Efficient Identity-Based Key Management for Configurable Hierarchical Cloud Computing Environment

The security of cloud computing datacenters is an important issue. In recent years, some schemes of encryption and authentication based on hierarchical identity-based key management systems have been developed. However, these schemes did not consider the case when PKG (Private Key Generator) went down. In this paper, we proposed an identity-based key management scheme for configurable hierarchical cloud computing environment. The proposed scheme requires fewer computations on encryption, and authentication, and it also provides efficient key reconstruction in case of PKG failures. As a result, the scheme proposed in this paper can reduce the key reconstructing cost efficiently on cloud computing data center.

Efficient Identity-Based Key Management for Configurable Hierarchical Cloud

Computing Environment

Jyun-Yao Huang

Department of Computer Science

and Engineering

National Chung Hsing University

Taichung, Taiwan

allen501pc@gmail.com

I-En Liao Department of Computer Science and Engineering

National Chung Hsing University Taichung, Taiwan ieliao@nchu.edu.tw

Chen-Kang Chiang Department of Computer Science

and Engineering National Chung Hsing University Taichung, Taiwan s99056051@cs.nchu.edu.tw

Abstract—The security of cloud computing datacenters is an

important issue In recent years, some schemes of encryption

and authentication based on hierarchical identity-based key

management systems have been developed However, these

schemes did not consider the case when PKG (Private Key

Generator) went down In this paper, we proposed an

identity-based key management scheme for configurable hierarchical

cloud computing environment The proposed scheme requires

fewer computations on encryption, and authentication, and it

also provides efficient key reconstruction in case of PKG

failures As a result, the scheme proposed in this paper can

reduce the key reconstructing cost efficiently on cloud

computing data center

Keywords- Cloud Computing, Identity-Based

Authentication, Identity-Based Encryption

I INTRODUCTION The new term “cloud computing” appeared from

Google’s CEO Eric Schmidt in 2006 [1] This new idea

has since become the most important technique in

network services Nowadays cloud computing services

are everywhere, e.g., Google Gmail, Google document,

Microsoft Hotmail, Amazon EC2, and Facebook These

services have been the most important for our world

Cloud computing is a large-scale distributed

computing paradigm [2] According to NIST’s (National

Institute of Standards and Technology) definition for

cloud computing:“Cloud computing is a model for

enabling convenient, on-demand network access to a

shared pool of configurable computing resources (e.g.,

networks, servers, storage, applications, and services) that

can be rapidly provisioned and released with minimal

management effort or service provider interaction” [3][4]

Usually, cloud providers have their own cloud

infrastructures or corresponding applications to provide

services for their customers There are three typical

service models for cloud computing:

1) Infrastructure as a Service (IaaS), which provides

cloud computing infrastructures for customers

2) Platform as a Service (PaaS), which provides both

IaaS and platform components such as operating systems

or needed libraries

3) Software as a Service (SaaS), which provides

applications on the cloud computing platform

However, NIST [3-4] also defines the deployment model for cloud computing:

4) Public cloud, which allows users’ access to the

cloud via web browser interface

5) Private cloud, which is set up by the action using

internal communication

6) Hybrid cloud, which is a private cloud linked to one

or more external cloud services, centrally managed, provisioned as a single unit, and circumscribed by a secure network

7) Community cloud, which shares infrastructure

resource between server organizations via secret community channels

Security is one major issue of cloud computing A public cloud computing datacenter may consist tens of or hundreds of containers, and each container may contains thousands of servers How to enhance the security of these computing nodes is a significant issue For encrypting transmissions in cloud computing, the general technique is based on TLS/SSL protocols However, these schemes are not efficient for encryption and authentication [5] In another aspect, how to broadcast the public keys and compute private keys of each cloud computing node is another significant issue because of the bottleneck of the basic TLS/SSL scheme In recent years, the major methods are inspired by Hierarchical ID-based encryption (HIDE), which is based on admissible pairing [5-8]

In recent years, some researches proposed identity-based hierarchical key deployment model for encryption and authentication in cloud computing However, these methods did not consider the case when PKG (Private Key Generator) may be failed

When one PKG failed, its child nodes need to be reconnected to another PKG The newly assigned PKG needs to regenerate private keys for all the descendants of the failed PKG in order to keep them working This method will incur lots of overhead in case of PKG failure

In this paper, we propose a robust and low-cost identity-based encryption in a hierarchical key distribution model by taking into consideration of the failures of PKGs The remainder of this paper is structured as follows: Section II discusses the related work on security in cloud

