ISSN (Print) : 0974-6846

Indian Journal of Science and Technology, Vol 9(48), DOI: 10.17485/ijst/2016/v9i48/89496, December 2016 ISSN (Online) : 0974-5645

Secure File Sharing Mechanism and Key

Management for Mobile Cloud
Computing Environment
I. Indu, P. M. Rubesh Anand* and Shaicy P. Shaji
Department of Electronics and Communication Engineering, Hindustan University, Chennai - 603103,
Tamil Nadu, India; [email protected], [email protected], [email protected]

Abstract
Objectives: The use of the mobile devices in cloud computing environment is susceptible to various kinds of attacks like,
unauthorized access, account/service hijacking, data breach and malicious insider. These vulnerabilities make the cloud
environment unsafe to share and store data for mobile users. Methods/Analysis: In this paper, we propose a secure file
storing and retrieving mechanism to avoid the limitations in existing systems like, file encryption, access rights and key
management. Asymmetric key cryptography is utilized to protect the data and retrieval of the data with minimal access
rights. Findings: Privacy of the mobile users are protected from the malicious insiders along with the preservation of
confidentiality and integrity of the files being accessed. The comparative analysis of different public key infrastructure
algorithms utilizing the proposed methodology for key computation, encryption, decryption and resource utilization shows
the performance of each algorithm for different file sizes. Application/Improvement: The proposed system provides user
access management, key management, encryption and decryption of files through trusted third party to make the data
secured in mobile cloud environment.

Keywords: Access Control, Asymmetric Key Cryptography, Cloud Computing, Confidentiality, Data Security, Integrity

1. Introduction cloud system provided by different vendors exhibits the

heterogeneity with respect to performance and pricing.
Cloud storage systems have been the source of attraction The design techniques are varied to achieve competitive
for the online users so as to have easy access anywhere results in terms of efficient service, reduced cost, secured
and anytime. Many online service providers have thrived data storage. The overall benefits of the cloud system are
to serve the individual users, industrialists as well as the easy sharing, syncing, off-site data storage, better remote
business people to have their data on cloud with reliability accessibility, reduction of internal IT costs, reduced
and security. The numbers of mobile users who need to requirement of resources and online data collaboration.
use the resources or services on the go with the help of Mobile Cloud Computing (MCC) is the combined
their mobile devices from cloud based systems are rapidly approach of the technologies namely, cloud computing,
increasing. The process of utilizing the cloud resources mobile computing, and wireless networks for sharing
for storage and transition of data by mobile users is a resources to mobile users. The MCC is used to bring
challenging task1–5. The cloud environment provided by rich computational resources to mobile networks and
the online service providers can be in the type of public, differentiates from the mobile computing by using the
private or hybrid cloud. The cloud user selects the type of cloud based web apps rather than the native apps. In
cloud environment based on the users’ decision to privacy MCC, mobile devices are used to view the data files as
or exposure policy. Many IT giants are using the cloud the storage of data and processing of data is done in the
services to reduce the on-premises cost which is greater cloud infrastructure instead of the mobile device itself.
than they provide for the online service providers6. The The mobile thin native client devices in cloud computing

* Author for correspondence

 Secure File Sharing Mechanism and Key Management for Mobile Cloud Computing Environment

