incremental proxy re-encryption scheme for mobile cloud computing environment
TRANSCRIPT
J SupercomputDOI 10.1007/s11227-013-1055-z
Incremental proxy re-encryption scheme for mobilecloud computing environment
Abdul Nasir Khan · M. L. Mat Kiah · Sajjad A. Madani ·Mazhar Ali · Atta ur Rehman Khan · Shahaboddin Shamshirband
© Springer Science+Business Media New York 2013
Abstract Due to the limited computational capability of mobile devices, the researchorganization and academia are working on computationally secure schemes that havecapability for offloading the computational intensive data access operations on thecloud/trusted entity for execution. Most of the existing security schemes, such asproxy re-encryption, manager-based re-encryption, and cloud-based re-encryption,are based on El-Gamal cryptosystem for offloading the computational intensive dataaccess operation on the cloud/trusted entity. However, the resource hungry pairing-based cryptographic operations, such as encryption and decryption, are executed usingthe limited computational power of mobile device. Similarly, if the data owner wantsto modify the encrypted file uploaded on the cloud storage, after modification the dataowner must encrypt and upload the entire file on the cloud storage without consider-
A. N. Khan (B) · M. L. M. Kiah · A. R. Khan · S. ShamshirbandFaculty of Computer Science and Information Technology, University of Malaya,Kuala Lumpur, Malaysiae-mail: [email protected]
M. L. M. Kiahe-mail: [email protected]
A. R. Khane-mail: [email protected]
S. Shamshirbande-mail: [email protected]
S. A. MadaniDepartment of Computer Science, COMSATS Institute of Information Technology, Islamabad, Pakistane-mail: [email protected]
M. AliDepartment of Electrical and Computer Engineering, North Dakota State University, Fargo, USAe-mail: [email protected]
123
A. N. Khan et al.
ing the altered portion(s) of the file. In this paper, we have proposed an incrementalversion of proxy re-encryption scheme for improving the file modification operationand compared with the original version of the proxy re-encryption scheme on the basisof turnaround time, energy consumption, CPU utilization, and memory consumptionwhile executing the security operations on mobile device. The incremental versionof proxy re-encryption scheme shows significant improvement in results while per-forming file modification operations using limited processing capability of mobiledevices.
Keywords Cloud computing · Mobile cloud computing · Security · Privacy
1 Introduction
Cloud computing is an emerging computing paradigm that introduces an innovativemethod of computing by offering various elastic computational services in pay-as-you-go manner [1–3]. To meet the computational requirement of the cloud subscribers,the cloud services can be upgraded and downgraded at runtime with negligible timeperiod and without purchasing new hardware resources [4–8]. Similarly, the utilizationof the cloud services on resource constraint mobile devices introduces new computingparadigm known as mobile cloud computing. The objectives of the utilization of thecloud services on resource constraint mobile device are: (a) to increase the processingand storage capabilities of the mobile device, (b) to reduce the energy consumption,and (c) to improve the reliability of the mobile user data and applications [9] throughcloud backup services [10,11]. The architecture of the mobile cloud computing isshown in Fig. 1. A lightweight cloud client application is installed on the mobiledevice that communicates with the cloud controller using mobile network services,such as wireless (Wi-Fi, Wi-Max), cellular (3G or 4G), or satellite internet connectivity,for accessing the cloud services.
ABI Research and Juniper Research reports forecast that the adoption of mobilecloud computing subscribers [12] and cloud-based mobile applications [13] is dramat-ically increasing. However, the international data corporation has conducted a survey[14] from various business organizations to investigate the top most challenges thatneed urgent attention for maintaining the consistent growth of the cloud subscribers.According to survey results, almost 74 % of business organizations are not in the favorof adoption of the cloud services due to security and privacy risk involved. The researchorganizations and academia are actively working on computationally secure schemesfor protecting the data on the cloud storage. However, the resource limitation of mobiledevices is an obstacle for executing the computational intensive operations involvedin computationally secure schemes. Therefore, there is a need of the security schemesthat provides security services with minimum processing, storage, and communicationoverhead on mobile device. By keeping in view the resource limitation of the mobiledevice, this paper introduces an Incremental Proxy Re-encryption Scheme (I-PReS)that provides confidential and integrity services and improves the file modificationoperation in terms of turnaround time, energy consumption, CPU usage, and memoryutilization on the mobile device without compromising the privacy of mobile users.
123
Incremental proxy re-encryption scheme
Fig. 1 Architecture of mobile cloud computing environment
The rest of the paper is organized as follows. Section 2 presents the related work forsecuring the mobile cloud computing environment. In Sect. 3, we define the proposedincremental proxy re-encryption scheme. The comprehensive empirical analysis alongwith some critical remarks is discussed in Sect. 4. Section 5 concludes our work andaddresses future research directions.
2 Existing security schemes for mobile users in cloud environment
To improve the processing capability of mobile devices, the existing literature focuseson the migration of computational intensive portion(s) of an application on the cloud.The migration of computational intensive portion(s) of an application from resourceconstraint mobile device to resource enrich cloud improves the processing capabilityof the mobile device, however there is a need to address the security and privacy issuesthat are arisen due to the migration of the portion(s) of application. A number of suchsecurity issues are identified and addressed in [14–22]. Similarly, the mobile user canstore enormous amount of data using cloud storage services; however there is a needto address the security issues that are formed due to loss of physical control of themobile user’s data. Few of the issues related to the security and privacy of the mobileuser data are identified and addressed in [23–29]. The focus of this paper is on the datasecurity issues; therefore we will limit our discussion only on the security issues thatare arisen due to migration of the mobile user’s data on the cloud storage. Interestedreaders may refer [1] to see the security issues that are occurred due to migration ofapplication or portion(s) of application on the cloud for execution. The classification
123
A. N. Khan et al.
Security Schemes (20)
Data Security Schemes (10)
Remote Execu�on (7)
Trusted En��es (3) [28, 29, 25]
Cloud and Trusted
En��es (2) [26, 29]
Cloud (2)[27, ,30]
Local Execu�on (3)
Encryp�on Based Scheme
(1) [24]
Coding Based Scheme
(1) [24]
Sharing Based Scheme
(1) [24]
Applica�on Security Schemes (10)
Security of Applica�on Models
(1)
Elas�c Mobile Applica�on model (1) [15, 23]
Mobile Applica�ons Security (9)
MobiCloud (2) [19, 20]
Loca�on-based Services
(2) [17, 21]
Scheduling Services (3)
[22]
Authen�ca�on In cloud (2)
[18, 16]
Fig. 2 Classification of the security schemes for the mobile cloud computing
of the existing security schemes for mobile cloud computing environment is presentedin Fig. 2.
