Design of Efficient Algorithm for Secured Key

Exchange over Cloud Computing

Lata Gadhavi
(Assistant professor)
Department of Computer
Engineering
Safforny Institute of
Technology
Mehsana,Gujarat, India
lata.gadhvi@safforny.ac.in
Madhuri Bhavsar
(Associate Professor)
Department of Computer
Science and Engineering
Institute of Technology,
Nirma University
Ahmedabad, Gujarat,India
madhuri.bhavsar@nirmauni.ac.in
Monica Bhatnagar
(PG student)
Department of Computer
Science and Engineering
Institute of Technology,
Nirma University
Ahmedabad, Gujarat, India
13mcei11@nirmauni.ac.in
Shivani Vasoya
(PG student)
Department of Computer
Science and Engineering
Institute of Technology,
Nirma University,
Ahmedabad, Gujarat, India
14mcei30@nirmauni.ac.in

Abstract—Cloud computing framework is accepted by
most of the enterprises. It provides on-demand service,
broad network access, elasticity etc. But the usability of
these characteristic get obstructed by many security
challenges. As the cloud service user uploads their
confidential data over the cloud platform, it must be
transmitted in a secure way. For this, it should be
transmitted through a protected communication channel.
A practical solution to this is a Diffie-Hellman key
exchange algorithm. It is used to exchange the
cryptographical keys securely over the public channel. In
this paper, the extended version of the Diffie-Hellman
algorithm is suggested which can prevent the system
against Mim attack and plain-text attack. This algorithm is
oriented towards removing the extended version of Diffie-
Hellman algorithm. It uses one model based on arbitrary
numbers and logarithms. This is considered to provide
security improvement to the communication channel and
also countermeasure the attack. Also, a cloud based model
is presented for engineering educational domain. Above
algorithm is used in this architecture to provide more
security to the user data. This architecture attains various
security parameters such as confidentiality, data integrity
and individualization.
Keywords—Cloud Computing; Cryptographical key;
communication parties; Diffie–Hellman; MiM attack; Plain - text
attack.
I. INTRODUCTION
Cloud computing is an emerging technology in today's era.
It can be characterized as a vast arrangement of resources
offered to the client through the internet by cloud service
providers as per their requests. Cloud computing is generally
related with usage computing, different VM etc. It can be used
in educational field to provide all time access of the data files
to the students as well as professors. A cloud based model is
suggested for enginnering educational domain in which
professors can upload their research work, can share their
findings etc. And students can download the data files for their
study. This architecture supplies the above mentioned
_________________________________________________
This Research work is sponsored by Government of Gujarat,
Gujcost, Gandhinagar as a part of Minor Research Project
No-GUJCOST/MRP/2014-15/1276
facilities in SaaS(Software as a Service). Also, storage space is
given to users to upload their repository.
Cloud computing has many security challanges such as data
intigrity, unlicensed access, DoS etc. The traditional
cryptographic algorithms are used to prevent user's sensitive
data from data tempering and unauthorized access.
There are two type of cryptographic algorithms: Symmetric
Key algorithms and Asymmetric Key algorithms. In
symmetric key algorithms, same key is used for
encoding/decoding the data. While in Asymmetric Key
algorithms, different key is used. Now, to transmit the keys
securely, Diffie-Hellman key exchange algorithm is used. But
it is vulnerable to MiM attack and plain-text attack.
In this paper, an improved version of the Diffie–Hellman
key exchange algorithm is suggested. In this version, one
mathematical model is used and this model is based on
arbitrary numbers and logarithm, In addition, this algorithm
can prevent the user data from the MiM attack and plain-text
attack.
II. BACKGROUND
Cloud computing is accepted by most of the large enterprises
in last decade. CSP is providing a very huge storage
capabilities. All the enterprises store their data into cloud. Due
to this, security of the data is a big challenge for CSPs. CSP
need to protect the data from different active attacks and
unaccredited access .
In the paper [1], different challenges in the area of security
is considered. The most important challenges are poisonous
internal member of the cloud, vulnerable API, various,
VMM(Virtual Machine Manager) liability, seize the service
etc. Cryptography is acquired by the enterprises which are
more worried about data security[2]. Cryptography can fix the
discussed problems at some level.
The leading ideas considered in paper [3], are helpful to
remove multiple problems in the data security area.
A cloud with cryptographic capabilities is presented in [4].
It allows user to supply the confidential data on the public
cloud. It encrypts the data, use digital signature of the user and
make sure that no-one come to know about data location and

