Open Access is an initiative that aims to make scientific research freely available to all. To date our community has made over 100 million downloads. It’s based on principles of collaboration, unobstructed discovery, and, most importantly, scientific progression. As PhD students, we found it difficult to access the research we needed, so we decided to create a new Open Access publisher that levels the playing field for scientists across the world. How? By making research easy to access, and puts the academic needs of the researchers before the business interests of publishers.
We are a community of more than 103,000 authors and editors from 3,291 institutions spanning 160 countries, including Nobel Prize winners and some of the world’s most-cited researchers. Publishing on IntechOpen allows authors to earn citations and find new collaborators, meaning more people see your work not only from your own field of study, but from other related fields too.
To purchase hard copies of this book, please contact the representative in India:
CBS Publishers & Distributors Pvt. Ltd.
www.cbspd.com
|
customercare@cbspd.com
The security of data becomes more vulnerable despite the various safety measures. The significant contribution of the chapter is to describe the design of a secured Cloud storage mechanism using ECC. Many banks are using cloud technology. However, it is not free from hacks and threats. Here comes the focus on Cloud Security and a lot of research work is happening around it. ECC-based secured cloud framework with a logging mechanism provides a high-level design of the SSL VPN and secured cloud mobile banking. It helps to secure data transfer for users. Software applications and web services are handled by maintaining the log files securely, and this security scheme shields the aligning of different kinds of data elements to each provider using an ECC algorithm. It is implementing a two-layered security system, which includes both private and public cloud storage environments, also providing a customized secure logging mechanism that will be encrypted by ECC. The TRA (banking) customers will get lots of benefits from this cloud storage mechanism. The proposed design acts like a buffer for end users, Internet service providers, and Banks, so it is more effective and secure in the Cloud environment.
Sathyabama Institute of Science and Technology, Chennai, India
Tata Consultancy Services, Chennai, India
*Address all correspondence to: gopinathv0507@outlook.com
1. Introduction
In this modern world, secured communication is a significant need to perform high-end data transfers. In banking, the secure cloud storage mechanism is gaining importance and is yet to become omnipresent. The concern with the banking storage mechanism is that it requires immediate attention, such as rewards, precautions, confidentiality, perspective, usability, data management, unpredictable growth in the volume of transactions, and price reduction. Cloud computing provides everything as a Service (XaaS) to the banking sector in the form of Software-as-Service (LaaS) Which SaaS supports customer relationship management, accounting, invoicing, and Enterprise resource planning. PaaS is a suitable platform for applications. It helps in reducing the cost of IT Infrastructure & the spending on hardware devices & software applications can be cut down significantly. With LaaS businesses can procure those assets as a completely redistributed service. The same approach is applied for secured usage of a cloud storage mechanism with XML Web services and a logging mechanism to provide a high-level design of the SSL VPN to track the user activity and identify in case of any vulnerable security issues. In addition, it is implemented for a safe storage mechanism using ECC in transaction-rich applications (TRA). Many TRA makes use of storage mechanism 4 due to the service-oriented architecture, seamless accessibility, and other advantages of this advent technology. At the same time, it is vulnerable to hacks and threats. Hence securing this environment is of utmost importance, and many research works are being reported focusing on it. Cloud service provider gives base security, but it is not sufficient to handle the financial data in the cloud environment. Both the banking industry and the customer look for more protection when it comes to funding transactions like payroll, CRM, accounting, invoicing, Enterprise resource planning, etc. Security Breaches are not tolerable in the banking sector. In the current environment of cloud computing. TRA has got only a single layer of security. So, the mechanism to provide high-level security with cost-saving, high performance, and bandwidth is needed. The proposed system is aimed at providing a high-level design of the SSLVPN with ECC, which is applied to a private cloud with a secure logging mechanism. The model has experimented with java coding and open VPN with the MS Azure cloud system. SOAP UI tool has been used for performance analysis, which is deployed into the cloud web server [1, 2].
The design applied to a private cloud environment, in addition to providing a customized secure logging mechanism that will be encrypted by ECC, ensuring data security and privacy protection of entire user activities in the cloud. To launch the ECC-based SSL VPN, the private cloud VPN frameworks should be added to the system.
The same approach is applied in the cloud storage mechanism for the TRA (banking) customers can get lots of benefits [3, 4].
Utilization of Time: Customers can use it 24*7 hours.
Increase Adaptability: It helps banks to enjoy the promotion of adaptability ratios and operating leverage [5, 6].