The authors in [23] proposed three privacy preserving schemes for ensuring con-fidentiality and integrity of the mobile users data while using the cloud storage ser-vices. The focus of the schemes presented in [23] is to reduce the computationalcomplexity of cryptographic algorithm and execute entire security operations usingthe computational power of mobile device. The first scheme called encryption-basedscheme uses the standard cryptographic functions for providing the confidentialityservices. The second scheme called coding-based scheme uses comparatively light-weight operation (matrices multiplication) as compared to encryption-based schemefor providing the confidential services. The third scheme called sharing-based schemeuses the XOR operations for providing the lightweight confidentiality services as com-pared to encryption-based scheme and coding-based scheme. However, reduction inthe computational complexity of cryptographic algorithm somehow compromises theprivacy of mobile users. Hsueh et al. [24] proposed a framework for secure cloudstorage service for the mobile users. The proposed framework uses the standard cryp-tographic function, digital signatures, and cryptographic hash function for providingconfidential, authentication, and integrity services for the mobile user in cloud environ-ment. However, the proposed framework overlooked resource limitation of the mobiledevice. The entire security operations, such as execution of encryption, decryption,integrity verification, and digital signature generation, are executed using the limitedcomputational power of the mobile device.
In 1998, the authors in [30] introduced an atomic re-encryption scheme based onEl-Gamal cryptosystem [31] in which the idea of re-encryption was introduced. In re-encryption, the ciphertext encrypted with user ‘A’ public key can be transformed into aciphertext encrypted with ‘B’ public key without ever learning the plaintext. Therefore,most of the existing security schemes based on [30] can offload the data access oper-ation on trusted entity called proxy/manager or cloud. For mobile cloud computingenvironment, Jia et al. [26] and Zhou et al. [29] proposed data security schemes basedon the concept of re-encryption for offloading the data access operation on cloud with-out revealing the data content and security keys. Similarly, the authors in [27] proposeda scheme for securing the cloud storage services for the mobile users by offloadingthe computational intensive data access operation on the trusted-third party using the
123
Incremental proxy re-encryption scheme
concept of proxy re-encryption. Furthermore, the authors in [28] proposed manager-based re-encryption and cloud-based re-encryption schemes for securing the data parti-tion on cloud storage with minimum processing overhead on the mobile device. There-fore, proxy re-encryption is very useful for offloading the computational intensive dataaccess operations on cloud/third-party in mobile cloud computing environment.
To the best of our knowledge, so far there is only one security scheme discussed in[25] which uses the concept of incremental cryptographic specifically for the mobilecloud computing environment. The authors in [25] proposed a lightweight frameworkfor ensuring the integrity of the mobile user’s data uploaded on the cloud storage usingthe incremental cryptographic concept [32–34]. To make the framework suitable forthe mobile device, most of the integrity verification jobs are offloaded on trusted entityand cloud. However, the security of the mobile user’s data is overlooked in the proposedframework. In this paper, we have defined the proxy re-encryption scheme which isbased on atomic re-encryption scheme [30]. Moreover, we introduced an incrementalversion of the proxy re-encryption scheme for improving the file modification opera-tion while providing the confidentiality services using the concept of the incrementalcryptographic discussed in [25].
In proxy re-encryption scheme, a trusted entity called proxy provides re-encryptionservices to the associated users. The main operations involved in the proxy re-encryption scheme can be defined as:
Setup: The proxy re-encryption scheme works on two groups G1and G2 of primeorder q with a bilinear map e : G1 × G1 → G2 having the properties of bilinearity,computability, and non-degeneracy [35]. The system parameters, such as g ∈ G1 andZ = e (g, g) ∈ G2 are randomly generated that are used for encryption, decryption,and re-encryption of the message.
Key generation: In key generation phase, the proxy generates and disseminates publicand private keys information to each authorized user of the data partition on the cloudstorage using the following procedure:
SKi = xi P Ki = gxi xi ∈ Z∗q (1)
Encryption: Let say user ‘A’ wants to upload message M on the data partition ofcloud. The user ‘A’ generates random number r ∈ Z∗
q and encrypts the message usingthe personal private key as shown below:
CA = gxAr , C = M. Zr (2)
Re-encryption: If mobile user ‘B’ wants to download the uploaded file of mobile user‘A’, the mobile user ‘B’ requests trusted entity called proxy for re-encryption. Thetrusted entity checks the access control list to verify the access rights of the mobileuser ‘B’. If mobile user ‘B’ has access right for the requested file, the trusted entitydownloads and re-encrypts the uploaded message using the ‘CA’ as shown below:
CB = e
(gxAr , g
xBx A
)= e (g, g)r xB = Zr xB , C = M. Zr (3)
123
A. N. Khan et al.
The trusted entity transfers re-encrypted message (C, CB) to the mobile user ‘B’ fordecryption of the message.
Decryption: The mobile user ‘B’ decrypts the message using the ‘CB’ and personalprivate key as shown below:
(Z xBr ) 1
xB = (Z)r xB∗
(1
xB
)= Zr (4)
M =(
M. Zr
Zr
)(5)
Although aforementioned re-encryption schemes offload the computationally inten-sive data access operations on the cloud; however mobile user has to perform compu-tationally intensive encryption and decryption operation. In case of file modificationon the cloud storage, the data owner needs to encrypt and upload the modified file onthe cloud storage without considering the updated portion of the file.
3 Incremental proxy re-encryption scheme for mobile cloud computingenvironment
The proposed scheme uses the concept of incremental cryptographic covered in [25]for improving the file modification operations of proxy re-encryption scheme in termsof communication and processing overhead on mobile device. The system model ofproposed scheme is shown in Fig. 3.
The incremental proxy re-encryption scheme can be defined as:
Setup: The proposed scheme works on two groups G1and G2 of prime order q with abilinear map e : G1 × G1 → G2 having the properties of bilinearity, computability, andnon-degeneracy [35]. The system parameters, such as g ∈ G1 and Z = e (g, g) ∈ G2are randomly generated that are used for encryption, decryption, and re-encryption ofthe message.
Key generation: In key generation phase, the trusted entity called proxy generates keypair for each authorized group member of the data partition ‘P’ on the cloud storageusing the following procedure:
SKi = xi P Ki = gxi xi ∈ Z∗q (6)
where the private key (xi ∈ Z∗q) for i th group member is selected randomly and
securely disseminated to each authorized group member of the data partition on thecloud.