2011 IEEE 17th International Conference on Parallel and Distributed Systems

computing, especially the identity-based authentication

technique Section III describes our method for key

deployment, encryption, authentication and key

reconstruction Section IV provides analysis of

performance and security And section V gives

conclusions

II RELATED WORK

In 1996, Netscape proposed Transport Layer Security

(TLS) [9][10], for which the common name is “Secure

Sockets Layer (SSL).” TLS offers many different options

for key agreement, encryption and network authentication

The web server is configured with an X.509 certificate

including the domain name The certificate is issued from

a trust certification authority (CA) The server sends its

certificate to the browser client during TLS

communications If the domain name is checked

successfully by CA, the client can continue to load the

page Note that the browser remains anonymous within its

TLS configuration As consequence of inverting TLS,

most web applications can implement security of data

transmission

Although TLS is used with client authentication, the

client certificate does not transport any authorization and

authentication information The SAML (Security

Assertion Markup Language) [11] is bound to the public

key contained in this certificate by including this key in a

Holder-of-Key assertion Web service providers can use

SAML to achieve single sign-on across different websites

After cloud computing becomes a new term, there are

many significant issues One of cloud computing issues is

about security Cloud Security Alliance (CSA) [12]

recommended cloud service providers use some open

standards such as SAML, SSL, etc to achieve

authentication and federation S Ramgovind et al [13]

discussed the management of security in cloud computing

They described the security requirements for three

deployment models and three cloud service models For

IaaS and PaaS, identification and authentication are listed

as mandatory for the three deployment models Proper

authentication guarantees data integrity while transferring

among cloud computing nodes

Boneh and Franklin [14] proposed a security model of

Identity-Based Encryption and gave a construction using

bilinear maps For bilinear map, they considered a large

prime p and E is the elliptic curve There are two groups, a

group over curve E/Fp2 with a large order q, denoted by G q

and Ӵq be subgroup of *

q

F , which order is also q They said a modified Weil pairing ê: G qͪGqӴq is admissible,

if it has three properties:

1) Bilinear: For all P, QෛG q and a, bෛZ, ê(aP, bQ)=

ê(bP, aQ)=ê(P, Q) ab And it can be restated as for all P, Q,

R ෛGq , ê(P+R, Q)=ê(P, Q) ê(R, Q) and ê(P, Q+R)= ê(P, Q)

ê(P, R)

2) Non-degenerate: ê(P, P)ෛF q , is an element of

order q, and in fact a generator of­q

3) Computable: Given P, QෛG q, there is an effective method to compute ê(P, Q)

They proposed the identity-based encryption based on the admissible pairing, and the security of that scheme is enhanced by Computational Diffie-Hellman assumption (CDH) and Weil Diffie-Hellman (WDH) assumption The CDH assumption is stated as the following definition:

Given g, g x , g y א G1 for unknown random x, y א Zpכ, it

is hard to compute g xy , where p is a large prime, where G 1

is a bilinear group

And WDH assumption is stated as the following definition:

Given P, aP, bP, cP א G1 for unknown random a, b, c

א Zpכ, it is hard to compute r= ê(P, P) abc , where G 1 is a

bilinear group

However, Boneh and Franklin method is not efficient for large network Jeremy Horwitz, et al [6] introduced a hierarchical concept for a 2-level HIDE Then, Gentry and Silverberg [7] proposed the practical scheme for this concept

Even though SSL is a general security scheme, it has lower efficiency than pairing scheme In recent years, Hongwei Li et al [5] proposed an identity-based hierarchical model for cloud computing (IBHMCC) In their scheme, the cloud computing environment is composed of a hierarchical structure of nodes and authentication is done using Weil pairing According to their analysis, SSL scheme is lower than their proposed pairing-based scheme However, this scheme cannot defend against replay attacks when attackers repeatly transmit authentication messages to server Liang Yan et al [8] adopted federated identity management together with hierarchical identity-based cryptography (HIBC) In their scheme, two parties encrypted data and verified each other using shared secret session key without secret key exchange

However, the methods proposed by Hongwei Li et al [5] and Liang Yan et al [8] did not consider the key regeneration problem when any of the lower level PKG went down

In this paper, we propose a robust and low-cost identity-based encryption in a hierarchical key distribution model by taking into consideration of the failures of PKGs This method will be described in section 3