environment are accessed over the wireless connection. • Network Related Issues
The mobile applications accessed from the thin client In MCC, the mobile user side processing like, connection
devices often move the storage and processing of data with the internet provider and cloud server is performed
into the powerful and centralized cloud computing on the wireless network provider side.Apart from the
infrastructure. Moreover, mobile app storage constraint connection issues, the network related problems like,
is eliminated as data is stored in cloud rather than the latency, signal strength and heterogeneity also affects the
mobile devices. As the data is stored or synced in the mobile users in accessing cloud services12.
cloud storage, the chance of data lost is reduced on the
mobile devices which indeed improve the reliability and • Security
availability of data while the users are on move. MCC Though the mobile devices in the cloud computing
supports multi-tenancy and ease of integration of multiple environment has the functionalities similar to the desktop
services provided by different cloud service providers. computers, the issues related to security and privacy are
Cloud based applications are predicted to account for 90% more prone to the mobile devices. As the threat detection
of total mobile data traffic by 2019. Mobile cloud traffic is services are performed on the cloud, the other security
predicted by CISCO7 to grow 11-fold from 2014 to 2019, issues related to mobile devices poses great challenges.
attaining a compound annual growth rate (CAGR) of MCC security issues are categorized as security for mobile
60%. users and securing data on clouds. Mobile user security
The mobile cloud system reduces the need to send each involves the device security and privacy of mobile user.
file every time to different recipients; instead an access Securing the data on the cloud involves the cryptographic
link is sent which indeed reduces the bandwidth usage. suite, confidentiality and integrity13–17.
The annual costs for an organization are reduced largely
without the need for employing manpower and resources • Availability
due to the usage of MCC. Though there are many merits Availability of the cloud means which services are to
in using the cloud system, the pitfalls of MCC is that be able to access remotely. In simple terms, availability
the user is charged heavily for every byte of data storage refers that complete resources are accessible and usable
when the limit of certain capacity is crossed andstorage at all time by authorized persons. It is the most critical
of information in the cloud is vulnerable to external hack security requirements in mobile cloud computing. The
attacks and threats.In order to overcome the issues related main advantage of availability for cloud systems is to
to cloud storage, multi-cloud data storage has become a ensure the users use them at any time and at any place.
key area to explore upon the solutions for the above said The important features of availability include, continuity,
problems8–10. quality, incident management, functionality, and
The MCC has several issues such as limited resources, security18,19. Continuity means it ensures that the services
network related issues, security, availability and privacy. are available without any interruptions. The Quality of
services means it confirms the access time, a number of
• Limited Resources supported users, and amount of data processed. System
The mobile devices which make use of the cloud computing availability is the ability to continue operations even in
environment have limited resources for utilization. the possibility of any security breach, traffic congestion,
The limited resources include the limited computation network failures and out-of-signal20,21.
power, low quality display and limited battery power.
The bandwidth of the network is the big constraint due • Privacy
to the scarcity of frequencies compared to the traditional The trust of the mobile users in MCC platform is
wired network.Computation offloading is considered to established by preserving the user privacy information
be one of the main features of MCC which deals with like, location of the mobile device and protecting data
the transfer of computation parts of the application to or application secrecy from adversaries. Location Based
cloud infrastructure. It is critical to determine whether to Services (LBS) and Global Positioning System (GPS) are
offload the work or not and to decide on the portions of responsible for the privacy issues on mobile users which
the service codes to offload11.

2 Vol 9 (48) | December 2016 | www.indjst.org Indian Journal of Science and Technology
 I. Indu, P. M. Rubesh Anand and Shaicy P. Shaji

provide private information such as the current location are data owner, data users, trusted third party system and
and history of locations of the mobile user. This problem cloud storage. The Trusted Third Party (TTP) system also
is worse when any user’s information like, travel plan, acts as the cryptographic server and key management
business schedules and length of stay at a particular system. TTP has multiple responsibilities such as, owner
location is known to an adversary22–25. management, user management, encryption, decryption
The paper proposes an efficient and secure file sharing and access control. TTP is the centralized authority for
mechanism through Trusted Third Party (TTP) system any file access related activities by the users from the
which is responsible for key management and user cloud storage. Data owner has the full control over the
access management. The privacy of the mobile user is file it owns and no other user is allowed to modify the
preserved by TTP while accessing the cloud data storage. file. The owner or TTP controls the users at any point of
The security of the data stored and accessing rights are time. The data owner registers as an owner in the TTP
determined by the proposed methodology in order to system for the file upload. Once owner registration is
overcome the setbacks of the existing symmetric key successfully completed, the TTP system generates private
cryptography26–28. key and public key for the file that the owner uploads.
The rest of the paper is organized in five sections. The uploaded file is then encrypted by TTP system using
The earlier works associated with cloud storage systems private key and the encrypted file is uploaded it to the
are discussed and the methodologies used to overcome cloud storage system.
the problems are presented in Section 2. The descriptive
details of the proposed data hosting technique are given 2.1 Key Generation and Encryption
in the Section 3. The experimental results based on the Initially, data owner has to register in trusted third party
simulation and their comparative analyses are provided system for keeping the files in cloud environment. Data
in Section 4. Lastly, Section 5 summarizes and gives the owners create the login credentials for uploading files and
conclusion to the work. those credentials are also used to upload the user lists
and their permissions. After receiving a particular file
2. Materials and Methods (F) from the data owner, the TTP generates keys by using
asymmetric key encryption. Asymmetric key generation
In mobile cloud computing infrastructure, a secure file is not discussed in this paper and it is assumed that any
sharing mechanism utilizing public key cryptography standard asymmetric key generation algorithm (APKI) is
is proposed for cloud data storage and retrieval. The utilized for this purpose. The flow diagram of the data
proposed file sharing methodology consists of four entities owner submitting a file to the cloud repository through
as shown in Figure 1. The entities in the proposed system TTP is shown in Figure 2.