Encryption: Let say mobile user ‘A’ wants to upload file F on the data partition ofcloud. To achieve the confidentiality, mobile user splits the file F into d blocks; eachblock has t chunks of equal size except last part (depending on the file size and numberof blocks). The division of the file F should satisfy the following three equalities:
F = ||di=1 (Bi ) (7)
123
Incremental proxy re-encryption scheme
Fig
.3Sy
stem
mod
elof
incr
emen
talp
roxy
re-e
ncry
ptio
nsc
hem
efo
rm
obile
clou
dco
mpu
ting
envi
ronm
ent
123
A. N. Khan et al.
BS j = �
(FS
d
), where 1 ≤ j ≤ (d − 1) (8)
BSd = FS −(
�
(FS
d
)× (d − 1)
)(9)
where FS denotes the size of file F , Bi represents the i th block of file F , BS j representsthe j th block size of file F, and � is the representation of mathematical floor functionto remove the fraction part. To encrypt each block (Bi ∈ G2), the mobile user ‘A’generates random number r ∈ Z∗
q and encrypts the message using the personal privatekey as shown below:
CA = gxAr Ci = Bi . Zr where 1 ≤ i ≤ d (10)
C = ||di=1(Ci ) where 1 ≤ i ≤ d (11)
Similarly, the message authentication code for each block of F is generated using cryp-tographic hash function. Subsequently, the generated message authentication codesare concatenated and cryptographic hash function is applied to get the final messageauthentication code for verifying the integrity of the uploaded file using the followingprocedure.
MACi = HSH A−2 (Bi ) where 1 ≤ i ≤ d (12)
MACfinal = HSH A−2
(||di=1(MACi )
)where 1 ≤ i ≤ d (13)
File name along with total number of blocks represented with ‘d’ for that file is storedon local storage of mobile device. The encrypted file (C, CA), message authenticationcode for each block (MACi ), the value of ‘d’, and final message authentication code(MACfinal) are uploaded on the data partition of cloud. Mobile user keeps the infor-mation of file name and total number of blocks for each uploaded file on local storageof mobile device.
Re-encryption: If mobile user ‘B’ wants to download the uploaded file of mobile user‘A’, the mobile user ‘B’ requests trusted entity called proxy for re-encryption. Thetrusted entity checks the access control list to verify the access rights of the mobileuser ‘B’. If mobile user ‘B’ has access right for the requested file, the trusted entitydownloads and re-encrypts the uploaded message using the ‘CA’ as shown below:
CB = e
(gxAr , g
xBx A
)= e(g, g)r xB = Zr xB , Ci = Bi . Zr (14)
The trusted entity transfers the re-encrypted message (C, CB), MACfinal, and the valueof ‘d’ to the mobile user ‘B’ for decryption and integrity verification.
Decryption: The mobile user ‘B’ decrypts the message using the ‘CB’ and personalprivate key as shown below:
(Z xBr ) 1
xB = (Z)r xB∗ 1
xB = Zr (15)
123
Incremental proxy re-encryption scheme
Bi =(
Bi . Zr
Zr
)where 1 ≤ i ≤ d (16)
The mobile user ‘B’ performs the concatenation operations to get the original file andverifies the integrity of downloaded file using the following procedure:
F = ||di=1(Bi ) where 1 ≤ i ≤ d (17)
MACi = HSH A−2(Bi ) where 1 ≤ i ≤ d (18)
MACfinal = HSH A−2
(||di=1(MACi )
)where 1 ≤ i ≤ d (19)
The integrity of the file can be confirmed by comparing the calculated final MACwith the downloaded final MAC. The same value of final MACs confirms the integrityof the downloaded file.
The block modification operations for the proposed scheme can be categorizedinto (a) block(s) insertion operation, (b) block(s) deletion operation, and (c) block(s)modification operation. Here, we assumed that the data owner performs completeblock modification operations that can be defined as:
3.1 Block insertion operations
Let say the mobile user ‘A’ (data owner) wants to insert the dinsert new blocks repre-sented with (Binsert) in the uploaded file. The mobile user downloads encrypted file (C ,CA), and message authentication code of each block (MACi ) from the cloud storage.The value of CA is used for the encryption of the new blocks as shown below:(
CA, g1
x A
)=
(gxAr , g
1x A
)= (g, g)
xAr∗ 1x A = Zr (20)
Cinserti = Binserti . Zr where 1 ≤ i ≤ dinsert (21)
Afterwards, the mobile user updates the message authentication codes for newinserted blocks and final MESSAGE authentication code using the following proce-dure:
MACinserti = HSH A−2(Binserti ) where 1 ≤ i ≤ dinsert (22)
MACfinal = HSH A−2(|| loci=1MACi || dinsert
j=1 MACinsert j || dk=loc+1MACk) (23)
‘loc’ is the representation of a location where mobile user wants to insert new block(s).The mobile user ‘A’ sends the update request to cloud service provider along with theupdated message authentication codes for each new block (MACinsert), final messageauthentication code (MACfinal), location information (loc),and new encrypted blocksCinsert. The cloud service provider inserts the block(s) into the corresponding file andupdates the message authentication codes using the following procedure:
MAC = || loci=1MACi || dinsert
j=1 MACinsert j || dk=loc+1MACk (24)
C = || loci=1Ci || dinsert
j=1 Cinsert j || dk=loc+1Ck (25)
123
A. N. Khan et al.
The value of final message authentication code is also updated on cloud storage andthe value of d is updated on the cloud and mobile device as d = d + dinsert for thecorresponding file. The block(s) insertion operation can be performed at multiplelocations of the uploaded file as shown in the Algorithm 1.
3.2 Block deletion operations
Let the mobile user ‘A’ (data owner) wants to delete ddelete existing block(s) at location‘loc’ in the uploaded file. The mobile user downloads the message authenticationcode of each block (MACi ) of the corresponding file from the cloud storage. Fordeletion of the block(s) from the uploaded file, the mobile user updates the finalmessage authentication code by performing the cryptographic hash function on theconcatenation of the hash value of the remaining blocks as shown below:
MACfinal = HSH A−2
(|| loc
i=1MACi || dk=loc+1+ddelete
MACk
)(26)
The mobile user ‘A’ sends the delete request to cloud service provider along with theupdated final message authentication codes, location information (loc), and number
123
Incremental proxy re-encryption scheme
of blocks information (ddelete) that mobile user wants to delete. The cloud serviceprovider deletes the block(s) into the corresponding file and updates the messageauthentication codes using the following procedure:
MAC = || loci=1MACi || d
k=loc+1+ddeleteMACk (27)
C = || loci=1Ci ||| d
k=loc+1+ddeleteCk (28)
The value of final message authentication code is also updated on cloud storage, andthe value of d is updated on the cloud and mobile device as d = d - d delete forthe corresponding file. Similarly, the block(s) deletion operation can be performed atmultiple locations of the uploaded file as shown in the Algorithm 2.
