higher
t
ha
n
the
pro
pose
d
te
chn
i
qu
e
.
F
rom
the
ab
ov
e
fi
gure,
it
can
be
see
n
t
hat
the
pro
pos
ed
fr
am
ewo
r
k
pro
vid
es
a
fa
ste
r
s
peed
pro
cessi
ng
tim
e.
Since
the
pro
po
s
ed
al
gorithm
s
aut
hen
ti
cat
io
n
util
iz
es
nonr
ec
ursive
operati
ons
,
lowe
r
key
-
siz
e
and
fa
ste
r
key
-
up
dating
op
e
r
at
ion.
Ther
e
f
or
e,
the
dec
ryptio
n
operati
on
is
qui
te
bette
r
t
han
encr
y
ption
op
erati
on
an
d
wi
ll
no
t
a
ff
e
ct
e
ven
if
incom
ing
tra
ff
i
c load i
nc
rease
s.
Figure
7. A
nal
ysi
s o
f Tra
ff
ic
load wit
h res
pe
ct
to
ove
rall
pr
ocessin
g
ti
m
e(s)
4.
CONCL
US
I
O
N
This
pa
per
ta
r
gets
to
a
ddres
s
the
secu
rity
gap
that
i
ncr
e
ases
wit
h
em
e
rg
i
ng
gr
ow
t
h
of
the
use
r
requirem
ent
and
it
has
for
ced
the
enter
pr
ise
s
a
s
well
as
orga
nizat
ion
to
a
dopt
r
el
ia
ble
and
sc
al
able
infr
a
struct
ur
e
without
m
or
e
inv
est
m
ent
in
a
sh
ort
durat
ion
t
o
fu
l
fill
the
us
e
r’
s
requirem
ents.
W
it
h
th
e
i
m
pr
ovem
ent
i
n
cl
oud
com
puti
ng
,
or
gan
iz
at
ion
s
a
re
ex
plo
it
ing
the
cl
ou
d
serv
ic
es
to
tra
nsm
it
a
hu
ge
a
m
ou
nt
of
data
in
a
short
pe
rio
d,
pro
vid
es
en
orm
ou
s
storag
e
s
pac
e
without
set
tin
g
up
ne
w
in
frast
ru
ct
ure
as
well
a
s
ease
of
m
ai
ntenan
ce
with
high
avail
abili
ty
and
scal
a
bili
ty
s
o
on.
Alth
ough
cl
oud
te
ch
no
l
og
y
prov
i
des
s
ever
al
adv
a
ntage
s,
it
al
so
s
us
ce
ptible
to
sec
uri
ty
threats
a
s
oth
e
r
te
chnol
og
ie
s.
The
sec
uri
ty
can
be
m
easur
e
d
in
te
rm
s
of
authe
ntica
ti
on
,
i
den
t
ific
at
io
n,
a
nd
validat
io
ns
are
no
t
c
onside
re
d
as
reli
able
a
s
they
fail
to
offer
a
high
sec
ur
it
y
against
the
at
ta
c
ks
.
In
t
his
pa
pe
r,
a
sim
plifie
d
ve
rsion
of
m
od
el
in
g
has
be
en
car
ried
out
wh
e
re
the
prom
inent
fo
c
us
was
t
o
el
i
m
inate
authent
ic
at
ion
an
d
da
ta
secur
it
y
pr
oble
m
s.
The
out
com
es
of
the
a
ccess
con
t
ro
l
m
od
el
are
te
ste
d
us
i
ng
e
xp
e
rim
ental
m
od
el
ing
,
t
he
reli
abili
ty
and
te
chn
ic
al
a
dopt
ion
of
the
outc
om
e
s
are
qu
it
e
acce
pt
able
in
real
-
w
or
l
d
pro
blem
s
of
sec
ur
it
y.
Th
e
pr
op
os
e
d
acce
ss
con
tr
ol
m
o
del
offer
s
~
80%
of
the
r
ed
uctio
n
in
overall
co
m
pu
ta
ti
on
al
com
plexity
in
con
t
rast
to
the
existi
ng
syst
e
m
.
Si
m
i
la
rly
,
the
VM
secur
it
y
m
od
el
ou
tc
om
es
sh
ow
that
it
of
fers
~65
%
im
pr
ovem
ent
in
red
ucin
g
enc
ryption
ti
m
e
without
any
serio
us
s
patia
l com
plexity
.