978-1-4673-8203-8/16/$31.00 2016
c IEEE 180
access rights. If data holder is changed, only cloud user decode
the data.
If there is any authorized outsider's data resides in the
cloud, it is liable to get security. Because of this facility, cloud
user can store the data at remote location. In the paper [5],
Diffie–Hellman key interchange procedure is proposed among
the CSP and the cloud member to distribute symmetric key.
This protocol resolves the issue of key dispensation and
maintenance. Two level authentication procedures are used in
this protocol[8,11].
In the paper [6], a negotiator basis individual authentication
representation is suggested to enlarge the reliability and
security of cloud user individuality management system. A
distinctive expansion is suggested to recognize the holder of
the personal gadget and to list the dependencies among the
cloud member and CSP.
In this paper, an improved Diffie–Hellman key exchange
algorithm is presented which uses arbitrary number to produce
distinct cipher text for similar plain-text[12]. In addition, it
applies logarithms on the distributed key with confidential
number. This number is used as a core value which
individualize the cloud member to the communicating party
and to make it secure against MiM attacks and plain-text
attacks[13,14].
A. MiM(Man-in-the-Middle) Attack
This is an active attack in which, the invader prevent the
message from continuing to the destination. Also, he can
modify the message by preventing himself as a one of the
communicating party.
8. If any intruder tries to make any change into user data
then one notification goes to the Admin.
9. Cloud user data are safe. As we are using security
algorithm for the security of user data.
10. Revised version of Diffie-Hellman algorithm is used
to secure the common key transportation in public
channel.
Here, Service Level Agreement (SLA)[7] is created as per
traditional way of creating SLAs. In this, different user roles
and their access rights are mentioned. One database server is
created to preserve the database of the user activity. When any
user comes to use the portal, his request first go across the
interface server[9]. SLA manager and Authentication manager
check the identity of the user and pass the request as per the
Resource Provisioning algorithm to the cloud server. We have
applied 3-way defense strategy as described below:
1. Use improved Diffie-Hellman algorithm to produce
the key for key exchange.
2. Use DES encryption algorithm to encrypt and decrypt
the data.
3. Compress and de-compress the data on the cloud
server.

B. Plaintext Attack
An invader has plain-text as well as encrypted text in this
type of attack. If the distributed key is a consistant key, the it
will generate the same decrypted text for the same plain-text.
This information is used by an invader to get the relationship
between the plain-text and encrypted text.

III. PROPOSED ARCHITECTURE MODEL

A cloud framework [Fig. 1] is suggested for an educational
domain especially for engineers. It is used by the faculties to
share their research work and ideas and to access the IT
resource as per their convenience. It provides following
services:
1. Professors can upload and share their research work,
different applications.
2. Professors can control their data and publish it. Fig. 1 Proposed Architecture Model
To give secure computing environment and to avoid data
3. A huge amount of storage ability
alteration, above steps are followed. For this, two different
4. Centralized access and individualization servers are there to reach our goal. First server is used for
encryption and the second server is used for storage purpose.
5. Single sign-on service Different Data centers are used to store the response which is
6. Students can download the needed research data. given by the cloud server as shown in the Fig 1.
7. Many technical specialist come together into one
common platform