3.3 Block modification operations
Let the mobile user ‘A’ (data owner) wants to update dmodify blocks represented with(Bmodify) in the uploaded file. The mobile user downloads encrypted file (C , CA) andmessage authentication code of each block (MACi ) from the cloud storage. The valueof downloaded CA is used for encryption of the updated blocks as shown below:(
CA, g1
x A
)=
(gxAr , g
1x A
)= (g, g)
xAr∗ 1x A = Zr (29)
Cmodifyi= Bmodifyi
. Zr where 1 ≤ i ≤ dmodify (30)
Afterwards, the mobile user updates the message authentication codes for updatedblocks and final message authentication code using the following procedure:
123
A. N. Khan et al.
MACmodifyi= HSH A−2(Bmodifyi
) where 1 ≤ i ≤ dmodify (31)
MACfinal = HSH A−2
(|| loc
i=1MACi || dmodifyj=1 MACupdate j
|| dk=loc+1MACk
)(32)
‘loc’ is the representation of a location where mobile user wants to update block(s).The mobile user ‘A’ sends the update request to cloud service provider along withthe updated message authentication codes for each update block (MACmodify), finalmessage authentication code (MACfinal), location information (loc), updated encryptedblocks Cupdate, and total number of updated block(s) (dmodify). The cloud servicesprovider updates the block(s) and message authentication codes using the followingprocedure:
MAC = || loci=1MACi || dmodify
j=1 MACmodify j|| d
k=loc+1MACk (33)
C = || loci=1Ci || dmodify
j=1 Cmodify j|| d
k=loc+1Ck (34)
The value of final message authentication code is also updated on cloud storage, andthe value of d remains same on cloud and mobile device for the corresponding file.Likewise, the block(s) modification operation can be performed at multiple locationsof the uploaded file as shown in the Algorithm 3.
123
Incremental proxy re-encryption scheme
By analyzing the working of PReS and I-PReS, this can be concluded that theinvolvement of the additional file partitioning operations and cryptographic hash func-tions in I-PReS increases the resource utilization and response time on mobile device ascompared to the PReS, however the encryption procedure adopted in I-PReS improvesthe response time and resource utilization on mobile device while performing the blockmodification operations on the uploaded files.
4 Results and discussion
The schemes are evaluated on the basis of turnaround time in seconds, energy con-sumption in percentage, CPU utilization in percentage, and memory consumptionin kilobytes on the mobile device while performing encryption, decryption, block(s)insertion, block(s) deletion, and block(s) modification operations on the dataset givenin Table 1. For the development of the cloud client application, we have used androidSDK that provides the library and tools for development, testing, and debugging ofthe mobile application. The cloud client application is deployed on Sony Xperia Ssmartphone having the specification given in Table 2. A single front-end web instantof class F4 is hosted on Google App Engine (GAE) having 2.4 GHz processing and512 MB RAM capabilities [36]. The cloud client application communicates with theweb instant hosted on GAE for Google Cloud Storage [8] services. Moreover, thecloud client application uses http post method to request the hosted web instant forthe file modification stored on Google Cloud Storage.
The cloud client application uses the java Pairing Based Cryptography library(jPBL) [30,37] for encryption of the files. Type A pairing is construed on curvey2 = x3 + x on a prime field Fq for a prime number q of 512 bits. Maximum 64 bytes
Table 1 Dataset used for theexperiments
No. File size in bytes Total files Total operations
1 51,200 50 40,000
2 102,400 50 80,000
3 153,600 50 120,000
4 204,800 50 160,000
5 256,000 50 200,000
Table 2 Hardware specificationof Sony Xperia S smartphone
Sony Xperia S
CPU Dual-core 1.5 GHz
RAM 1 GB
Storage 32 GB
OS Android OS v4.0.4
Mobile application development toolkit Android SDK
Battery 1750 mAh
Internet connectivity Wi-Fi
123
A. N. Khan et al.
data block can be encrypted at any given time due to the size of prime field Fq . There-fore, total number of multiplication operations (B.Zr ) during encryption and divisionoperation ((B.Zr )/Zr ) during decryption can be calculated and given in Table 1.To ensure the integrity of the uploaded file on cloud storage, the cryptographic hashfunction SHA-2 is used. Each experiment has been repeated ten times under the samesystem configuration and the average results are presented in the graphs and tables.
Experiment I: Turnaround time and energy consumption while encrypting/decryptingand uploading/downloading given dataset.
In this experiment, we have investigated the turnaround time and energy consump-tion on mobile device while encryption/decrypting and uploading/downloading thedataset given in Table 1 for PReS and I-PReS. The turnaround time and energy con-sumption can be evaluated as:
Total Turnaround Time (TTT) = tfr + ted + tud (35)
where tfr refers to the time required for file reading, ted represents the encryp-tion/decryption time, and tud denotes the uploading/downloading time. Similarly,energy consumption can be evaluated as:
Total Energy Consumed (TEC) = Ecomm + Efr + Eed (36)
where Ecomm refers to the energy consumption in communication, Efr represents theenergy consumption in file reading, Eed denotes the energy consumption in encryp-tion/decryption operations. Figures 4 and 5 show the turnaround time and energyconsumption on the mobile device while encryption and uploading the given dataseton the cloud storage. The x-axis of the graphs shows the file size in bytes along withthe total number of files and y-axis shows the energy consumption in percentage andturnaround time in seconds.
The experimental results show that the proposed I-PReS takes more time and con-sumes more energy on the mobile device for completing encryption and uploadingoperations on the given dataset. In I-PReS, the mobile user divides the file into blocks,
Fig. 4 Turnaround time whileencrypting and uploading thedataset
123
Incremental proxy re-encryption scheme
Fig. 5 Energy consumptionwhile encrypting and uploadingthe dataset
Fig. 6 Turnaround time whiledownloading and decrypting thedataset
encrypts each block, performs the cryptographic hash functions on each block, gener-ates final message authentication code, combines the encrypted block, and uploads onthe cloud storage. However, the operations involved in PReS are encryption of the fileand uploading of the encrypted file on cloud storage. Therefore, due to the involvementof the additional operations, I-PReS completes the encryption and uploading of givendataset in more time with more energy consumption on mobile device as compared toPReS. However, the procedure adopted in I-PReS for encryption significantly improvesthe file modification operations in terms of turnaround time and energy consumption.Similarly, Figs. 6 and 7 show same behavior for downloading and decrypting the givendataset.
Experiment II: Turnaround time and energy consumption while encrypting the dataset.In this experiment, we have investigated the turnaround time and energy consump-
tion on mobile device while performing the core encryption operation on the givendataset for PReS and I-PReS. Due to the inconsistent behavior of network, we cannot
123
A. N. Khan et al.
Fig. 7 Energy consumptionwhile downloading anddecrypting the dataset
conclude the results obtained in experiment-I. Therefore, this experiment is carriedout for the confirmation of the experiment-I, in which communication overhead isexcluded from the obtained results. The turnaround time and energy consumption canbe evaluated as:
Total Turnaround Time (TTT) = tfr + ted (37)
Similarly, the energy consumption can be evaluated using the following equation:
Total Energy Consumed (TEC) = Efr + Eed (38)
Figures 8 and 9 show turnaround time and energy consumption while encrypting thegiven dataset for I-PReS and PReS. As I-PReS divides the file into multiple blocks,therefore the experiments are performed by varying the total number of blocks for eachfile. The bars in the graphs for I-PReS(8), I-PReS(64), I-PReS(128), and I-PReS(256)represent the results of the I-PReS with 8, 64, 128, and 256 blocks, respectively.