Figure 1. Block diagram of the proposed file sharing methodology.

Vol 9 (48) | December 2016 | www.indjst.org Indian Journal of Science and Technology 3
 Secure File Sharing Mechanism and Key Management for Mobile Cloud Computing Environment

Figure 2. Flow diagram of the data owner process in the proposed method.

In public-private key pair, the private key (Kpr)

generated by TTP during the asymmetric key generation
is used for encryption of the file. The public key (Kpu) is
divided into two halves or parts by the TTP and is used
as a whole for decryption of the uploaded file. One half or
part of the public key is transmitted to the data owner (Ko)
and the other half or part is kept by TTP (KTTP) itself. The
TTP system which acts as a cryptographic server deletes
the private key through secure overwriting of one half of
the public keyover it after the file is uploaded in the cloud
system. The encrypted file (Fen) is then sending to the
cloud repository for storage. Table 1 shows the notations
and its definitions used in the proposed methodology.
Table 1. Notations and definitions used in the
proposed model 2.2 Decryption of File
Notations Definitions The data owner provides user list/access permission
F Data file list (UAPL), user specific security questions and answers,
Klength Key length number of file access permission to the TTP server.
APKI Public Key Infrastructure Algorithm The data owner invites all the users given in the access
Kpr Private key control list with the link to the TTP and half or part of
Kpu Public key owner’s public key for self-registration. When a user
KTTP TTP’s part of Public Key wants to access the uploaded file in the cloud, the user
Ko Owner’s part of Public Key initially registers with the TTP. Once user registration
Fen Encrypted file is completed, the user gets login credentials from the
Khalf Value of half of the key length TTP. After successful authentication between TTP
FID File Identification
and requesting user, the user request any particular file
Ulist User list
through File Identification (FID) along with the part of the
UAPL User Access Permission List

4 Vol 9 (48) | December 2016 | www.indjst.org Indian Journal of Science and Technology
 I. Indu, P. M. Rubesh Anand and Shaicy P. Shaji

Figure 3. Flow diagram of the data user process in the proposed method.

public key provided to it by the data owner. TTP validates List (APL) and sends the updated APL to TTP. The TTP
the user access permission for that particular requested after verifying the credentials of the data owner updates
file. The TTP regenerates the public key by combining its the APL by securely overwriting the access control list
own half or part of the public key and the received half for the particular data owner’s file. Concurrently, the data
or part of the public key from the user. In the meanwhile, owner provides the half of owner’s public key and link for
the TTP downloads the requested file in the encrypted accessing the file through TTP to the newly joined user.
form from the cloud data storage. The downloaded file The authenticated user who wishes to modify and upload
is then decrypted using the regenerated public key. The the accessed file needs to become the data owner or high
decrypted data file is sent back to the corresponding user privileged user of that modified file. The user who needs
from TTP as shown in Figure 3. to modify the file registers as owner in TTP and upload
the modified file in the cloud as another name through
TTP. For each file stored in the cloud, one user in the
group is data owner others are data accessing users.