2016 6th International Conference - Cloud System and Big Data Engineering (Confluence) 181
 IV. WORKFLOW OF THE SYSTEM
The sequence of the activities for the above architecture is
displayed in following figures(Fig 2 and Fig 3). In addition,
Pseudo code is given in Fig 4.
1. User visit the portal which is encoded by applying
SSL Encryption.
2. User get 'Read Only' access permission initially. Also,
user can get write access if he/she get himself/herself
registered in the cloud using the portal.
3. CSP individualized the cloud user and redirected him
to the interface server. Access rights and storage
capacity is examined as per the SLA.
4. Once user is logged in, there are two options
available. One is for Data handling and second one is
for Getting Virtual Machine.
7. One Common key is generated by improved Diffie-
Hellman algorithm and it is used for safe
communication between two parties.
8. A trustful computing platform is given to encrypt user
data using common key between them.
9. We use compression technique to store the decrypted
data on to the cloud server. It use less storage space
on the server.
10. Only decoded data is stored on the cloud server.
11. When user requests for the file then it will be
downloaded from the cloud server.
12. Priorer to this, decompression of the file is done and
then DES algorithm is used to decode the file so that
user can access the same.
13. We keep another server for backup purpose. Due to
this we can achieve fault tolerance.
14. When user request for logout, VM shutoff and one
alert is sent to the server to end the session.
15. CSP produce the cost statement according to SLA.

V. EXISTING DIFFIE-HELLMAN KEY EXCHANGE

ALGORITHM
Whitefield Diffie and Hellman suggested one solution for
the secured key exchange in 1976. It allows two
communicating parties to exchange the keys securely. These
keys are used to encode subsequent communications. Its
efficiency depends on the difficulty of evaluating discrete
logarithms [10].
In the proposed solution, two publicly known numbers are
used- a prime number 'q' and a primitive root 'n' such that n <
q. As 'n' is a primitive root of 'q' then the numbers n mod q, n^2
mod q, …., n^x mod q will produce all numbers from 1 to q-1.

Algorithm
Let Alice and Bob be two communicating parties:
1. Both can agree on two public elements which are
mentioned above.
2. Alice selects her private key as 'x' where x < q and
calculate public key as A= n^x mod q.
3. Bob selects his private key as 'y' where y < q and
calculate public key as B= n^y mod q.

Fig. 2 System Workflow-1

5. New users don't get the first option which is data

handling. This option is available only for the
registered user who are redirected to cloud
infrastructure. Also, user can share the data files by
using this infrastructure.
6. User will be redirected to the openstack if he/she
choose second(Getting VM) option.

182 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence)
 3. Now, they both are having the same secret key. They
select the arbitrary numbers ’t’ and 's' such that 0 < t,s
<q.
4. Another public key is produced by applying logarithm
on the keys and having one secret number 'm' as a
base of the logarithm. The value of the 'm' is known
by both the parties.
5. Then another public key for Alice is calculated as C =
logm(t,K1).
6. Similarly public key for Bob is calculated as D =
logm(t,K2).
7. Both exchange the key which will be considered in
further encryption of the messages.
The pseudo code is described in the following Fig.4.

Fig. 3 System Workflow-2

4. Both parties shared the public keys A and B with each

other.
5. Alice calculates the secret key as K1 = B^x mod q and
Bob does the same as K2 = A^y mod q.
6. Both are having the same secret key now, which will
be used in further communication.
Both parties can calculate the same secret key as they are the
only one who knows the numbers n and q. This algorithm is
vulnerable to MiM attack as they don't have any mechanism to
authenticate the parties. Also, the keys remain same for the
session so it will result into the same decrypted text for the
plain-text. By using this information an invader can find the
relationship between the plain-text and cipher text.

VI. REVISED DIFFIE-HELLMAN KEY EXCHANGE

ALGORITHM
To protect the key from the above attacks, we revised the
Diffie-Hellman key exchange algorithm as follows:
1. In this also, we are using the core Diffie-hellman
algorithm followed by the arbitrary numbers for more
security.
Fig. 4 Pseudo code for the Algorithm
2. 5 steps are same as the existing Diffie-Hellman key
exchange algorithm. Fig.5 and Fig.6 shows the flow and pseudo code of revised
Diffie-hellman key exchange algorithm respectively.