Decrease Invest Amount: The banks are not ready to invest a large amount to purchase software, hardware, and related workforce for the usage of cloud computing.
Security Comparison: ECC-based secure cloud storage mechanism for TRA is more sheltered than online and internet banking.
It provides an additional layer of security with ECC. While the banking customer is connecting to the cloud, it connects the P2P network with a second layer of security SSL and ECC [7], and the banking application utilizes the same set of ECC digital keys.
ECC-based secure cloud framework with logging mechanism is to provide a high-level design of the SSL VPN and secure cloud mobile banking. It helps secure data transfer for the users [8, 9, 10]. Software applications and web services are used with secure log files maintained. Figure 1 shows the high-level design of the Cloud storage mechanism.
Figure 1.
High-level designs for cloud storage mechanism.
The design will provide a two-layer security system, which is included in the private cloud as well as a public cloud storage environment, along with a customized secure logging mechanism; the entire system will be encrypted by SSL-based ECC [11, 12]. Cloud storage mechanism for the TRA (banking) customers will get lots of benefits. The proposed design acts middle layer for the end user, Internet service provider, and the Bank.
The architecture of a secure cloud TRA is explained in Figure 2. Movable equipment and the remote systems are connected to the mobile machinist and wireless access point. These are connected to either an entry point or satellite via the base station. The mobile user’s request and response are delivered to cloud banking through the presently available SSL VPN with an additional layer of protection from ECC. Figure 2 Architecture of secure TRA [1].
Figure 2.
Architecture of secure TRA.
Central processors that are linked to the mobile network receive the mobile users’ requests as well as send details such as user IDs and user location to banking database storage. The projected security theory enhances the level of protection that currently supports mobile banking and facilitates the realization of P2P networks.
The following are the objectives of the proposed framework:
Assuring information security and privacy protection of entire mobile/remote user’s activities in the cloud. ECC-based SSL VPN.
ECC encryption helps to provide less bandwidth, computing power, and memory for creating customized security for data packets.
3.1 Storage mechanism for transaction rich application
The cloud storage mechanisms are exclusively designed for cloud-based supply. Like how the physical server can release virtual server images, similarly, the device’s instances can be made virtual. They can provide fixed-increment capacity allocation in support of the pay-per-use mechanism. Via cloud storage devices, stored data can be exposed with the help of remote access. It gives general logical elements of data storage, such as:
The Group of data that are stored in the folders are called files.
The lowest level of storage is called blocks.
The collections of data are called datasets.
Objects are called metadata.
There is a huge risk of data loss, it is essential to recover the data when there is an issue and failure. However, customers are ensured of data availability post such issues. So, it is essential to provide data security in the cloud. The proposed design provides a secure cloud storage mechanism for TRA.
Figure 3 [1] shows the data request of the user via the internet to access the private cloud data servers and applications to utilize the Bank’s web server and a firewall. The design is trialed with java coding 43 and inbuilt ECC algorithm into the webserver. Logs are maintained in the DB tables as well as the web server, and the user accesses the web server system with the help of SOAP UI. The user hits directly the bank’s web server and firewall, and data packets are sent as encrypted files for both requests and responses from the cloud storage system.
Figure 3.
Cloud storage mechanisms for TRA.
3.2 Cloud-based ATMs architecture using ECC
An ATM is used after installing the package, and it will be ready for user transactions. Usually, the ATM package consists of an operating system, machine third-party software and hardware packages, and core banking software; normally, this package deployment takes more than 4 hours to get completed. So, each machine installation takes 8 hours daily to be available to users. Banks are investing a huge amount in this activity. For increasing transactions, many banks are extending their activity by using ATMs. ATMs have become more user-friendly nowadays, which is a must need for the customer to use on a day-to-day basis; this promotes establishing banking. As there is a need for creating more ATMs to provide easy access to customers, banks need to invest more in setting up these machines, which can now be reduced by using the cloud. However, security becomes a concern worry about using this installation in a cloud environment. Here, a private cloud is used to install/deploy the package in a single trigger; within 4 hours entire installation is performed for more than 1000 ATMs; also, it provides the double-level security to connect the Host server and the core bank. Below is Figure 4. Shows the ATM package deployment with the help of a secure cloud environment.
Figure 4.
ATM package deployments using secure cloud.
Here, the package is deployed in the private cloud host server itself. Also, it is possible to increment the ATM node by more than 1000 in a single installation time, so this method is more cost effective and also provides high-level security for the customer data.