2.4 Implementation Details

The proposed mechanism is implemented in cloud
environment with the help of JAVA technology. As a part
of the implementation, self-registration User Interface
(UI) for file owners is developed. In the UI, a file owner
registers in the Trusted Third Party (TTP) system and
setup the credentials. After the successful registration,
the owner is able to setup user lists, user details and
their access permissions in TTP through UI. A feature is
developed in TTP to perform the setup as a bulk upload as
well as individual user creation. Once the users are added
2.3 File Access and Data Owner to TTP, they get an invite from the TTP/Owner. The TTP
When a new user wishes to access the file, it sends joining
logon credentials are setup by following the instructions
request message to the data owner. The data owner adds the
in the invite that is send to the user. TTP uses the proposed
details of the newly arrived user in the Access Permission

Vol 9 (48) | December 2016 | www.indjst.org Indian Journal of Science and Technology 5
 Secure File Sharing Mechanism and Key Management for Mobile Cloud Computing Environment

asymmetric key encryption method for securing the generation time alone.
files in cloud environment. In the implementation of The time consumption for key computation is
the proposed mechanism, RSA algorithm is used for expressed in milliseconds and the comparison shows
key generation and encryption. TTP uses one of the that RSA performs better than other key generation
key (private key) for encryption of the file and the key algorithms as shown in Figure 4. It is also observed that
is securely deleted (over write). The public key is split the key length of 512 bits, 768 bits, 1024 bits and 2048 bits
into two parts with the help of secret sharing algorithm. are computed faster than the other values like, 640 bits or
The TTP keeps half of the public key and the other half 896 bits. This is due to the factors like, selection of prime
shared to the owner. After sharing the owner’s portion of numbers, performing modular exponentiation and other
the public key, TTP securely deletes (over writes) it from computations for the bit length which are not exactly the
repository. The owner shares the public key portion to the powers of 2.
required users. The users access the TTP and request for a
particular file along with the corresponding key portion.
TTP validates the user permissions and reconstructs
the public key. TTP downloads the encrypted file from
the cloud storage and decrypt it with the reconstructed
public key. The decrypted file is shared to the requested
user. Once the process is completed, TTP deletes the
reconstructed public key and the decrypted file.
In Public Key Infrastructure (PKI), the commonly
used key generation algorithms for generating public key
and private key are Rivest, Shamir and Adleman (RSA),
Diffie-Hellman (DH) and Digital Signature Algorithm
(DSA). The proposed key management methodology
including key generation, encryption and decryption is Figure 4. Time consumption for different key sizes by key
tested in Intel i3 processor of 1.4 GHz with 4 GB of RAM. generation algorithms using the proposed methodology.
The performance of the different PKI algorithms like,
RSA, ElGamal and Paillier Algorithms29,30 are compared 3.2 Encryption and Decryption Process
for the process of encryption, decryption, CPU usage and Encryption and Decryption in cryptography mechanism
memory usage. are the vital elements for establishing security in cloud
computing environment. The encryption and decryption
process is performed in PKI through RSA, ElGamal
3. Results and Discussion and Paillier algorithms. The comparison of the PKI
algorithms in terms of time consumption during the
3.1 Key Computation Time Consumption
process of encryption and decryption when 10 KB file
The time consumption is the major factor for the key
is used highlights that RSA performs better as shown
generation. The optimized system design must ensure
in Figure 5. However, the RSA algorithm degrades in its
that the time needed for the key generation process is less.
performance during the encryption of large files in the
The Time consumption parameter is used in the proposed
order of hundreds of MB size. But ElGamal and Paillier
key computation scheme to analyse the different standard
are proved for its usage in encrypting large size files. The
PKI key generation algorithms such as, DSA, DH, RSA,
comparison of both ElGamal and Paillier exhibits their
ElGamal with DH and Paillier with DSA. As ElGamal
performance equally when the proposed methodology of
utilizes Diffie-Hellman for key generation process and
key management is utilized.
Paillier utilizes DSA for asymmetric key generation,
the comparison of all PKI algorithms is done for key

6 Vol 9 (48) | December 2016 | www.indjst.org Indian Journal of Science and Technology
 I. Indu, P. M. Rubesh Anand and Shaicy P. Shaji

Figure 5. Time consumption for encryption and

Figure 7. Memory usage by different PKI algorithms using
decryption process by key generation algorithms using the
the proposed methodology.
proposed methodology.