The main objective of this experiment is to investigate how variable number ofblocks affects the turnaround time and energy consumption on the mobile devicefor I-PReS. The experimental results show that the I-PReS completes the encryptionrequest on the given dataset with more time and more energy consumption on mobiledevice. The total number of multiplication operations (B.Zr ) required for encryp-tion are almost same in I-PReS and PReS, however the involvement of the additionalcryptographic hash function in I-PReS increases the turnaround time and energy con-sumption on mobile device as compared to PReS.
4.1 CPU and memory utilization
In this experiment, we have evaluated the CPU utilization in percentage, private mem-ory in kilobytes, and Proportional Set Size (PSS) memory in kilobytes while encryptingthe 20 files of size 2,506,000 Bytes. The amount of memory that is released after the
123
Incremental proxy re-encryption scheme
Fig. 8 Turnaround time while encrypting the dataset
Fig. 9 Energy consumption while encrypting the dataset
termination of a process is called private memory. The amount of memory that isshared among multiple processes is called PSS memory [38] and can be evaluated as:
PSS =(
SMem
N
)(39)
where ‘SMem’ is the representation of the shared memory among multiple runningprocesses on the mobile device, and ‘N ’ indicates the number of processes utilizing theshared memory. We have developed a mobile application for evaluating the resource
123
A. N. Khan et al.
Table 3 CPU utilization and memory consumption while encrypting 20 files of size 2,506,000 bytes
CPU(%)
Time(Msecs)
PM(KB)
SM(KB)
CPU(%)
Time(Msecs)
PM(KB)
SM(KB)
PGReS: 20 File of Size 256,000 bytes I-PGReS: 20 File of Size 256,000 bytes (8)
56.00 108,641.86 16,930.22 23,278.49 56.15 110,256.53 16,746.00 18,772.35
55.80 108,593. 67 15,276.84 21,579.97 55.10 110,250.22 17,502.38 19,419.62
54.45 108,344.58 16,523.22 22,532.11 55.82 110,252.44 17,963.76 19,877.76
55.42 108,493.22 16,243.42 22,463.52 55.69 110,253.0633 17,404.05 19,356.57
I-PGReS: 20 File of Size 256,000 bytes (64) I-PGReS: 20 File of Size 256,000 bytes (128)
57.05 110,355.33 17,500.65 18,523.22 58.15 110,474.93 17,604.65 18,566.22
57.11 110,370.73 17,443.66 18,542.22 58.11 110,469.21 17,599.72 18,569.92
56.53 110,300.54 17,554.74 18,697.22 58.83 110,481.33 17,636.00 19,785.67
56.90 110,342.2 17,499.68 18,587.55 58.36 110,475.1567 17,613.46 18,973.93
I-PGReS: 20 File of Size 256,000 bytes (256)
59.15 110,727.33 17,800.31 19,866.91
59.17 110,831.47 17,663.22 18,967.18
59.83 110,885.94 17,888.33 19,856.32
59.38 110,814.9133 17,783.95 19,563.47
PM private memory, SM shared memory, MSecs milliseconds
utilization that executes the android top command [39] for every second to get theresources utilization information of each running process. Each experiment is repeatedthree times under same system configuration and average results are presented in theTable 3.
The results presented in Table 2 show that increase in the cryptographic hash func-tion for I-PReS also increases the CPU utilization and memory consumption on themobile device. The important parameter that need to be considered is the time to whichthe CPU and memory is kept busy. The measurement obtained from the experimentconfirms that the I-PReS consumes marginally more resources and takes slightly moretime to complete the request as compared to PReS, however the procedure adopted inI-PReS for encryption significantly improves the file modification operations in termsof response time and energy consumption on the mobile device as compared to PReS.
4.2 Block modification operation
In this experiment, we have investigated the turnaround time and energy consumptionwhile performing block insertion, deletion, and modification operations on uploadedfile. The energy consumption and turnaround time for I-PReS is evaluated as:
Total Turnaround Time (TTT) = tfr + tbe + tbu (40)
where tfr refers to the time required for file reading, tbe represents the block(s) encryp-tion time, and tbu denotes the block uploading time. Similarly, energy consumptioncan be evaluated as:
123
Incremental proxy re-encryption scheme
Total Energy Consumed (TEC) = Ebu + Efr + Ebe (41)
where Ebu refers to the energy consumption in block(s) uploading, Efr represents theenergy consumption in file reading, Ebe denotes the energy consumption in encryptingthe block(s). Figures 10 and 11 show turnaround time and energy consumption whileperforming the block(s) modification operations on the given dataset for I-PReS andPReS. In the experimental setup, each file of the given data set is divided into eight
Fig. 10 Turnaround time while performing block(s) modification/insertion operation on the dataset
1.6667
3.3333
4.3333
5.6667
6.6667
1.5270
2.7613 3.
5135
4.7734 5.2755
1.4935
2.3013 2.9283
3.9784 4.3968
1.3949 1.8414 2.3430
3.1834
3.5182
1.2562
1.3814 1.7577 2.3884
2.6396
0.9176
0.9215
1.1725 1.5934
1.7609
0.4589
0.4616
0.5872
0.7984
0.8823
0
1
2
3
4
5
6
7
51200×50 102400×50 153600×50 204800×50 256000×50
PReS I-PReS(6) I-PReS(5) I-PReS(4) I-PReS(3) I-PReS(2) I-PReS(1)
Fig. 11 Energy consumption while performing block(s) modification/insertion operation on the dataset
123
A. N. Khan et al.
blocks and the bars in the graphs for I-PReS(6), I-PReS(5), I-PReS(4), I-PReS(3), I-PReS(2), and I-PReS(1) represent the results of the I-PReS with 6, 5, 4, 3, 2, and 1blocks modification operations, respectively.
In I-PReS, the data owner needs to only encrypt the modified block(s), generatesthe message authentication code(s) for modified block(s), updates the final messageauthentication code, and transfers the modified block(s) along with the correspond-ing message authentication code(s) to the web instant hosted on GAE. The hostedweb instant receives the block modification request and updates the correspond-ing file along with the message authentication code. Alternatively, PReS encryptsand transfers the complete file to the hosted web instant on GAE without consider-ing how much file has been modified. Due to communication and processing over-head, PReS takes more time and consumes more energy on the mobile device ascompared I-PReS while performing the block modification operations on the givendataset.