III PROPOSED METHOD The proposed method is inspired by “Identity-Based Encryption from the Weil Pairing” [14] In this paper, we proposed identity-based encryption in a hierarchical key deployment model for effective key reconstruction

Consider the connections of cloud computing servers and clients as shown in Figure 1 Suppose that a data center is organized in hierarchical structure It contains a Root PKG in level 0, PKGs for containers in level 1, PKGs for racks in level 2, and physical server nodes in level 3 Any physical server in level 3 has several VMs (Virtual Machine), which are labeled as level 4 These components are connected by high speed network or bus

Note that each PKG has a unique ID in the whole data

center, named ID0 in level 0, ID10 and ID11 in level 1, and

similarly for level 2, 3 and 4 However, there is one user

account server, which can send the public/private keys of

users to those who need new servers Note that these all

PKGs are safe which can’t generate fake public/private

keys

Figure 1 System architecture

A PKG Setup

The key deployment of this model requires two major

steps: Root PKG Setup and Lower level PKG setup

Root PKG Setup: The Root (Level 0) acts as follows:

1) Generate an additive group G 1 which is the group

of points of an elliptic curve over F q , and multiplicity

group G 2 which is a subgroup of F q These groups have a

large prime order q Choose an appropriate admissible

pairing ê: G 1 ×G 1 G 2

2) Chose an arbitrary generator PෛG 1

3) Choose cryptography hash functions, H 1 :

{0,1}*G 1 , H 2 : G 2 {0,1} n for some n ෛN

4) Then the Root PKG selects random number ෛZq,

and sets Q 0 =P, P 0 = H 1 (id 0 ), S 0 =P 0 Note that S 0 is the

Root PKG’s master key Then, the Root PKG sends

system parameters < G 1 , G 2 , ê, Q 0 , P, P 0 , H 1 , H 2 > to its

child PKG nodes, where P is a public key

Lower PKG Setup: Assume the lower node is L in the

level t+1 and its parent PKG is in level t Then the parent

PKG does:

1) Compute L’s public key, P L = H 1 (id L)

2) Select two secret points  L ’ ,  LෛZq, which are only

known by L and its parent nodes

3) Set the private key of L: S L =  L ’S 0 + L P L

4) Set the public Q-value: Q L =  L P

5) Output < G1, G2, ê, Q 0 , P, S 0 , H 1 , H 2> to its child

nodes

After these five steps, the lower level nodes get their

private key and secret point The public key and Q-value

are also public

Similarly, each node in the lower levels of the cloud environment also follows these four steps to generate the public keys, secret points and private keys

B Identity-Based Encryption and Decryption

Identity-Based Encryption is based on the PKG setup

module For encryption between two server nodes n1 and

n2, if n1 wants to send message m to n2:

1) Get public key P n2

2) Select a random number rෛZ q 3) Output the ciphertext C=<rP, rP n2 , H 2 (g r )๨m),

where g= ê(Q0,  L ’ P0) is pre-computed

For decryption in n2, after receiving C=<P’, P 2 ’, m’>:

1) Compute

, whereSn2= n2 ’S0+ n2 P n2 is a private key of n2

Get the message m = H2(d) ๨m’

C Identity-Based Signature

For the signature, if node n s wants to sign message m:

1) Compute P m =H 1 (id n2 ||m)

2) Select a number t =H 3 (T c ), where T c is current time

and H3 is a hash function which maps real number into Zp 3) Select a random number r nsෛZq

4) Compute = r ns S ns +t ns P m 5) Output the signature <, t n2 P m , r ns Q n2 , r ns  ns ’P0>

For verification, when the other node n r gets the

signature s’= <’, P s ’, Q s ’, R s ’>, the sender public key P n2

and the last signature if it exists from the same sender:

s”=<”, P s ”, Q s ”, R s ”>, it can verify the signature and

just test the following steps:

1) If P s ’P s ”, go to Step 2 Otherwise, refuse the

request from the sender

2) If e(P,)=e(P,P s')e(Q0,R s')e(Q s',P s) ,where P s is

public key of the sender

Then, the signature is validate

D User Request for Authentication Keys

For IaaS and PaaS, if there’s one user U who needs

some new VMs from the cloud service provider in the

data center, U must get the public/private key generated from the server Then, U takes the following steps for getting the public/private key to use VMs (see Figure 1.):