Fu
rt
her,
the
pr
opos
e
d
m
od
el
s
of
cl
oud
can
be
c
on
si
der
e
d
to
im
pr
ov
e
the
w
orkab
il
it
y
and
qual
it
y
of
serv
ic
e
(QoS
)
factors
unde
r
hi
gh
tra
ff
ic
loa
d
sit
uation.
Usa
ge
of
cry
ptogr
aph
ic
al
go
rith
m
s
cou
ld
be
ev
al
uated
to
ta
r
get
hi
gh
eff
ic
ie
ncy
over
pe
rfor
m
ance
par
am
et
ers.
Al
so
,
t
he
m
od
el
s
can
be
us
e
d
t
ow
a
r
ds
im
ple
m
enting
the
cry
ptogra
phic
a
uth
e
ntica
ti
on
m
echan
ism
fo
r
e
xam
ini
ng
the
le
giti
m
acy
of
cl
ie
nts
as
well
as
da
ta
an
d
traff
ic
l
oad b
ei
ng g
e
ne
rated.
R
E
F
E
R
E
N
C
E
S
[1]
L.
Grandi
n
et
t
i,
O.
Pis
ac
ane,
M.
Sheikha
li
shah
i,
“
Perva
sive
Cloud
Com
puti
ng
Te
ch
no
logi
es:
F
uture
Outlooks
and
Inte
rdisc
ipl
in
ar
y
Perspec
t
ive
s
”
,
I
GI
Publ
i
cat
ion
,
Adv
anc
es
in
Sys
te
ms
Analysis,
S
oft
ware
En
ginee
ring,
and
High
-
Pe
rform
ance
Co
mputing
,
ISBN
-
13:
978
-
146664
6834,
2013
.
[2]
G.R.
Vij
a
y
,
A.R
.
M.
Redd
y
,
“
Inve
stiga
t
ional
Ana
l
y
sis
of
Se
cur
ity
Mea
sures
Eff
e
c
ti
ven
ess
in
Clou
d
Com
puti
ng:
A
Stud
y
”
,
Comput
er
Engi
n
ee
ring
a
nd
Intelli
g
ent Sys
te
ms
,
Vol.
5
,
No
.
7,
2014.
[3]
P.
Mell
,
T.
Gr
a
nce
,
“
Th
e
NIS
T
Defi
nition
of
Cloud
Com
puti
ng
”
,
R
ec
omm
en
dati
ons
of
th
e
Nati
onal
Insti
tute
of
Standards and
Technol
og
y, Spe
c
i
al
Pub
li
ca
ti
on
8
00
-
145,
2011
.
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
9
, N
o.
5
,
Oct
ober
201
9
:
3
8
3
3
-
3
8
4
2
3842
[4]
A.
J.
Adoga
,
G.
M.
Rabi
u
,
A.
A.
Audu,
“
Crit
e
ria
for
Choosing
An
Eff
e
ct
iv
e
Cloud
Storage
Provide
r”,
In
te
rnationa
l
Journal
of
Computati
onal
Eng
ineering
R
ese
arch
,
Vo
l.
04,
Iss
.
2,
20
14.
[5]
R.
A.
Popa.
,
J.R.
Lorc
h.
,
D.
Mol
nar
.
,
H.J.
W
ang.,
and
L.
Zhua
ng
.
,
“
Ena
bli
ng
Sec
urity
in
Cloud
S
tora
ge
SLAs
with
Cloud
Proof”, In
USENIX Annua
l
Techn
ic
al
Conf
ere
nce
,
Vol
.
242
,
2011.
[6]
Chandra
ka
la,
N.
,
and
B
.
Thi
rum
a
la
R
ao. "Migra
t
i
on
of
Virtu
al Ma
chi
ne
to
improve
the
[7]
Secur
ity
of
Clou
d
Com
puti
ng.
"
I
nte
rnational
Jou
rnal
of
El
e
ct
rica
l
and
Computer
Engi
ne
ering
(
IJE
CE)
,
Vol.
8
,
No
.
1
:
pp.
210
-
219
,
2018
.
[8]
Zha
ng,
T
ia
nwei
,
and
Ruby
B.
L
e
e.
"D
esign,
Im
ple
m
ent
ation,
and
Veri
fica
ti
on
of
Cloud
Archi
te
c
t
ure
for
Monitori
ng
a
Virtu
al Mac
hi
ne'
s
Secur
i
t
y
He
al
th
.
"
IE
EE Tr
ansacti
ons on
Com
pute
rs
,
vol
.
67
,
n
o.
6
,
pp
.
799
-
81
5
,
2018
.
[9]
Zha
ng,
T
ia
nwe
i,
and
Rub
y
B.
Le
e
.