Figure 5 discusses the ATM package and machine architecture using a secure cloud environment. The core banking server interacts with the Cloud hosting server, which has the ATM software packages, which are customized bank screens, ATM software, other 3rd party machine software, and operating system.
Figure 5.
ATM package and machine architecture using the secure cloud.
ATM packages have two-layer securities like SSL and ECC which gave high-level security of the bank’s data and package while the installation got initiated.
The proposed design will give high standard security and more cost savings to the banks. Therefore, they can meet their customer demands.
Cloud computing is characterized by accessibility at whichever instance is desired, with the reason for the reduction in costs and increase in operational efficiency. The ECC VPN that connects to cloud computing should possess the above-mentioned characteristics. The network atmosphere should be trouble-free to set up, modernize, or erase connections based on the demand for cloud computing, to ease the complex system management.
The below Figure 6 shows the most vulnerable cyber-attack on the bank in the cloud environment; in this measurement, a high percentage of cybercriminals risk occurs in web applications and web services in the cloud environment. Many banks have identified and reported 89% of breaches in the last few years. Many a time, SQL injection and malware have accessed sensitive information in Cloud storage mechanisms like DB, web applications, and web services. It is hard to find web application attacks because banks have millions of users accessing their sites at the same point in time. So, spotting cybercriminals is a difficult task. The second highest-rated risk is the DoS attack; it completely 58 hacks down a system, and shuts down a machine/network, making it inaccessible to its intended users. The rest of the other attacks is very minimal to the overall bank attacks in the cloud enlivenment.
Figure 6.
Vulnerable analysis report to cyber-attack for the bank.
In Table 1, most of the efforts in the below-mentioned checklist talk about the number of vulnerabilities and threats focused on Cloud Computing. It describes the analysis report that is related to the analysis, and test used in cloud environments, and it specifies that the cloud service representations are open to these vulnerabilities and threats. More prominence on threats has been applied that are allied with statistics being stocked up and practiced remotely, sharing resources, and the usage of virtualization [3, 4].
S. No
Vulnerability & threats analysis
Existing method (RSA)
Proposed method (ECC+ SSL)
Analysis report
Existing frameworks
Proposed framework
1
Secure even after the loss of user identity and password
✓
✓
Configuration Management
Single
Single
2
Indexing of data, Keyword Search
✓
✓
Fault Management
Simple
Simple
3
Insecure interfaces and APIs, Account or service hijacking
✓
✓
Performance Management
Integrated
Integrated
4
Unlimited allocation of resources, Denial of Service
✓
✓
Security
Support
support
5
Data-related vulnerabilities, Data leakage
✗
✓
Management
directory server
encrypted data and directory server
6
Vulnerabilities in Virtual Machines VM hopping
✗
✗
Accounting Management
Convenient
Convenient
7
Vulnerabilities in Virtual Machine Images, Data leakage
✗
✓
Confidentiality
File encryption not provided
Symmetric key
8
Vulnerabilities in Hypervisors, VM escape
✗
✓
Authentication
Only base-level security is provided.
Password-based advanced-level security is provided.
9
Vulnerabilities in Virtual Networks, VM escape, Customer-data manipulation
✗
✓
Access Control
Exposure to the normal area
Encryption of security area information
10
Log Security in Virtual Machine, Data Packets
✗
✓
Impersonation Attack
No impersonation
Two stages of user authentication
Table 1.
Vulnerability & Threats Analysis Report RSA vs. ECC.
This section presents the result and performance analysis for the proposed secure cloud storage mechanism for TRA. The design has experimented with java coding and an inbuilt ECC algorithm, which is deployed in a cloud environment. SOAP UI tool has been applied for performance analysis; it is deployed into the cloud web server. With the help of this, the performance can be checked with load balance. Single usage of customized SOAP UI can trigger 1000 users at a time in the cloud storage server. Logs are stored in the database table as well as in the server and client system based on the load balance testing and performance tracking below Table 2. Shows the various comparisons of the proposed and existing systems in the Cloud storage mechanism [1].
S. No
Cloud analysis report
Proposed system (ECC + SSL)
Existing system (RSA)
1
Upfront Investment
Low investment
High investment
2
Additional Hardware/IT costs
Not required
Yes, Required
3
All-Time costs
Predictable cost
Unpredictable cost (but maybe lower)
4
Degree of customizations
Less customizable in general
Greater ability to customize
5
Control of data security standards
Customers can control the data
banks can control the data
6
Confidentiality
Symmetric key
File encryption not provided
7
Authentication
Password-based advanced-level security is provided.
