See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/283720774

A Two Level-Security Model for Cloud Computing based on the Biometric

Features and Multi-Level Encryption

Conference Paper · February 2015

CITATIONS READS

2 101

2 authors:

Nilofar Mansourzadeh Mohammad V. Malakooti

Carleton University Islamic Azad University - Dubai Branch
4 PUBLICATIONS 5 CITATIONS 28 PUBLICATIONS 88 CITATIONS

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Malakooti Orthogonal Transform(MOT) View project

RGB Digital Image Forgery Detection with Using Singular Value Decomposition and One Dimensional Cellular Automata View project

All content following this page was uploaded by Nilofar Mansourzadeh on 12 November 2015.

The user has requested enhancement of the downloaded file.

The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015

A Two Level-Security Model for Cloud Computing based

on the Biometric Features and Multi-Level Encryption
Dr. Mohammad V. Malakooti Nilofar Mansourzadeh
Faculty and Head of Department of Computer Student of Department of Computer Engineering
Engineering Islamic Azad University, UAE branch, Islamic Azad University, UAE branch, Dubai, UAE
Dubai, UAE n_mansourzadeh@yahoo.com
malakooti@iau.ae

ABSTRACT I. INTRODUCTION

Cloud computing is a well-known subject in IT Since customers of cloud computing transfer their
system and is based on network and computer utilities. applications and data to the cloud environment, it
Cloud computing is the main source of storage is essentially important that the security level
facilities for small, medium and large companies in provided in the cloud be same as traditional IT
recent years. Since, many customers look for cloud environment or even better than before. Lack of
computing facilities and services, thus the security of
information must be guaranteed to give a full
security and protection for cloud environment
confidence for that customer who has trusted to use would cause unauthorized network access by an
these facilities and ready to store their valuable outside hacker in which effects company
information on the cloud computing and distributed productivity and impede the capability to
networks. The fundamental problem in cloud compete.
computing is the security of the stored data.[1]
In cloud computing, security controls are the
This paper describes the process of storing the images same as those traditional IT environments.
and scanned documents over the cloud by using our Although in cloud computing several
proposed security model which is based on the organizational division of responsibilities as well
biometric features and multilevel encryption. On the as technologies are used to enable the cloud
other hand, it will discuss about cloud computing services but cloud environment might encounters
environment, issues and concerns regarding to
various kinds of risk to a company than
security, authentication by using biometric features,
and new security algorithms and models. The traditional IT solutions. One of the important
Security algorithms, which are used in this paper, are parts in cloud computing is to understand the
consisting of the scrambling algorithm and two level level of risk tolerance and concentrate on
encryption methods. In addition, we have proposed alleviating the risks, which the company cannot
two different scenarios that improve the DEPSKY neglect this issue.
model. We have recommended a two-level security
model based on encryption and biometric
Biometrics is the knowledge of setting the identity of authentication. Our paper is formed as following:
an individual related to the inherent physical or In section II we talk about cloud computing
attitude characteristics connected with the person. The service models and their security concerns. In
relationship between the perceived authentication section III we discuss about cloud computing
content and perceived content of biometric features is
security considerations. In section IV we
studied. The process of developing the algorithms and
the model is documented in the proposed section. concentrate on the biometric authentication. In
section V the proposed model is illustrated. In
Keywords: cloud computing, data security, data section VI, the conclusion results are given and
integrity, availability, depsky model, Bioemtric ,SVD future works is presented [9].