The operations involved in block(s) insertion and modification are almost same,therefore the turnaround time and energy consumption are almost identical. More-over, in block deletion operation(s), the data owner transfers the block deletionrequest to the web instant hosted on GAE that contains location information, num-ber of blocks that mobile user wants to delete, and the updated final messageauthentication code. On reception of the request, the hosted web instant deletesthe block(s) along with the corresponding message authentication code and updatesthe final message authentication code. The main operation that needs to be per-formed on mobile device during block deletion operation is cryptographic hash func-tion. Figure 12 shows that the time in milliseconds consumed in performing thecryptographic hash function on the given dataset when a file is partitioned into 8blocks.
In PReS, the mobile user needs to encrypt and transfer the entire file after deletingthe block(s) to the web instant hosted on GAE. By analysis of Figs. 8 and 12, it canbe concluded that I-PReS completes the block(s) deletion operations much faster withminimum resource consumption on the mobile device as compared to PReS.
Fig. 12 Turnaround time while performing block(s) deletion operation the dataset in I-PReS
123
Incremental proxy re-encryption scheme
4.3 Security analysis
Pairing-based cryptographic operations are implemented using the java Pairing BasedCryptography library (jPBL) [30,37]. We assume a Type A pairing construed on curvey2 = x3 + x on a prime fieldFq for a prime number q of 512 bits. For secure cryp-tosystem, the value of q should be large to keep maximum points on the elliptic curve.According to Standards for Efficient Cryptography [40], the recommended value ofq is 112–521 bits. In PReS and I-PReS, at any given time maximum 64 bytes of datablock can be encrypted due to the size of prime field Fq . Moreover, the same value ofq (i.e. 512 bits) is used for PReS and I-PReS that provide same level of security. AsPReS and I-PReS are based on well-known atomic BBS re-encryption whose securityis well-proven and can be found in [30]. Therefore, we will limit our discussion onthe verification of the proposed schemes using formal methods.
4.4 Formal analysis and verification
The verification process is used for ensuring the correctness of the proposed sys-tem. The bounded model checking is used to ensure that the system terminates afterfinite number of states for any input. The bounded model checking contains (a)rules/properties of the system, (b) model representation of the system, and (c) verifi-cation tool for ensuring that the model holds the specified properties [41,42]. In thispaper, we use bounded model checking to verify proposed I-PReS.
The High Level Petri Net (HLPN) representation of the I-PReS is depicted in Fig. 13.For development of petri net model, we have identified data types, places, and map-pings of data types to places. Tables 4 and 5 show the data types and mappings,respectively. In HLPN model, the rectangular black boxes are the representation oftransitions that belong to set T . The circles are places and belong to set P .
In this section, we define formulas to map on transitions. The system starts withkey generation and setup phase that generates public and private keys for each userbelonging to data partition ‘P’ of the cloud. This is done by the starting transitionKey_Gen in HLPN model. Following formula maps to the aforesaid transition:
R(Key_Gen) = ∀x1 ∈ X1,∀x2 ∈ X2|x2[3] := Gen_SKi (x1[2]) ∧ x2[4] := Gen_P Ki (x1[2]) ∧x2[5] := Gen_g (x1[1]) (42)
X′1 = X1 ∪ {x2[3], x2[4], x2[5]}
X′2 = X2 ∪ {x2[3], x2[4], x2[5]}
Generated keys are then sent to the authorized users by transition Send_keys. Thefollowing rule shows the operation:
123
A. N. Khan et al.
Fig. 13 HLPN model for I-PReS
R(Send_Keys) = ∀x3 ∈ X3,∀x4 ∈ X4|x4[1] := x3[1] ∧ x4[2] := x3[2]∧x4[3] := x3[3] ∧ x4[4] := x3[4]∧
X′4 = X4 ∪ {x4[1], x4[2], x4[3], x4[4]}
(43)
Parameter ‘r ’ for user and system parameter Z is generated by following transitionand associates rule:
R(Gen_r_z) = ∀x5 ∈ X5,∀x6 ∈ X6|x6[5] := Gen_z(x5[1]) ∧ x6[6] := Gen_r(x5[1]) ∧ (44)
X′6 = X6 ∪ {x6[5], x6[6]}
The user that wants to upload the data to the cloud divides the file into multiple portionsaccording to the parameters given in detail of I-PReS. Following rule over transitionSplit_F highlights the process:
R(Split_F) = ∀x7 ∈ X7,∀x8 ∈ X8|x8[8] := split_file(x7[7], x7[13]) ∧ (45)
X′8 = X8 ∪ {x8[8]}
123
Incremental proxy re-encryption scheme
Table 4 Data types for I-PReSData type Description
g Number belonging to group G1 of prime order q
Z A number, e(g, g) belonging to group G2
Ui A number identifying user i
Pi A number identifying partition i over cloud
SKi Secret key of user i
PKi Public key of user i
Bi String representing ith chunk of bytes from F, suchthat, F = || d
i=1(Bi )
MACi Hash value of Bi
Bnew New blocks that user wants to update
MACnew Hash value of Bnew
Cnew Encrypted form of new blocks
MACfinal Final hash value H(H(B1)|| H(B1)|| H(B1)….||H(Bd))
r A random number
C Encrypted F
Ci Encrypted form of Bi, such that C = || di=1(Ci )
CA Number representing gr xA
RKA−→B Re-encryption key from user A to B
CB Number representing Zr xB
d Number representing total blocks of file
F A file that is to be encrypted
ddel Number representing deleting blcoks
Table 5 Places and mappingsused in HLPN model of I-PReS
Place Mapping
ϕ Proxy) P(Pi×Ui×SKi×PKi×g×Z×CA× CB× RKA−→B×r)
ϕ (User) P(Pi×Ui×SKi×PKi×Z×r×F×Bi×C×Ci×MACi×MACfinal×d×Cnew×Bnew×MACnew×ddel)
ϕ (Cloud) P (Pi×Ui×C × MACi× MACfinal)
ϕ (RK) P (CB× C)
The mobile user encrypts the data and generates the corresponding message authen-tication codes according to given encryption rule and sends it to the cloud. This is doneat transition ENC_M and following formula represents it:
R(ENC_M) = ∀x9 ∈ X9,∀x10 ∈ X10|x10[1] := x9[1] ∧ x10[2] := x9[2]∧
x10[10] := encrypt(x9[8], x9[5], x9[6])∧x10[9] := concat(x10[10])∧
x10[11] := gen_mac(x9[8])∧x10[12] := concat(x10[11])∧
X′10 = X10 ∪ {x10[1], x10[2], x10[9] x10[10] x10[11] x10[12]}
(46)