3.3 Resource Utilization 4. Conclusion

The proposed methodology of key management,
encryption and decryption of files which is performed Mobile cloud computing has become an inevitable part
by trusted third party is considered for the calculation of in the recent business and administrative environment.
resources utilizations. The parameters to calculate resource The proposed secure file sharing mechanism for accessing
utilization includes CPU usage, RAM or memory usage, cloud data storage ensures security and privacy for group
and power usage. The comparative results of the CPU user access. Trusted third party plays the main role in
usage and memory usage for different PKI algorithms protecting the security for the file access and privacy for the
utilizing the proposed methodology are shown in Figure users from malicious insiders in cloud environment. The
6 and Figure 7. In case of small file sizes, RSA consumes confidentiality and integrity of the stored and retrieved file
fewer amounts of processor cycles and RAM capacity. is preserved through the proposed file sharing mechanism.
Both ElGamal and Paillier algorithms consumes equal The group user access management, key management,
amount of resources for small file sizes. But, RSA has encryption and decryption of files are performed through
limitations in handling large file sizes, whereas, ElGamal trusted third party to make the data secured in mobile
and Paillier algorithms are suitable for encryption and cloud environment. The comparative analysis of different
decryption of large file sizes. PKI algorithms using the proposed methodology for
key computation, encryption, decryption and resource
utilization shows that RSA algorithm performs well in
handling small file sizes whereas, ElGamal and Paillier
algorithms are more suitable for larger files to be stored
in cloud storage.

5. References
1. Khan AN, Mat Kiah ML, Khan SU, Madani SA. Towards
secure mobile cloud computing: A survey. Futur Gener
Comput Syst. 2013; 29(5):1278–99.
2. Kumar R, Rajalakshmi S. Mobile cloud computing: Stan-
Figure 6. CPU usage by different PKI algorithms using the dard approach to protecting and securing of mobile cloud
proposed methodology. ecosystems. Proceedings of International Conference on
Computer Sciences and Applications; 2013. p. 663–9.

Vol 9 (48) | December 2016 | www.indjst.org Indian Journal of Science and Technology 7
 Secure File Sharing Mechanism and Key Management for Mobile Cloud Computing Environment