ISBN: 978-1-941968-05-5 ©2015 SDIWC 100

The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015

II. CLOUD COMPUTING SERVICE 2) CRM in SalesForce, NetSuite, or Oracle on

MODELS AND THEIR SECURITY demand
CONCERNS
3) HR in Taleo, Workday, SAP, or SalesForce
In this section, three cloud service models and
their security concerns are illustrated: 4) Backup and Recovery in Dell DataSafe,
online backup, or EMC Mozy
1) Infrastructure as a Service (IaaS):
Data confidentiality, data integrity and data
Organizations shift their physical infrastructure to availability of cloud computing are three most
the cloud environment and level of control is the important service models that need be considered.
same as what they need in a traditional
datacenter. IaaS supplies the highest similarity to 1) Data Confidentiality:
the internal datacenter in contrast with other
services models. Although data confidentiality is an aspect to
The basic datacenter infrastructure includes cloud avoid the exposure of information to attacker of
management, network, compute and storage as systems, it is difficult to assure in a cloud
well to maintain and monitor the infrastructure. In environment. There are two groups of
fact, the IaaS market has a reasonably low confidentiality, private cloud confidentiality and
obstacle of entry, but it may need significant public cloud confidentiality. In public cloud the
financial investment to make it feasible and create confidentiality includes access control by using
the reliable structure, which provides enough authentication and authorization and second
support for the cloud infrastructure. model is based on the encryption.

2) Platform as a Service (PaaS): 2) Data Integrity:

Platform as a service is a cloud service, which Data integrity is the guarantee that the
prepare users with a configurable application information is valid and complete. Although data
platform containing a pre-installed software integrity contains the atomicity, consistency,
group. PaaS may be considered as an abstraction isolation and durability, in cloud computing
layer of hardware, operating system and technology three more standards are added to
virtualization. It decreases convolution of ensure the integrity such as Data Integrity Field
infrastructure and application preservation and let (DIF), SNIA and Cloud Data Management
us focusing on core of the software development Interface (CDMI).
qualification.
3) Data Availability:
3) Software as a Service (SaaS):
Availability means that all requested data and
This cloud service model suggests a requested information by user be ready and an accessible so
online software subscription. According to SaaS that all machines have to deliver, store and
offers, the internal IT support costs and the process information when the customer need
expense of the transfer preservation responsibility them. Cloud service providers’ use a reliable back
in companies are decreased due to usage of low up system to save and store the user data, a
cost cloud facilities and inexpensive array of caching proxy server to provide data availability
storage devices. and then switch over from the online-server to the
Some of the SaaS services are as following: hot-standby server. The capability to quickly run
two same samples of the application on the same
1) Security in Cisco, McAfee, or AppRiver cloud, or in various data centers, supply the final
approach to high availability. [9,10]

ISBN: 978-1-941968-05-5 ©2015 SDIWC 101

The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015

III. CLOUD COMPUTING SECURITY suitable protection structure according to

CONSIDERATIONS: security requirements of different data
forms. Companies must certify that their
Public cloud providers mostly have multi data specific data security requirements can be
storage systems placed in different data centers, considered by the cloud service before
which may be in different countries. Therefore, transferring that data to cloud computing
the customer doesn’t know the location of his environment.
data and even doesn’t have any control on that.
So there are some data security concerns as 4) Data Encryption and Cryptographic key
following: Management:

1) Data Acquisition: In a public cloud environment, multiple

users’ data are stored and that’s why a
The user will finally specify how and public cloud is an appealing purpose for
when the data is obtained in the cloud- attackers. Therefore, powerful data-level
computing environment. Peer-to-Peer encryption must be performed on all
operations and data stream should be sensitive data stored in a public cloud. It is
recorded through user and cloud provider presented that cryptographic key applied
networks as well, hence it is completely to encrypt/decrypt sensitive data be kept
understood the location of data and how it and controlled independently from the
is passing the infrastructure. So the user cloud service where the data is placed.
and cloud service provider can recognize [11]
the location that each entity gains and
leaves data all over the process. IV. BIOMETRIC AUTHENTICATION