"M
onit
orin
g
and
Atte
statio
n
of
Virtua
l
Mac
hin
e
Secur
ity
Hea
lt
h
in
Clou
d
Com
p
uti
ng.
"
IE
EE
M
ic
ro
,
vol
.
3
6,
no
.
5
,
pp
.
28
-
37
,
2016
.
[10]
Yin,
Xue
y
u
an,
Xingshu
Chen,
Li
n
Chen,
Guoli
n
Shao,
Hui
Li
,
and
Shus
ong
Ta
o.
"Resea
rch
of
Secur
ity
as
a
Ser
vic
e
for
VM
s in
Ia
aS
Plat
form
.
"
IE
EE
Ac
c
ess
,
vol
.
6
,
p
p.
29158
-
29172
,
2018
.
[11]
Li
u,
Qi
an,
Chu
l
ia
ng
W
eng,
Mi
nglu
Li,
and
Y
uan
Luo.
"A
n
In
-
VM
m
ea
suring
fra
m
ework
for
inc
re
asing
vir
t
ual
m
ac
hine
se
cur
i
t
y
in cl
ouds."
IEEE
Se
curit
y
&
Pri
vac
y
,
vo
l.
8,
no.
6
,
pp
.
56
-
62
,
20
10
.
[12]
Aluval
u,
Ra
ja
ni
kant
h,
Vanra
j
Kam
liy
a,
and
L
ak
shm
i
Muddana
.
"H
AS
BE
ac
ce
ss
cont
rol
m
odel
with
Secur
e
Ke
y
Distribut
ion
an
d
Eff
i
ci
en
t
Do
m
ai
n
Hier
ar
ch
y
for
c
loud
co
m
puti
ng.
"
Int
ernati
onal
Journal
of
E
lectric
a
l
and
Computer
Engi
n
ee
ring (
IJE
C
E)
,
vol.
6
,
no
.
2
,
pp
.
770
-
777
,
2016
.
[13]
Chenna
m
,
Krishna
Kee
rthi,
and
M.
Akka
La
kshm
i.
"Cloud
Secur
ity
in
Cr
y
p
t
Da
ta
base
Serve
r
Us
ing
Fine
Grain
e
d
Acc
ess Cont
rol
.
"
Inte
rnat
ional
Jo
urnal
of El
e
ct
ri
c
al
and
Comput
er
Engi
n
ee
ring
,
vo
l.
6
,
no
.
3
,
pp
.
91
5
-
924
,
2016
.
[14]
Hu,
Vince
nt
C
.
,
D.
Ri
cha
rd
Kuhn,
and
Da
vid
F.
Ferra
io
l
o.
"A
cc
ess
Control
for
Emer
ging
Distribut
e
d
S
y
stems
.
"
Computer
,
vo
l.
51,
no.
10
,
pp.
100
-
103
,
2018
.
[15]
He,
Heng,
Rui
xuan
Li,
Xinhu
a
Dong,
and
Zh
ao
Zha
ng
.
"S
ecure,
eff
icient
an
d
fine
-
gra
ine
d
d
at
a
ac
c
ess
cont
r
ol
m
ec
hani
sm
for
P
2P stora
ge cl
oud
.
"
IE
EE
Tr
ansac
ti
ons on
C
loud
C
omputing
,
vo
l.
2,
no.
4
,
pp.
471
-
4
84
,
2014
.
[16]
Xia,
Zh
ihua,
L
iangao
Zha
ng
,
an
d
Danda
n
L
iu.
"
Attri
bute
-
base
d
ac
c
ess
cont
rol
s
che
m
e
with
eff
i
ci
en
t
rev
o
ca
t
ion
in
cl
oud
computing
.
"
China
Comm
unic
ati
ons
,
vol
.
1
3,
no
. 7
,
pp
.
92
-
99
,
2016
.
[17]
Xue,
Kaip
ing,
W
ei
keng
Chen
,
W
ei
Li,
Ji
ana
n
Hong,
and
Peil
in
Hong.
"Com
bini
ng
Dat
a
Ow
ner
-
Side
and
Cloud
-
Side
Acc
ess
Control
for
Enc
r
y
pt
ed
C
loud
Storage."
I
EE
E
Tr
ansacti
o
ns
on
Information
Forensic
s
and
Sec
urity
,
vol
.
13,
no.
8
,
pp
.
2062
-
2074
,
2018
.
B
I
O
G
R
A
P
H
I
E
S
O
F
A
U
T
H
O
R
S
Vee
na
R.
S,
has
complet
ed
her
B.
