A cloud service provides a variety of convenience such as synchronizing data among devices for the users of various smart devices or securing a storage for insufficient space in the devices through cloud storage. However, since a cloud server is a ser...
A cloud service provides a variety of convenience such as synchronizing data among devices for the users of various smart devices or securing a storage for insufficient space in the devices through cloud storage. However, since a cloud server is a server operated by a third party, users are worried about security. If a user’s information by which the user can access the cloud is disclosed by an attacker, the attacker can check all the cloud data of the user. In addition, since incidents of the disclosure of personal information took place through the cloud hacking, the necessity of the encryption of the cloud service comes to the fore.
Data encryption in the cloud service may be a decisive factor for the delay of cloud speed. If a large volume of data is encrypted, using an existing block encryption algorithm, it takes much time, which causes inconvenience to the users. The partial encryption method to increase the speed of data encryption has a demerit that the encrypted data may be inferred due to the areas not encrypted.
In addition, the problem of key management is also important in the data encryption. No matter how high the security strength of the encryption algorithm may be, if the decoding key is disclosed, the encrypted data can be easily decoded. A public key algorithm uses a public key in data encryption and uses a private key in decrypting the encrypted data, so it is easy for key management. Since it is very important to secure the private key, it is necessary to pay attention to not being disclosed and to use caution when you have to copy the private key.
This study proposes a cloud-based data encryption system that can store the encrypted data in the cloud safely and fast so as to address these problems. In the proposed system, the client encrypts data before uploading them to the cloud, and the key used in the data encryption is uploaded to the key management server. At this time, for the data encryption, a partial encryption algorithm was proposed and applied, in which part of the data was encrypted, and the part not encrypted was transformed to XOR. The key used in the encryption was encrypted as the user's public key, and the decoding was prohibited without the user's private key. In addition, when the user using the proposed system with a new device, a multi-channel that uses TCP and BLE certifies the device and uses a method for safely copying the private key.
As a result of the implementation of the proposed system applying it to Google Drive, it was found that data uploaded to Google Drive were encrypted and could not be checked without decrypting. At this time, it was found that in the partial encryption algorithm used in the encryption, there was almost no delay in speed when applied to the cloud service, and the demerit of the existing partial encryption algorithm could be supplemented by transforming the areas of the part not encrypted. In addition, since the method of the private key copy using a multi-channel uses both TCP network and Bluetooth, it is safe from network sniffing attacks. Also, since it uses a public key-based ECC algorithm, it was found that the security strength improved very much as compared to the method of copying a certificate and a private key using the existing certification number.