2) Data Storage and Durability: By raising concerns regarding to security and fast
progress in networking, communication and
In addition to the known domain of mobility the necessity for reliable user
predestination storage places data could authentication methods has enhanced. Biometric,
be existed on cloud service provider used explained as a science of identifying an individual
for keeping of the cloud infrastructure, based on his or her physical or behavioral
like VM images, backups and monitoring features, is starting to reach admission as a legal
logs. For recovery and high availability method for specifying an individual personality.
goals, data stored in memory may be A list of some common biometric attributes is
written on disk as well. This kind of data illustrated as following:
could quickly be forgotten and not
secured by data security controls. All 1) Face:
possible obtained points must be
recognized and controlled as essential to Face identification is not a new method,
avoid unintended or unsecured storage or and facial features are likely the most
transition of sensitive data. popular biometric attributes used by
human to distinguish one another. The
3) Data Classification: most common approaches to face
identification are based on, (1) the
Data grouping and the control of data location and shape of facial features, like
based on its group will different from eyes, eyebrows, nose, lips and chin and
company to company. A certain data- the special relationships, or (2) the total
classification system can help companies analysis of the face image, which displays
to recognize sensitive and secret data. face as a serious composition of a number
This permits companies to allocate of standard faces.

ISBN: 978-1-941968-05-5 ©2015 SDIWC 102

The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015

2) Fingerprint: V. PROPOSED MMMISM MODEL

For many decades human have applied In this paper we focus on two level of cloud
fingerprints for personal recognition. A computing security and we just applied our
fingerprint is the combination of edges algorithms on image but it is possible to use it in
and valleys on the external of a finger other types of information like voice, text,
whose formation is defined during the multimedia and even movie.
first seven months of fetal growth. The
precision of the present available
fingerprint identification systems is Mid-level of security:
sufficient for authentication systems in
multiple applications, especially forensics. First of all we have chosen four images and
Multiple fingerprints of a person prepare merged them to obtain a group image to be able
extra information to permit for much to implement our model on the group image and
recognition containing millions of compare its result with the DEPSKY model.[8]
personality. When the group image is formed, then three
levels of securities are applied to obtain a highly
3) Human geometry: secure stored image on the cloud as following
[13]:
Hand geometry identification systems
contain a number of evaluations obtained 1) Layer One of Securities: In the first layer of
from the human hand such as shape, size security we have applied our scrambling
of palm, and the lengths and widths of the algorithm on the group image.
fingers. External factors like dry weather
or individual anomalies like dry skin do 2) Layer Two of Securities: Once the group
not emerge to adversely modify the image is scrambled we have applied the
verification precision of hand geometry
XOR operations on the elements of the
systems.
Scrambled Group Image (SGI) with the
4) Iris: elements of Malakooti Transform (MT)
Algorithm used as the General Key (GK)
The complicated iris contexture conveys Matrix, to implement additional security
very specific information helpful for on the stored images.
human identification. The precision and
speed of present expanded iris 3) Layer Three of Securities: In the third
identification systems is promising and level, we have applied more complex
help the possibility of recognition on iris algorithm, based on the combination of,
information systems. Malakooti Randomized Key Generator
(MKG), and Malakooti Polynomial
5) Voice: Algorithm (MPA), to generate four
Individual keys(IK) required for the third
Voice is a compound of physical and
behavioral biometric features. The level of securities.
physical characteristics of a human’s
voice are based on the size and shape of
appendages, which are used in
combination of the sound. The behavioral
perspective of the speech modifies over
time because of age, medical conditions or
emotional state. [12]

ISBN: 978-1-941968-05-5 ©2015 SDIWC 103

The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015

continued until all elements of the upper diagonal

and lower diagonal are moved into the end of
temporary array.
Once all elements of image matrix(R, G, B) are
moved into the corresponding temporary array
then these elements will move back into
corresponding scrambled image matrix(R, G, B).
These three matrices will be combined to form
the RGB color space scrambled image, as shown
Fig. 1- Merging the four different images into one image in Figure 3.
In the figure below you can see the 8*8 pixel
matrices of original image.