123
A. N. Khan et al.
With this the process of encryption and uploading to the cloud is completed. If anyuser (Let say user ‘B’) wants to download and decrypt the data, the user ‘B’ requestsfor CB from manager. The manager checks the access control list for the requestinguser. If requesting user is not in access control list, the request for CB fails that isdepicted in the following rule:
R(Req_CB_F) = ∀x11 ∈ X11,∀x12 ∈ X12,∀x13 ∈ X13|x12[1] = x11[1] ∧ x12[2] = x11[2] ∧X
′12 = X12 (47)
X′13 = X13
If requesting user has access rights for the uploaded message, the manager calculatesre-encryption key and CB , and sends CB to user. This can be represented in the formof Req_CB_S (authentication successful) transitions:
R(Req_CB_S) = ∀x14 ∈ X14,∀x15 ∈ X15,∀x16 ∈ X16,∀x17 ∈ X17|x15[1] = x14[1] ∧ x15[2] = x14[2] ∧X
′15 = X15 ∧ X
′17 = X17 ∧
∀x18 ∈ X18| (48)
x17[1] := x16[8] ∧x18[2] := prod(x14[8], power(x14[5], prod(x14[3], x14[6]))) ∧X
′18 = X18 ∪ {x18[1], x18[2]}
After receiving CB , user transforms the encrypted portion of the message into plaintext. This is done at transition Dec_M with following rule:
R(Decr_CMobile) = ∀x18 ∈ X18,∀x19 ∈ X19,∀x20 ∈ X20,∀x21 ∈ X21|x19[8] := decrypt(x21[10], x18[1], x19[2]∧X
′19 = X19 ∪ {x19}
(49)
After decryption, the blocks are concatenated with following transition and rule:
R(Cmb_msg) = ∀x21 ∈ X21,∀x22 ∈ X22|x22[11] := gen_mac(x21[8]) ∧ x22[12] := gen_fmac(x22[11]) ∧x22[7] := concat(x21[10]) ∧ (50)
X′22 = X22 ∪ {x22[11], x22[7]}
When mobile user wants to modify the file stored on cloud storage, the file modificationis done through block insertion, deletion, and modification operation discussed above.The block modification request is represented with B_Insert, B_Modify, and B_Deletetransitions and rules:
123
Incremental proxy re-encryption scheme
R(B_Insert) = ∀x23 ∈ X23,∀x24 ∈ X24|x23[14] := encrypt(x23[15], x23[5], x23[6]) ∧
x23[9] := insert(x24[14]) ∧x23[16] := gen_fmac(x23[15]) ∧x23[12] := insert(x24[16]) ∧
x24[3] := x23[9] ∧ x24[4] := x23[12] ∧ (51)
X′23 = X23 ∪ {x23[4], x23[6], x23[9], x23[16], x23[12]}
X′24 = X24 ∪ {x24[3], x24[4]}
R(B_Modify) = ∀x25 ∈ X25,∀x26 ∈ X26|x25[14] := encrypt(x25[15], x25[5], x25[6]) ∧
x26[3] := update(x25[14]) ∧x25[16] := gen_fmac(x25[15]) ∧ (52)
x26[4] := update(x24[16]) ∧X
′25 = X25 ∪ {x25[14], x25[16]}
X′26 = X26 ∪ {x26[3], x26[4]}
R(B_Delete) = ∀x27 ∈ X27,∀x28 ∈ X28|x28[3] := delete(x27[17]) ∧ (53)
x28[4] := update(x28[4], x27[17]) ∧X
′28 = X28 ∪ {x28[3], x28[4]}.
Verification property: The aim of verification was to ensure that the proposed systemworks according to the specifications and produces the results correctly. The followingproperties are verified:
• Encryption of the message by user is done correctly and as specified by the system.• Decryption requests are handled correctly by the proxy and user, and after decryption
user gets the original data that was uploaded by the data owner.• After block modification operations, mobile user is capable to get the modified file
correctly.
The above given model was translated to SMT-Lib and verified through Z3 solver.The solver showed that the model is workable and executes according to the specifiedproperties. Z3 solver took 0.05 s to upload data of user after encryption, and downloadand decrypt for another user in the group.
5 Conclusion and future work
In this paper, we have proposed an incremental proxy re-encryption scheme and com-pared with the existing proxy re-encryption scheme on the basis of turnaround time,energy consumption, CPU utilization, and memory allocation on the mobile device.
123
A. N. Khan et al.
Table 6 Summary of result improvement in block modification operation
File size × total file (%) Modification(%)
Average(%)
51,200×50 102,400×50 153,600×50 204,800×50 256,000×50
I-PReS(6) 14.20 21.60 21.53 16.61 24.48 75.0 19.68I-PReS(5) 28.50 34.66 34.60 30.50 37.06 62.5 33.06I-PReS(4) 42.80 47.71 47.67 44.39 49.64 50.0 46.44I-PReS(3) 57.09 60.77 60.74 58.28 62.22 37.5 59.82I-PReS(2) 71.39 73.83 73.81 72.17 74.79 25.0 73.20I-PReS(1) 85.69 86.89 86.89 86.05 87.37 12.5 86.58Average 49.95 54.24 54.21 51.33 55.93
Due to the involvement of additional file segmentation, blocks concatenation, andcryptographic hash function, the proposed scheme provides confidential and integrityservices to mobile users with slightly more time and marginally more energy consump-tion on the mobile device as compared to PReS. However, I-PReS shows improvementin results while performing the block(s) insertion, deletion, and modification opera-tion(s) as compared to the PReS. The improvement in results depends on the numberof block(s) that the data owner wants to update. Table 6 shows the result improvementof I-PReS in block(s) modification operation(s) as compared to PReS.
The average results presented horizontally in the Table 3 show 50–56 % collec-tive improvement while performing the block(s) modification operation on the givendataset with 6, 5, 4, 3, 2, and 1 block(s) modification operations. The average resultspresented vertically in the Table 3 show individual percentage improvement in resultswhile performing the block(s) modification operation on the given dataset with 6, 5,4, 3, 2, and 1 block(s) modification operations.
In the future, we aim to enhance the incremental proxy re-encryption scheme thatcan handle the file modification operation efficiently anywhere in the file.
Acknowledgments We would like to acknowledge the financial support of the BrightSparks Program atUniversity of Malaya, Malaysia for carrying out this research experiments.