2016 6th International Conference - Cloud System and Big Data Engineering (Confluence) 183

Fig. 5 Revised Diffie-Hellman Key Exchange Algorithm
Fig. 6 Pseudo Code of the revised diffie-hellman algorithm
A. Removal of MiM attack
A secret number 'm' is used as a base of the logarithm by
the communicating parties. If an invader tried to get the key, it
184 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence)
is difficult to get the same base. Users are authenticated by
using this number as it is known only by the parties. It prevents
an algorithm from MiM attack.
B. Removal of Plain-text attack
An arbitrary element is considered in key exchange protocol
which produces dissimilar cipher text for the same plain-text.
The same chunk of text is encrypted using different keys each
time. As a result different cipher text is produced for the same
plain-text. If an invader gets the message, he won't be able to
know the actual text [2].
VII. ANALYSIS OF PROPOSED ALGORITHM
The study of the presented algorithm is based on different
security factors like confidentiality, authentication and integrity
of data.
A. Confidentiality:
Data is encoded, when user upload it, by applying the same
keys. These keys are produced by revised Diffie-Hellman key
exchange algorithm. Because of this, Confidentiality of the
data is protected by storing the keys. These keys are known
only to the data owner. This make the data more confidential as
CSP can't get the access of the data.
B. Authentication:
The logarithmic value is computed for the common secret
key using the base value 'm'. It is available for both the parties
and it ensures individualization. If an attacker attempts to
communicate in between, the value of 'm' won't be same
compulsorily.
C. Integrity:
Data Integrity is achieved by the various encryption techniques
which are utilizing the same key generated by the algorithm. It
will make sure that data is secure over the cloud platform.
VIII. IMPLEMENTATION
A test bed is developed for cloud domain using Openstack
as a Front-end and KVM hypervisor as displayed in following
figure.Cloud server and client server both are setup on the
device in which java Remote Method Invocation(RMI) method
is used. Java VM running on various host invoke Remote Java
Objects using RMI procedures. Implementation is showe in
Figures listed at the end of the paper. It shows the key
exchange between the user and cloud server. The available
resources scenario of cloud is shown in the Fig.7.