Fig. 3- Scrambled group image

Following figure illustrates the pixels of

scrambled image:

Fig. 2- 8*8 sample pixels of original grouped image

Scramble Algorithm:

Our proposed scrambling algorithm is designed

and implemented on the square images with the
image size M, where M is power of two, M=2 N .
This algorithm can be applied on any type of non-
square images with the different image sizes. Fig. 4- 8*8 pixels of scrambled image
In this algorithm the color RGB images will be
converted into three matrices of Red, Green, and
Blue. The algorithm then applied on each matrix V.A- Generation of the General Key matrix
and then the scrambled matrices will be combined
to form the scrambled image. The algorithm We have generated the elements of the GK matrix
works as follows: and applied the XOR operation on the elements
First the elements of main diagonal in each image of the scrambled group image with the elements
matrix will be move into its corresponding of the GK matrix as following:
temporary array. Then, the elements of the upper
diagonal and lower diagonal will be moved to the
end of temporary array. This operation will be

ISBN: 978-1-941968-05-5 ©2015 SDIWC 104

The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015

Generate Malakooti Transform matrix: V.B- Generation of the Individual Key

1) Enter two integer numbers, a and b, i.e., a=1, We have divided the scrambled and encrypted
b=2. group imaged into four sub-images, the same size
as the original individual images. We also
2) Let M0=1 (5-1) generated four individual keys to be applied on
the scrambled and encrypted sub- images
3) M[0,0]=M0 (5-2) as following:

1) Generate the MT: The generation of

a Mk-1 ab Mk-1 Malakooti Transform is the same as IV.A
but with different values as before,
4) Mk= -ab Mk-1 a Mk-1 (5-3) a=1,b=1.

5) Apply XOR operations on the elements SGI 2) Generate the Malakooti Randomized keys
and GK Matrices (MRK).
EncImg[i, j]= ImgSc[i, j] XOR M [i, j] (5-4)
A. Enter two large prime numbers to start
the key gen algorithm.

B. Enter the block size to stop the key gen

algorithm.

Fig. 5 - Encrypted image applying XOR on SGI and GK

matrices

Figure 6 shows the 8*8 pixels of first step

encryption

Fig. 7- Generation of Randomized Keys

3) Generate the polynomial Weight Functions:

W=[1 X X2 X3] (5-5)
4) Generate the Malakooti Polynomial
Coefficients, P:
Pi=MiWt (5-6)

5) Generate Four Individual Keys:

IK (1) = A1,1P1(x) + A1,2P2(x) + A1,3P3(x) +
A1,4P4(x)
IK (2) = A2,1P1(x) + A2,2P2(x) + A2,3P3(x) +
A2,4P4(x)
Fig. 6 – 8*8 pixels of first step encryption

ISBN: 978-1-941968-05-5 ©2015 SDIWC 105

The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015

IK (3) = A3,1P1(x) + A3,2P2(x) + A3,3P3(x) + Here is the 8*8 matrices of RED, GREEN and
A3,4P4(x) BLUE pixels before and after the encryption and
IK (4) = A4,1P1(x) + A4,2P2(x) + A4,3P3(x) + it shows that all pixels are same and the error
A4,4P4(x) (5-7) equals to 0.

Where A i,j are the elements of the MRK and Pi Before the encryption:
are the elements of Malakooti Polynomial
coefficients.
We finally apply the XOR operations the
elements of each scrambled and encrypted sub-
image with its corresponding individual key to
implement the third level of security on the
images that are going to be stored on the cloud
environment.

Fig. 8- encrypted image by 4 different keys Fig. 10- 8*8 pixels of grouped image

Figure 9 indicates the 8*8 pixels of second step After the decryption:
encryption as following:

Fig. 11- 8*8 pixels of decrypted image

As it shows in the matrices all pixels have

remained same after decryption the image.

We can apply our algorithms on two different

scenarios:
Fig. 9- 8*8 pixels of second step encryption

ISBN: 978-1-941968-05-5 ©2015 SDIWC 106

The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015

Scenario 1: the type of the stored data, where A,B,C, and D

are representative of 4-sub images.
In this scenario the group image is scrambled and
encrypted based on our proposed algorithm as
already explained. Thus, the scrambled and
encrypted image will be divided into four sections
and each section will be XOR with its
corresponding individual key. Once, the
individual keys are applied on the corresponding
sub-images they will be combined to form one
image that will be stored into four different cloud
environments for the sake of security, data
availability and accessibly.