References
1. Khan AN, Kiah MLM, Khan SU, Madani SA (2013) Towards secure mobile cloud computing: a survey.Futur Gener Comput Syst 29:1278–1299
2. Khan AN, Kiah MLM, Madani SA, Ali M. (2013) Enhanced dynamic credential generation schemefor protection of user identity in mobile-cloud computing. J Supercomput 1–20
3. Khan A, Othman M, Madani S, Khan S (2013) A survey of mobile cloud computing application models.IEEE Commun Surv Tutor 1–21
4. Nathani A, Chaudhary S, Somani G (2012) Policy based resource allocation in IaaS cloud. Futur GenerComput Syst 28:94–103
5. Wang L, Von Laszewski G, Younge A, He X, Kunze M, Tao J, Fu C (2010) Cloud computing: aperspective study. New Gener Comput 28:137–146
6. Murty J (2008) Programming Amazon Web Services: S3, EC2, SQS, FPS, and SimpleDB: O’ReillyMedia (Incorporated)
123
Incremental proxy re-encryption scheme
7. Chen EY, Itoh M (2010) Virtual smartphone over IP. In: IEEE international symposium on a world ofwireless mobile and multimedia networks (WoWMoM), 2010. IEEE, pp 1–6
8. Google Cloud Storage Java API Overview, August 15, 2012. https://developers.google.com/appengine/docs/java/googlestorage/overview
9. Dinh HT, Lee C, Niyato D, Wang P (2011) A survey of mobile cloud computing: architecture, appli-cations, and approaches. Wirel Commun Mobile Comput
10. Zip cloud, May 01, 2013. http://www.zipcloud.com/11. Crashplan, May 06, 2013. http://www.crashplan.com/12. Hashemi SM, Ardakani MRM (2012) Taxonomy of the security aspects of cloud computing systems-a
survey. Int J Appl Inf Syst 4:21–2813. Mobile cloud computing: 9.5 billion by 2014 (2010) Juniper, Technical Report. April 24, 2013. http://
www.juniperresearch.com/reports/mobile_cloud_applications_and_services14. Zhang X, Schiffman J, Gibbs S, Kunjithapatham A, Jeong S (2009) Securing elastic applications on
mobile devices for cloud computing. In: Proceedings of the 2009 ACM workshop on cloud computingsecurity. ACM, pp 127–134
15. Xiao S, Gong W (2010) Mobility can help: protect user identity with dynamic credential. In: Eleventhinternational conference on mobile data management (MDM), 2010. IEEE, pp 378–380
16. Wang S, Wang XS (2010) In-device spatial cloaking for mobile user privacy assisted by the cloud. In:Eleventh international conference on mobile data management (MDM), 2010. IEEE, pp 381–386
17. Chow R, Jakobsson M, Masuoka R, Molina J, Niu Y, Shi E, Song Z (2010) Authentication in theclouds: a framework and its application to mobile users. In: Proceedings of the 2010 ACM workshopon cloud computing security workshop. ACM, pp 1–6
18. Huang D, Zhang X, Kang M, Luo J (2010) MobiCloud: building secure cloud framework for mobilecomputing and communication. In: Fifth IEEE international symposium on service oriented systemengineering (SOSE ’10). IEEE, pp 27–34
19. Huang D, Zhou Z, Xu L, Xing T, Zhong Y (2011) Secure data processing framework for mobile cloudcomputing. In: IEEE conference on computer communications workshops (INFOCOM WKSHPS ’11).IEEE, pp 614–618
20. Chen YJ, Wang LC (2011) A security framework of group location-based mobile applications in cloudcomputing. In: 40th international conference on parallel processing workshops (ICPPW ’11). IEEE,pp 184–190
21. Bilogrevic I, Jadliwala M, Kumar P, Walia SS, Hubaux JP, Aad I, Niemi V (2011) Meetings throughthe cloud: privacy-preserving scheduling on mobile devices. J Syst Softw 84:1910–1927
22. Zhang X, Jeong S, Kunjithapatham A, Gibbs S (2010) Towards an elastic application model foraugmenting computing capabilities of mobile platforms. Mobile Wirel Middlew Oper Syst Appl 161–174
23. Ren W, Yu L, Gao R, Xiong F (2011) Lightweight and compromise resilient storage outsourcing withdistributed secure accessibility in mobile cloud computing. Tsinghua Sci Technol 16:520–528
24. Hsueh SC, Lin JY, Lin MY (2011) Secure cloud storage for convenient data archive of smart phones.In: IEEE 15th international symposium on consumer electronics (ISCE ’11). IEEE, pp 156–161
25. Itani W, Kayssi A, Chehab A (2010) Energy-efficient incremental integrity for securing storage inmobile cloud computing. In: International conference on energy aware computing (ICEAC ’10). IEEE,Cairo, Egypt, pp 1–2
26. Jia W, Zhu H, Cao Z, Wei L, Lin X (2011) SDSM: A secure data service mechanism in mobile cloudcomputing. In: Conference IEEE on computer communications workshops (INFOCOM ’11). IEEE,Shanghai, China, pp 1060–1065
27. Yang J, Wang H, Wang J, Tan C, Yu D (2011) Provable data possession of resource-constrained mobiledevices in cloud computing. J Netw 6:1033–1040
28. Tysowski PK, Hasan MA (2011) Re-encryption-based key management towards secure and scalablemobile applications in clouds. In: IACR Cryptology ePrint Archive 668
29. Zhou Z, Huang D (2011) Efficient and secure data storage operations for mobile cloud computing. In:Cryptology ePrint Archive
30. Blaze M, Bleumer G, Strauss M (1998) Divertible protocols and atomic proxy cryptography. In: NybergK (ed) Advances in cryptology—EUROCRYPT’98. Springer, Berlin, pp 127–144
31. ElGamal T (1985) A public key cryptosystem and a signature scheme based on discrete logarithms.In: Advances in cryptology. Springer, Berlin, pp 10–18
123
A. N. Khan et al.
32. Bellare M, Goldreich O, Goldwasser S (1994) Incremental cryptography: the case of hashing andsigning. In: Advances in cryptology—CRYPTO’94. Springer, Berlin, pp 216–233
33. Bellare M, Goldreich O, Goldwasser S (1995) Incremental cryptography and application to virusprotection. In: Proceedings of the twenty-seventh annual ACM symposium on theory of computing.ACM, pp 45–56
34. Bellare M, Micciancio D (1997) A new paradigm for collision-free hashing: incrementality at reducedcost. In: Advances in cryptology–EUROCRYPT’97. Springer, Berlin, pp 163–192
35. Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained data access controlin cloud computing. In: Proceedings IEEE (INFOCOM ’10). IEEE, NJ, USA, pp 1–9
36. Adjusting Application Performance, September 05, 2012. https://developers.google.com/appengine/docs/adminconsole/performancesettings
37. De Caro A, Iovino V (2011) jPBC: java pairing based cryptography. In: IEEE symposium on computersand communications (ISCC ’11). IEEE, Kerkyra, pp 850–855
38. Proportional Set Size, August 23, 2012. http://lwn.net/Articles/230975/39. Android Top Command To Get CPU Usage and Memory Usage, September 09, 2012. http://www.
javachartingandroid.com/2011/04/android-top-command-to-get-cpu-usage-and-memory-usage/40. Certicom, Standards for Efficient Cryptography, SEC 2: Recommended Elliptic Curve Domain Para-
meters, Version 1.0, September 2000. http://www.secg.org/download/aid-386/sec2_final.pdf41. Murata T (1989) Petri nets: properties, analysis and applications. Proc IEEE 77:541–58042. de Moura L, Bjørner N (2009) Satisfiability modulo theories: an appetizer. In: Formal methods: foun-
dations and applications. Springer, Berlin, pp 23–36
123