Only base-level security is provided.
8
Access Control
Encryption of security area information
Exposure to the normal area
9
Log Security in Virtual Machine, Data Packets
Provided and It is Secured
Not provided
10
Computational Overheads
Roughly 10 times that of RSA can be saved
More than ECC
11
Encryption Time
Much Faster than RSA
At good speed but slower than ECC
12
Decryption
Slower than RSA
Faster than ECC
13
Small Devices efficiency
Much more efficient
Less efficient than ECC
Table 2.
Comparison between existing and proposed framework.
Below Table 3 ECC and RSA key size strength ratios are measured in the table; for example, the RSA system requires 7680 bits to provide security, whereas ECC requires only a 384-bit key to acquire the security and its key ratio stands at 1:20. So ECC provides greater efficiency in terms of key size and bandwidth; it means higher speed and lower power consumption [1].
Proposed ECC algorithm key size
Existing RSA algorithm key size
Key size ratio
224
2048
1:10
256
3072
1:12
384
7680
1:20
512
15,360
1:30
Table 3.
Key size strength ratio for the proposed system.
Figure 7 discusses the key length comparison of the proposed ECC algorithm vs. the existing RSA algorithm [1].
Figure 7.
Key length comparison for proposed and existing.
The public key operation of ECC-160 is only 3.69 milliseconds, and it is 50% comparatively lesser than RSA-1024 and other keys. The flowchart given below explains the key generation time and required memory size for both ECC key and 1024-bit RSA key, 160-bit ECC is much better than RSA [13]. The protection measures for both 160-bit ECC key and 1024-bit RSA key are similar. Hence breaking a 160-bit key would be a hundred million times harder than breaking the 1024-bit key. In below Table 4, discuss the measure of proposed ECC versus existing RSA public keys.
Algorithm
Key size
Key generation time (ms)
Required memory size (bytes)
Encryption/decryption time (ms)
Proposed Algorithm (ECC)
160
98
125
121
224
177
140
183.1
Existing Algorithm (RSA)
1024
1312.7
313
388
2048
6804.6
621
1867
Table 4.
Measure of proposed ECC vs existing RSA public keys.
In Table 4, the proposed public key is generated using the existing key algorithm, based on key generation time (ms), memory size (bytes), and encryption/decryption time. During the ECC key generation, the time taken to generate the RSA key and ECC key and size has a huge difference (ECC-224 and RSA-2048). Also, it is learned that during the signature generation process, ECC surpasses RSA. Conversely, RSA beats ECC in performance during the verification process and the Encryption/Decryption process is ECC much better than RSA. The below Figure 8 shows the encryption and decryption time during the run time of the proposed public key algorithm [13, 14].
Figure 8.
Proposed algorithm encryption/decryption during runtime.
The below Figures 9–12 discusses the key size generation time, required memory size, and encryption/decryption time of the proposed ECC algorithm vs. the Existing RAS algorithm.
Figure 9.
Algorithm key generation time (ms).
Figure 10.
Algorithm required memory size (bytes).
Figure 11.
Algorithm encryption/decryption time (ms).
Figure 12.
Performance measure for ECC and RSA.
The above experiment result tells us that the proposed ECC algorithm is much more efficient than the existing RSA algorithm in Speed, memory size, and security [15, 16].
The analysis of encryption/decryption execution time for both the proposed design and the existing system has been discussed in the below report, experimented with the sensitive banking data, and file transfer in the cloud environment is measured in regards to file size and execution time (mile second). Results tell us that the proposed design is better than the existing system, specifically bank data handle in the cloud environment.
Figure 13 discusses the memory size of the sensitive data transfer on the cloud environment, memory size, and the execution time of the encryption/decryption that is measured for the particular document. In execution, the proposed ECC is much better than the existing RSA; Figure 14 discusses the experimental results clearly showing that the proposed security model can encode the data with very low processing time and a lesser amount of memory size in the cloud system.
Figure 13.
Memory size analysis for the bank data on the cloud.
Figure 14.
Execution analysis for the bank data on the cloud.