Fig. 13- Divide the image and distribute the parts into
Four cloud providers

In the scenario-2, Figure 13, if the cloud

provider’s number 2 and 3 have failed
simultaneously or are inaccessible then we will
lose 50% of our image information. To solve this
problem we have stored image parts BC and AD
into two other cloud providers, totally six cloud
providers to provide the high degree of security,
availability, and accessibility.

Fig. 12- Store the scrambled and encrypted image into

four different cloud providers

In this scenario we have four copies of coded and

stored image and can retrieve the original image
just from any cloud provider. The cost of storing
four copies of coded image would be high but the
security is very high too.

Scenario 2:

The first two steps of this scenario are the same

as scenario 1. Once, the group image is scrambled
and encrypted then it will be divided into four
part and each parts will be XOR with the
individual keys. After the individual keys are
applied on the corresponding sub-images the four
coded images will not be combined but the
combination two parts will be stored into four
Fig. 14- Divide the image and distribute the parts into six
cloud providers(AD,BC,CB,DA) or six cloud cloud providers
providers(AD,BC,CB,DA,BC,AD) depend upon

ISBN: 978-1-941968-05-5 ©2015 SDIWC 107

The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015

Fig. 15- The steps of the Eigen values calculation

High-level of security: U: left singular vectors

In this case before applying scrambling and V: right singular vectors

encryption algorithms on the image, the face of
user should be captured as a biometric
authentication factor. After that we apply SVD on
image to gain the Eigen Values, which are the
main and important features of user face image.
Whenever one user wants to retrieve the stored
images, the first and foremost level is to capture
the face and calculate the Eigen Values from the
SVD function. After that the Eigen Values will be
compared with the Eigen Values of the face (5-10)
images inside the database and the decrypted
images will be returned to the users that their δ = √λ (5-11)
related user Eigen Values has less amount of
error. Vi= Yi / ||Yi || (5-12)
To compare the Eigen Values easily it would be
more effective to store them in vectors. U= R V Ʃ -1 (5-13)

Generate the Eigen Values: FV=[δ1, δ2, …, MEAN] (5-14)

|[R- λI]|=0 Eigen values = λ1, λ2, …, λn (5-8) Generate the Error:

R- λI =0 Eigen vector= Y1, Y2, …, Yn (5-9) ERROR=√((Σ(FV1[i]-FV2[i])2/N ) (5-15)

Where N=Number of Eigenvalues
SVDR= U Ʃ Vt
In the following we present the practical result:

ISBN: 978-1-941968-05-5 ©2015 SDIWC 108

The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015

S=

Fig. 16- Figure of user

Figure 16 shows the picture of user who wants to VT =

store his data in the cloud. In the next step the
pixels of picture should be extracted for applying
SVD on them. In the following we consider only
RED pixels as an example.

Input Matrix=

The elements on main diagonal of S matrix are

Eigen Values, which must be saved in a vector
(FV1). In addition to this the average of these
elements will be calculated.

Now in the third step the SVD function should be

applied:

U=

Fig. 17- Figure of user in different status

Figure 17 indicates the same user in different

status, therefore for retrieving the data again the
SVD must be applied and Eigen Values
calculated. After that these Eigen Values and
their average will be placed in one vector (FV2).

ISBN: 978-1-941968-05-5 ©2015 SDIWC 109

The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015

Eventually two vectors including Eigen Values

and averages should be compared. If Error is less VT =
than the defined value the image could be
retrieved.

Input Matrix=

VI. CONCLUSIONS AND FUTURE WORK

Although cloud computing has improved the

issues of data storage and availability but there
are security issues to solve.
Obviously, while the data is stored on the clouds,
U= users of cloud have no any control on that. In
addition to this, data privacy and secrecy are
problems of cloud computing storage as well and
should be solved with accurate algorithms.
We have a Security Model for cloud computing
that includes two level of security, Mid-level and
High-level of security.
In the Mid-level of security we improve security
of image by using scrambling and encryption
algorithm as well. Moreover, distribute the data
into different cloud provider and for providing
data availability we use six cloud providers
instead of four cloud providers. Therefore, we can
improve Depsky model and increase the security
S= and data availability of data.
The most important thing in our encryption
algorithm is to generate the random keys so the
attacker is not able to access the original image.
In the next step we use unique features of each
user as known biometric features. This step can
be used in two categories.
1) Each user who wants to send his/her image in
the cloud should capture face and send the image
of his/her face as well. So the unique
characteristics will be saved in the database and
only the authorized user can access the image.
2) In the private cloud of each company, manager
can save all files and gather them into one place
but the important thing is that each employee can
access the own file and is not able to see all
information. For this purpose manager should be