Fig. 7 Overview of cloud
Fig. 8 Login page for the Proposed Architecture
Fig. 9 User Profile
User Interface is designed for the suggested architecture.
Another page is creates so that user get his/her profile
information, list of documents he/she can read etc. By clicking
th 'Upload Document' button, user can upload the data. This
data file is reflected in the document list later on .Process of
user in the web page is shown in the Fig.8 and Fig.9.
The following figure Fig.10 displays the available no of cores
in the system and its usage.
2016 6th International Conference - Cloud System and Big Data Engineering (Confluence)
Fig. 10 Number of the cores in the System
IX. CONCLUSION
Cloud Computing is accepted more and more by larger
enterprises now-a-days. It provides on-demand service, broad
network access, elasticity along with a huge storage capacity.
A cloud model is suggested for engineering educational
domain. It gives facilities to the faculties and students to
upload/download the research work and to share their findings.
Cloud Computing has many security issues in terms of
confidentiality, data intigrity, individualization. There is a
requirement for effective and systematic algorithms which can
be used to provide more security to the cloud data. Diifie-
Hellman algorithm is generally used in key exchance procedure
over the vulnerable channel. We tried to give more security by
considering the arbitary element in the common key. It is
unique for each message that will be encoded. By using this,
plain-text attack can be minimized This reduces the plaintext
attack and MiM attack in Diffie – Hellman algorithm. But to
design 100% secure key exchange algorithm is not easier.
There is a chance that secret number chosen by intruder can be
same as ‘m’. Then there is some chances of Man-in-the-Middle
attack in it. Presented algorithm considers a simple
mathematical approache which is straightforward and easy to
implement. Confidentiality, data intigrity, individualization is
achieved by applying this algorithm.
ACKNOWLEDGMENT
This research work is supported by Gujarat Council on
Science and Technology, Department Of Science and
Technology, Government of Gujarat, Gandhinagar as a part of
Minor Research Project No-GUJCOST/MRP/2014-15/1276.
REFERENCES
[1] Rashmi Nigoti, Manoj Jhuria and Dr.Shailendra Singh, “ A Survey of
Cryptographic Algorithms for Cloud Computing” International Journal
of Emerging Technologies in Computational and Applied Sciences,4(2),
March-May 2013, pp.141-146
[2] Sakthi Nathiarasan A and Yuvaraj K, “Secure Key Exchange Algorithm
– Mathematical Approach” International Journal of Advanced Research
in Computer Science and Software Engineering 3(6), June - 2013, pp.
549-552
[3] Ramgovind S, Eloff MM and Smith E, “The Management of Security in
Cloud Computing” IEEE Conference on Information Security for South
Africa (ISSA), 2010
[4] Manpreet Kaur and Rajbir Singh, “Implementing Encryption Algorithms
to Enhance Data Security of Cloud in Cloud Computing” International
Journal of Computer Applications (0975 – 8887) Vol. 70, No.18, May
2013.
[5] D.H. Patil, Rakesh R. Bhavsar and Akshay S. Thorve, “Data Security
Over Cloud” International Journal of Computer Applications Emerging
Trends in Computer Science and Information Technology -
2012(ETCSIT2012).
185
[6] Faraz Fatemi Moghaddam, Nasrin Khanezaei, Sina Manavi, Mohammad
Eslami and Alireza Samar, “UAA: User Authentication Agent for
Managing User Identities in Cloud Computing Environments,” 5th IEEE
Conference Control and System Graduate Research Colloquium
(ICSGRC-2014), pp. 208-212.
[7] Palivela Hemant, Nitin.P.Chawande, Avinash Sonule and Hemant Wani,
“Development of Servers in Cloud Computing to Solve Issues Relates to
Security and Backup,” IEEE conference on Cloud Computing and
Intelligence Systems (CCIS-2011), pp. 158-163.
[8] P. Varalakshmi and Hamsavardhini Deventhiran, “Integrity Checking
for Cloud Environment Using Encryption Algorithm,” IEEE Conference
on Recent Trends in Information Technology (ICRTIT-2012), pp. 228–
232.
[9] Xuexue Jin, Lingbo Wei, Mengke Yu, Nenghai Yu and Jinyuan Sun,
“Anonymous Deduplication of Encrypted Data with Proof of Ownership
in Cloud Storage,” 2nd IEEE/CIC International Conference on
Communications in China (ICCC-2013), pp. 224-229.
[10] Fei Hu, Meikang Qiu, Jiayin Li, Travis Grant, Draw Tylor, Seth
McCaleb, Lee Butler and Richard Hamner, “A Review on Cloud
Computing: Design Challenges in Architecture and Security,” Journal of
Computing and Information Technology - CIT 19, 2011, 1, pp. 25–55.
[11] Feng Zhao, Chao Li, and Chun Feng Liu, “A Cloud Computing Security
Solution based on Fully Homomorphic Encryption,” 16th IEEE
International Conference on Advanced Communication Technology
(ICACT-2014), pp. 485-488.
[12] Navpreet Kaur and Ritu Nagpal, “Authenticated Diffie-Hellman Key
Exchange Algorithm” International Journal of Computer Science and
Information Technologies, Vol. 5 (4) , 2014, pp. 5404-5407
[13] Parth Sehgal, Nikita Agarwal, Sreejita Dutta and P.M.Durai Raj
Vincent, “Modification of Diffie-Hellman Algorithm to Provide More
Secure Key Exchange” International Journal of Engineering and
Technology (IJET), Vol 5, No. 3, Jun-Jul 2013.
[14] Malek Jakob Kakish, “Security Improvements to the Diffie-Hellman
Schemes,” International Journal of Research and Reviews in Applied
Sciences (IJRRAS), Vol. 8, July-2011.

Fig. 11- Public and Private Keys Generated by Server and Client

Fig. 12 Exchange of Secret Keys Between Server and Client

186 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence)
 Fig. 12 Further Exchange of Keys Between Server and Client

2016 6th International Conference - Cloud System and Big Data Engineering (Confluence) 187