1) U sends the user login (UL) message including

account and password to login the user account server via

SSL

2) The user account server checks the account and

password, then sends account granted (AG) message to U

via SSL if the account and password are correct

3) After receiving AG, U sends request for

authentication keys (RAK) for some new VMs to the user

account server

4) The account server sends RAK to physical servers

for new VMs via SSL

) , (

) +

㶅 , (

= ) , (

) , ' (

=

2 2

2 0 2 '

2 2

2 2

n n

n n n

n

rP P

 e

P

 S

 rP e P Q e

S P e d

5) The physical servers create new VMs and generate

new public/private keys for VMs via lower level PKG key

generation step Then, the physical servers notify the new

VMs’ address to the account server

6) The new created VMs also generate new

public/private keys for VMs via lower level PKG key

generation step Then, the VMs return message including

these authentication keys of VMs for user (AKV) and

VMs addresses to the user account server via SSL

7) After the account server verifies the addresses of

VMs, the user account server decrypts the AKV messages

Then, it sends AKVs to U via SSL

8) U can communicate with new VMs via AKVs using

identity-based encryption and identity-based signature

E Key Reconstruction when PKG Went Down

In the hierarchical identity-based cryptography

schemes proposed by Hongwei Li et al [5] and Liang

Yan et al [8], once an upper level PKG went down, the

keys generated for all lower level nodes need to be

reconstructed This may result in unexpected unreliability

of cloud services To alleviate this problem, the private

key generated for the lower level node in the step 3 of

Lower PKG Procedure is designed to depend on the

immediate parent node Therefore, if a PKG failed, only

its immediate child nodes will be affected

The procedure for key reconstruction in case of a PKG,

say B failure is as follows:

1) Restructure phase: The datacenter selects a PKG,

say C at the same level as the failed PKG B Assign the

PKG C as the parent PKG of the child nodes of B

2) Reconstruct public/private key phase: Use the

procedure for Lower PKG Setup to reconstruct the

public/private keys of the child nodes of B using C as the

new parent PKG

IV SECURITY AND PERFORMANCE ANALYSIS

A Performance Analysis

Before expressing our performance analysis, there are

notations for computation cost:

1) C BM : the cost for computing bilinear map ê

2) C cmp: the cost for comparing two content texts

3) C h : the cost for hash function

4) C xor : the cost for XOR

We discuss the performance analysis of the proposed

scheme compared to IBHMCC [5] from three aspects:

For performance analysis assume that node nt in level t

wants to encrypt message m and send the encrypted

message to node nt+k in level t+k In IBHMCC scheme, nt

must do ê computation one time for encryption and nt+k

must do t+k times for descryption In our proposed method,

it only performs ê operations one time and 2 times in

encryption and decryption, resppectively In IBHMCC

scheme, nt must do one time of hash computation for

signature and nt+k must do t+k times of ê operations for

verification In our proposed method, it only performs 2

times of hash operations for signature and 4 times of ê

operations for verification The comparisons for computation costs are shown in Table 1 and Table 2

As to the key reconstruction problem in case of a PKG failure, the proposed scheme only reconstructs the public/private keys of the immediate child nodes of the failed PKG instead of reconstructing the public/private keys of all descendant nodes Assume there are k child nodes under the failed node and each node also has n child nodes in the subtree as root as the failed node Assume that this subtree has l levels When a PKG failure occurs

in IBHMCC scheme, there are k×nl-1 nodes that need to reconstruct private keys and public keys But in the proposed scheme, there are just k nodes need to reconstruct private keys and public keys The comparison for reconstruction costs is shown in Table 3

Table 1 Cost comparison for encryption/decryption

Encryption Decryption

IBHMCC 1C BM + 1C h +

1Cxor

(t+k) C BM + 1C h + 1Cxor

Proposed 1C BM + 1C h +

1C xor

2C BM + 1C h + 1C xor

Table 2 Cost comparison for signature/verification

Signature Verification

IBHMCC 1C h (t+k)C BM + 1C cmp Proposed 2C h 4C BM + 1C cmp

Table 3 Number of reconstruction nodes

Table 4 Cost comparison for communications

Scheme Communications (in parameters)

Encryption Signature

For communication cost, in encryption the proposed scheme only sends 3 parameters to the receiver, while

IBHMCC must send t+k+2 parameters In the signature,

the proposed scheme only sends 4 parameters while IBHMCC needs more Therefore, our scheme has fewer communication costs as shown in Table 4

B Security Analysis

In this subjection, we discuss the security aspects of our proposed scheme in terms of man-in-the middle attack, replay attack:

1) Assume an attacker in a cloud server intercepts a

message from a PKG, because the attacker do not know the private key of the receiver, he can not decrypt the message due to complex computations imposed by the Weil Diffie-Hellman assumption

2) For replay attack, when an adversary catched the

signature s’ and ciphtertext m’ sent by the sender S e to the

receiver R c He can camouflage the sender and resend the

ciphertext m’ and signature s’ to perform replay attacks to

the receiver R c The replayer attacks will be detected by

the receiver because we add a timestamp t in the signature

scheme The receiver R c needs only to check the current

signature with the last signature If they are equal, R c

rejects the request

V CONCLUSIONS

In this paper we propose an efficient identity-based key

management for configurable hierarchical cloud

computing environment The proposed scheme has better

performance and fewer communication cost compared to

other hierarchical identity-based cryptography schemes

such as IBHMCC Another feature of our scheme is the

faster key reconstruction in case of a PKG failure than

IBHMCC

ACKNOWLEDGMENT This research was partially supported by National

Science Council, Taiwan, under contract no

NSC100-2221-E-005-070

REFERENCES [1] D Bogatin (2006, Auguest), “Google ceo’s new paradigm: cloud

computing and advertising go hand-in-hand,” ZDNet [Online]

Available: http://blogs.zdnet.com/micromarkets/?p=369

[2] I Foster, Y Zhao, I Raicu, and S Lu, “Cloud computing and grid

computing 360-degree compared,” in Grid Computing

Environments Workshop, 2008 GCE ’08, Nov 2008, pp 1 –10

[3] P M T Grance (2009), “The nist definition of cloud computing

(15 ed.),” NIST [Online] Available:

http://csrc.nist.gov/-groups/SNS/cloud-computing

[4] P M T Granc, “The NIST Definition of Cloud Computing

(Draft),” National Institute of Standards and Technology (NIST)

Std [Online] Available:

http://csrc.nist.gov/publications/drafts/-800-145/Draft-SP-800-145_cloud-definition.pdf

[5] H Li, Y Dai, L Tian, and H Yang, “Identity-based authentication

for cloud computing,” in Proceedings of the 1st International

Conference on Cloud Computing, ser CloudCom ’09 Berlin,

Heidelberg: Springer-Verlag, 2009, pp 157–166

[6] J Horwitz and B Lynn, “Toward hierarchical identity-based

encryption,” in Proceedings of the International Conference on the

Theory and Applications of Cryptographic Techniques: Advances

in Cryptology, ser EUROCRYPT ’02 London, UK, UK:

Springer-Verlag, 2002, pp 466–481

[7] C Gentry and A Silverberg, “Hierarchical id-based

cryptography,” in Advances in Cryptology—ASIACRYPT 2002, ser

Lecture Notes in Computer Science, Y Zheng, Ed Springer Berlin

/ Heidelberg, 2002, vol 2501, pp 149–155

[8] L Yan, C Rong, and G Zhao, “Strengthen cloud computing

security with federal identity management using hierarchical

identity-based cryptography,” in Proceedings of the 1st

International Conference on Cloud Computing, ser CloudCom ’09

Berlin, Heidelberg: Springer-Verlag, 2009, pp 167–177

[9] “The Transport Layer Security (TLS) Protocol,” Internet

Engineering Task Force (IETF) Std., Aug 2008 [Online]

Available: http://datatracker.ietf.org/doc/rfc5246/

[10] B P Bruegge, D Huhnlein, and J Schwenk “Tls-federation-a

secure and relying-party-friendly approach for federated identity

management” [Online] Available:

http://www.etu-klubi.fi/vrk/-

fineid/files.nsf/files/D46A1A54A5392E0EC22573E90046506B/-file/TLSFederationfinal.pdf

[11] (2009, October) Security assertion markup language (saml) v2.0 Organization for the Advancement of Structured Information Standards (OASIS) [Online] Available: http://docs.oasis-open.org/security/saml/v2.0/saml-2.0-os.zip

[12] (2009, December) Security guidance for critical areas of focus in cloud computing v2.1 Cloud Security Alliance [Online] Available: https://cloudsecurityalliance.org/csaguide.pdf

[13] S Ramgovind, M Eloff, and E Smith, “The management of

security in cloud computing,” in Information Security for South Africa (ISSA), 2010, Aug 2010, pp 1 –7

[14] D Boneh and M Franklin, “Identity-based encryption from the

weil pairing,” SIAM J Comput., vol 32, pp 586–615, March 2003.