ISBN: 978-1-941968-05-5 ©2015 SDIWC 110

The Proceedings of the International Conference on Digital Information Processing, Data Mining, and Wireless Communications, Dubai, UAE, 2015

able to have all employee face feature for apply [5]D.Yuefa, Wu Bo, G.Yaqiang, Z.Quan, Tang
suitable privacy in company. Chaojing, , “Data Security Model for Cloud
The main goal in any research is to improve the Computing”, Proceeding of IWISA 2009, Nov.
different area of the special topic. In these days 2009, P.141-144,Qingdao, China.
security problems are very vital to solved and any
user prefer to store his data on secure place. [6] K. Govinda, Y.Ngabirano, , “ Secure Data
The mentioned algorithms especially biometric Storage in Cloud Computing Using Biometric”,
features could be use in other critical area such as IJARCSSE, Vol. 2, Issue 5, May 2012,P. 11-16.
ATM. For example, for more security in addition
to face detection we can use Iris, fingerprint or [7] M.Marwaha, R.Bedi, “Applying Encryption
even voice detection in ATM machines, and Algorithm for Data Security and Privacy in Cloud
apply different level of security policy on that. Computing”, IJCSI International Journal of
In this research we use the mentioned equation Computer Science Issues, Vol. 10, Issue 1, No 1,
for error calculation but it would be a good idea P. 367-370, January 2013.
to consider the equation, which is based on each [8] A.Bessani, M.Correia, B.Quaresma F.Andr´e
user feature and according to each user the Paulo Sousa, “DEPSKY: Dependable and Secure
threshold is different. Storage in a Cloud-of-Clouds”, University of
Lisbon, Faculty of Sciences, Portugal.

REFRENCES [9] E.Gorelik, “Cloud Computing Models “,

Massachusetts Institute of Technology, January
[1]N.Jain, G.Kaur, “Implementing DES 2013.
Algorithm in Cloud for Data Security”, VSRD-
IJCSIT, Vol. 2, 2012. [10] S. Ajoudanian, M. R. Ahmadi, “A Novel
Data Security Model for Cloud Computing”,
[2] K.S.Suresh, K.V.Prasad, “Security Issues and IACSIT International Journal of Engineering and
Security Algorithms in Cloud Computing”, Technology, Vol. 4, No. 3, June 2012.
International Journal of Advanced Research in
Computer Science and Software Engineering, [11] Cloud Special Interest Group & PCI
Vol. 2, Issue 10, 2012. Security Standards Council, “PCI DSS Cloud
Computing Guidelines”, February 2013.
[3]M.Kaur, M.Mahajan,” Implementing various
encryption algorithms to enhance the data [12] A.Ross, A.K. Jain, “Human Recognition
security of cloud in cloud computing”, VSRD Using Biometrics, Appeared in Annals of
International Journal of Computer Science & Telecommunications, Vol. 62, No. 1/2, pp. 11-35,
Information Technology, Vol. 2 No. 10, October Jan/Feb 2007.
2012.
[13] M.V. Malakooti, N.Mansourzdeh , “A
[4]P.Kalpana, S.Singaraju, “Data Security in Robust Information Security Model for Cloud
Cloud Computing using RSA Algorithm”, Computing based on the Scrambling Algorithm
International Journal of Research in Computer and Multilevel Encryption”, ICCTIM, 2104,
and Communication technology, IJRCCT, ISSN Dubai, UAE, pp.413-416
2278-5841, Vol 1, Issue 4, September 2012.

ISBN: 978-1-941968-05-5 ©2015 SDIWC 111

View publication stats