The proposed security scheme improves the level of protection currently supported in cloud storage mechanisms. The potential incompatibilities that arise from the simultaneous use of ECC, as well as the impact of user mobility on VPN operation, are considered, and detailed solutions are proposed. A design is proposed to focus on and improve the security level in the cloud environment. This research focuses on simulating and analyzing the performance of secure cloud storage. Though various methods are cited in the literature for the stabilization of cloud computing and portable device VPN connection [17, 18, 19], securities provided by these methods are not adequate for the protection of data packets. The proposed method provides two layers of security.
The work shall be extended to transaction-rich applications (Banking) as banking customers need more protection for fund transactions like payroll, CRM, accounting, invoicing and ERP, etc. Banks cannot afford the risk of a security breach. The current system has a single layer of security, so our proposed design will provide double-layer security with high performance and bandwidth.
References
1.Gopinath V, Bhuvaneswaran RS. Design of ECC based secured cloud storage mechanism for transaction rich applications. Computers, Materials & Continua. 2018;57(2):341-352
2.Niyaz Ahamed N, Duraipandian N. Secured data storage using deduplication in cloud computing based on elliptic curve cryptography. Computers, Materials & Continua. 2022;41(1):83-94. DOI: 10.32604/csse.2022.020071
3.Rajavarmana R, Vetriselvib T, Devic SS. Hybrid security system over banking transaction maintance by a Meta key. Turkish Journal of Computer and Mathematics Education. 2021;12(7):864-868
4.Rehman S, Bajwa NT. Hybrid AES-ECC model for the security of data over cloud storage. Electronics. 2021;10(21):2673. DOI: 10.3390/electronics10212673
5.Renju C. Pros and cons of mobile banking. IJSRP. 2014;4(10):1-5
6.Agre C. Implementation of a cloud in the banking sector. International Journal of Computer Science and Information Technology. 2015;3(2):1168-1174
7.Alemu M, Omer AM. Cloud computing security framework for the banking industry. HiLCoE Journal of Computer Science and Technology. 2014;2(1):79-85
8.Vengala DVK, Kavitha D, Siva Kumar AP. Three-factor authentication system with modified ECC based secured data transfer: Untrusted cloud environment. Complex & Intelligent Systems. 2021. pp. 1-14
9.Sridharan S, Arokiasamy A. Effective secure data storage in cloud by using ECC algorithm. Middle-East Journal of Scientific Research. 2017;25(1):117-127, ISSN 1990-9233. DOI: 10.5829/idosi.mejsr.2017.117.127
10.Huang L, Zhang JZG, Zhang M. Certificateless public verification for data storage and sharing in the cloud. Chinese Journal of Electronics. 2022, 2020;29(4):639-647. DOI: 10.1049/cje.2020.05.007 Print ISSN 1022-4653, Online ISSN 2075-5597
11.Chhabra A, Arora S. An elliptic curve cryptography based encryption scheme for securing the cloud against eavesdropping attacks. In: IEEE 3rd International Conference on Collaboration and Internet Computing (CIC). 2017. DOI: 10.1109/CIC.2017.00040
12.Gopinath V, Bhuvaneswaran RS. Secure cloud computing with ECC web service and logging mechanism. Asian Journal of Information Technology. 2017;16(10):746-753
13.Abbas SA. Improving data storage security in cloud computing using elliptic curve cryptography. IOSR-JCE. 2015;17(4):48-53
14.Li Y, Zhang P. Security Analysis and Improvement of Elliptic Curve Digital Signature Scheme, Artificial Intelligence and Security. springer-ICAIS. 2019. pp. 609-617. SN - 978-3-030-24270-1July
15.Gupta DS. A secure cloud storage using ECC-based homomorphic encryption. International Journal of Information Security and Privacy (IJISP). 2017;11(3):9. DOI: 10.4018/IJISP.2017070105
16.Agrawal K, Gera A. Elliptic curve cryptography with hill cipher generation for secure text cryptosystem. International Journal of Computer Applications. 2014;106(1):18-24
17.Khan IA, Qazi R. Data security in cloud computing using elliptic curve cryptography. IJCCN, ISSN: 2664-9519 (Online). 2019;1(1):46-52
18.Gopinath V, Bhuvaneswaran RS. Design of Security System of portable device: Securing XML web service with ECC, Communication in Computer and Information Science. Vol. I. 2014. pp. 431-439
19.Chawla BK, Gupta OP, Sawhney BK. A review on IPsec and SSL VPN. International Journal of Scientific & Engineering Research. 2014;5(11):21-24
Written By
Gopinath V.
Submitted: 25 May 2022Reviewed: 07 September 2022Published: 21 October 2022
Open access peer-reviewed chapter