3. Uddin M, Memon J, Alsaqour R, Shah A, Rozan MZA. Mo- 18. Jasmine R, Nishibha GM. Public cloud secure group shar-
bile agent based multi-layer security framework for cloud ing and accessing in cloud computing. Indian Journal of
data centers. Indian Journal of Science and Technology. Science and Technology. 2015 Jul; 8(15):1–7.
2015 Jun; 8(12):171–8. 19. Manjusha R, Ramachandran R. Secure authentication and
4. Rajathi A, Saravanan N. A survey on secure storage in access system for cloud computing auditing services using
cloud computing. Indian Journal of Science and Technol- associated digital certificate. Indian Journal of Science and
ogy. 2013 Apr; 6(4):1–6. Technology. 2015 Apr; 8(S7):220–7.
5. Lee JY. A study on the use of secure data in cloud storage 20. Sun H, Wen Q, Zhang H, Jin Z. A novel remote user authen-
for collaboration. Indian Journal of Science and Technolo- tication and key agreement scheme for mobile client-server
gy. 2015 Mar; 8(S5):33–6. environment. Application Mathematical Information Sci-
6. Grobauer B, Walloschek T, Stocker E. Understanding cloud ence. 2013; 7(4):1365–74.
computing vulnerabilities. IEEE Secur Priv. 2011; 9(2):50– 21. Xie Y, Wen H, Wu B, Jiang Y, Meng J. A modified hierarchi-
7. cal attribute-based encryption access control method for
7. Cisco Visual Networking Index. Available from: http:// mobile cloud computing. IEEE Trans Cloud Computing.
www.cisco.com/c/en/us/solutions/collateral/service-pro- 2015; (99):1–1.
vider/visual-networking-index-vni/mobile-white-pa- 22. Yang X, Huang X, Liu JK. Efficient handover authentication
per-c11-520862.pdf with user anonymity and untraceability for Mobile Cloud
8. Sanaei Z, Abolfazli S, Gani A, Shiraz M. SAMI: Ser- Computing. Future Generation Computer Systems. 2015
vice-based arbitrated multi-tier infrastructure for mobile Sep; 62:190–5.
cloud computing. Proceedings of 1st IEEE International 23. Armando A, Carbone R, Compagna L, Cuellar J, Pellegri-
Conference on Communications in China Workshops; no G, Sorniotti A. An authentication flaw in browser-based
2012. p. 14–9. single sign-on protocols: Impact and remediations. Com-
9. Kalpana V, Meena V. Study on data storage correctness puter Security. 2013; 33:41–58.
methods in mobile cloud computing. Indian Journal of Sci- 24. Zhang Y, Chen Q, Zhong S. Privacy-preserving data aggre-
ence and Technology. 2015 Mar; 8(6):495–500. gation in mobile phone sensing. IEEE Transaction on In-
10. Mishra A, Jain R, Durresi A. Cloud computing: Network- formation Forensics Security. 2016; 11(5):980–92.
ing and communication challenges. IEEE Communications 25. Suo H, Liu Z, Wan J, Zhou K. Security and privacy in mo-
Magazine. 2012; 50(9):24–5. bile cloud computing. Proceedings of 9th International
11. Fernando N, Loke SW, Rahayu W. Mobile cloud comput- Wireless Communications and Mobile Computing Confer-
ing: A survey. Future Generator Computer System. 2013; ence (IWCMC); Sardinia. 2013. p. 655–9.
29(1):84–106. 26. Rajarajeswari S, Somasundaram K. Data confidentiality
12. Dinh HT, Lee C, Niyato D, Wang P. A survey of mobile and privacy in cloud computing. Indian Journal of Science
cloud computing: architecture, applications, and approach- and Technology. 2016 Jan; 9(4):1–8.
es. Wireless Communications and Mobile Computing. 27. Sugumar R, Imam SBS. Symmetric encryption algorithm
2011; 13(8):1587–611. to secure outsourced data in public cloud storage. Indian
13. Tsai JL, Lo NW. A Privacy-Aware Authentication Scheme Journal of Science and Technology. 2015 Sep; 8(23):1–5.
for Distributed Mobile Cloud Computing Services. IEEE 28. Saikeerthana R, Umamakeswari A. Secure data storage and
System Journal. 2015 May; 9(3):805–15. data retrieval in cloud storage using cipher policy attribute
14. Neela TJ, Saravanan N. Privacy preserving approaches in based encryption. Indian Journal of Science and Technolo-
cloud: A survey. Indian Journal of Science and Technology. gy. 2015 May; 8(S9):318–25.
2013 May; 6(5):1–5. 29. Paillier P. Public-key cryptosystems based on compos-
15. Sen J. Security and privacy issues in cloud computing. Ar- ite degree residuosity classes. Proceedings of Advances in
chitecture Protocol Security Information Technology. 2013; Cryptology (Eurocrypt ‘99); Prague, Czech Republic. 1999.
(4):1–42. p. 223–38.
16. Xiao Z, Xiao Y. Security and privacy in cloud computing. 30. Dawahdeh ZE, Yaakob SN, Sagheer AM. Modified ElGamal
IEEE Communication Survey Tutorials. 2013; 15(2):843– elliptic curve cryptosystem using hexadecimal representa-
59. tion. Indian Journal of Science and Technology. 2015 Jul;
17. Nagaraju S, Parthiban L. Sec Authn: Provably secure 8(15):1–8.
multi-factor authentication for the cloud computing sys-
tems. Indian Journal of Science and Technology. 2016 Mar;
9(9):1–18.

8 Vol 9 (48) | December 2016 | www.indjst.org Indian Journal of Science and Technology