E.
in
Com
put
er
Te
chno
log
y
fr
om
Nagpur
Uni
ver
sit
y
in
1997,
her
MTec
h
in
C
om
pute
r
Scie
nc
e
&
Engi
ne
eri
ng
from
VTU
in
2007.
She
is
cur
r
ent
l
y
pursuing
her
PhD
in
Co
m
pute
r
Scie
n
ce
&
Eng
ine
er
ing
f
rom
VTU,
Bela
gavi
.
She
h
as
to
ta
l
20
y
e
ars
of
e
xper
i
ence.
Her
cur
ren
t
rese
arc
h
dea
ls
with
Clou
d
Com
puti
ng.
She
has
publi
shed
13
pape
rs
in
Nati
ona
l
and
Int
ern
ational Conference
s
and
3
pap
ers
in
p
ee
r
-
r
evie
wed
Inte
rn
ationa
l
Journals.
Ramachan
dra
V
.
Pujeri
.
R
ece
ive
d
his
B
E
in
El
e
ct
roni
cs
and
Com
m
unic
at
io
n
Engi
ne
eri
ng
from
Karna
ta
k
a
Univer
sit
y
,
Dhar
wad,
ME
in
Co
m
pute
r
Scie
n
ce
and
Engg
from
PS
G
Coll
ege
of
Te
chno
log
y
,
Co
imbatore
,
Ph.D.
in
Inform
at
ion
and
Com
m
unic
ation
Engi
n
ee
r
i
ng
from
Anna
Univer
sit
y
,
Che
nnai
,
MBA
in
Hum
an
Resourc
e
Mana
g
ement,
from
Pondicherr
y
Univ
ersi
t
y
,
Pondiche
rr
y
,
in
1996,
2002,
200
7
and
2008
respe
ctively
.
He
is
a
ct
iv
e
li
f
e
m
ember
of
ISTE,
SS
I,
MIE,
ACS
and
IEE
.
He
h
as
writt
en
thr
ee
t
ext
bo
oks.
He
is
havi
n
g
aro
und
20
y
ears
of
te
ac
hing
expe
r
i
ence
in
th
e
var
ious
top
te
n
engi
nee
r
ing
col
l
ege
s
in
India
.
H
e
is
an
ac
ti
v
e
ex
per
t
comm
it
te
e
m
ember
of
AICTE,
NBA
,
DoE
ACC,
NA
CC
an
d
var
ious
Univ
e
rsiti
es
in
Indi
a.
Curre
ntly
,
und
er
him
te
n
rese
arc
h
schola
rs
pursuing
the
ir
Ph.D.
His
rese
arc
h
intere
st
s
li
e
in
the
areas
of
Com
pute
r
Networki
ng,
Op
era
t
ing
S
y
st
em,
Software
Eng
i
nee
ring
,
Softwa
re
Reliab
il
ity
,
Modell
ing
and
Sim
ula
ti
on,
Qua
li
t
y
of
Services
and
Data
Minin
g.
Curre
ntly
,
he
is
working
as
Dire
ct
or
.
MIT
Coll
ege of
Enginee
ring
,
Pune
,
Maha
rashtr
a
.
In
dia
In
diramma
M
.
,
re
ceive
d
B
E
i
n
Com
pute
r
Sc
ie
nc
e
and
Eng
i
nee
ring
from
PES
col
l
ege
of
Engi
ne
eri
ng,
Ma
nd
y
a
in
1988,
M
E
in
Com
pute
r
S
ci
en
ce
and
Enginee
ring
in
1999
and
PhD
fro
m
VTU,
Belagavi
in
2010.
She
is
havi
ng
30
y
e
ars
of
teac
hing
exp
eri
en
ce.
Her
r
ese
arc
h
a
re
as
ar
e
Cloud
Com
puti
ng,
Servi
ce
Or
ie
nt
ed
Grids,
Artifi
c
ia
l
Intelligence
and
Ma
chi
ne
Learni
n
g
Algorit
hm
s.
She
has
publi
shed
m
ore
tha
n
40
pu
bli
c
at
ions
in
Nat
iona
l
,
Int
ern
atio
nal
Journals
and
Confer
ences.
S
he
is
cur
ren
tly
working
as
a
Profess
or
and
Convene
r
-
IIIC
Depa
rtment
of
Com
pute
r
Science
and
Engi
n
ee
ring
BMS
Coll
eg
e
of
Enginee
ring
,
Bull
Te
m
ple
Roa
d
,
Basava
nagud
i, B
enga
luru
.
Evaluation Warning : The document was created with Spire.PDF for Python.