IDL - International Digital Library Of

Technology & Research

Volume 1, Issue 6, June 2017 Available at: www.dbpublications.org

International e-Journal For Technology And Research-2017

Role Based Access Control Model (RBACM)

With Efficient Genetic Algorithm (GA) For
Cloud Data Encoding, Encrypting and
Forwarding
B.Rex Cyril, DR.S.Britto Ramesh Kumar
Research scholar & Asst.Professor, Asst.Professor,
Deparment of Computer Science, Department of Computer Science,
St.Josephs College(Autonomous), St.Josephs College(Autonomous),
Tamilnadu, Trichy-620002, Tamilnadu, Trichy-620002,
rexcyrilsjc@gmail.com

Abstract
TBDSA and GA algorithms takes minimum time to
Cloud computing is one the promising and emerging field
execute and raises the system performance.
in Information Technology because of its performance, low
cost and great availability. Cloud computing basically
Keywords
gives services to an individual and the organization
through the network with the capability to scale down or Token Based Data Security Algorithm, RSA and AES,
up their different kinds of services. The basic service of Genetic Algorithm, Role Based Access Control Model
cloud computing system is known as a cloud storage
system which containing a collection of storage servers. 1. Introduction
These storage servers gives long-term storage services by
using the internet with free of cost. However, the storing The cloud is a term which is utilized for a virtual
data using cloud system of third party causes very serious collection of resources and it has wide range of
problem over data confidentiality. Typically, different
advantages. These advantages are offered for cloud users to
kinds of encryption schemes are used to protect the cloud
utilize the availability of vast array of software applications,
data confidentiality, but it take more time to process even
looking unlimited storage, to access the lightning fast power
a single operation. Thus, in this paper proposes cloud data
of processing and the ability to effortlessly share information
confidentiality by integrates encoding, encrypting and
across the world [1]. Cloud users access all of these
forwarding. Token Based Data Security Algorithm
advantages over the internet at any place and any time. Cloud
(TBDSA) along with RSA and AES is used for decryption
computing is also allows corporate and consumers structure to
and encryption process and Role Based Access Control
utilize all the cloud application without added any extra effort
Model (RBACM) is access at the time of data forwarding.
for hardware and software installation. Additionally, it offers
Here, cloud users accessing password is created by using
personal files sharing process from any computer over the
encoding process which is done by Genetic Algorithm
internet access [2].
(GA) and process of GA is presented in this paper. This

IDL - International Digital Library 1|P a g e Copyright@IDL-2017

IDL - International Digital Library Of
Technology & Research
Volume 1, Issue 6, June 2017
International e-Journal For Technology And Research-2017
Cloud computing becomes a complex infrastructure because
of their hardware, software, storage and processing and which
are available in the form of service [3]. The cloud services are
included basically of application running remotely which is
made data available to all the cloud users.This kind of
technology offers access to a huge volume of advanced super
computers and connected at many locations around globally,
thus offering speed is tens of trillions of computations per
second.
Cloud promises tangible speed to customers and cost saving,
utilizing the technology of cloud, the organization can quickly
employ different kind of applications where contraction and
expansion. This can be achieved with the help of different
kinds of cloud enabler for example grid computing and
virtualization that allow application to be dynamically
employed onto the most appropriate infrastructure at run time.
The basic service of cloud computing system is known as a
cloud storage system which containing a collection of storage
servers. These storage servers gives long-term storage services
by using the internet with free of cost. However there remain
some issues of cloud data security, privacy, portability and
reliability.
However, the storing data using cloud system of third party
causes very serious problem over data confidentiality.
Typically, different kinds of encryption schemes are used to
protect the cloud data confidentiality, but it take more time to
process even a single operation. Thus, in this paper proposes
cloud data confidentiality by integrates encoding, encrypting
and forwarding. Token Based Data Security Algorithm
(TBDSA) along with RSA and AES is used for decryption and
encryption process and Role Based Access Control Model
(RBACM) is access at the time of data forwarding. Here,
cloud users accessing password is created by using encoding
process which is done by Genetic Algorithm (GAand process
of GA is presented in this paper. This TBDSA and GA
algorithms takes minimum time to execute and raises the
system performance.
2. Related work
In [4] author proposes a secure computation auditing protocol
(SecCloud) and a privacy cheating discouragement for
achieving privacy. This is a first protocol is used for secure
computation auditing and secure storage in the cloud. This
IDL - International Digital Library 2|P a g e
Available at: www.dbpublications.org
secures computation process achieved by verifier signature,
probabilistic sampling techniques and batch verification. The
main contribution of this work is to create secure-aware cloud
computing process or SecHDFS. The experimental results
show the promising result in term of cost, security and
efficiency of proposed work.
In [5] author develops a SaaS application to prevent the
leakage of information by giving risk assessment, multifactor
authentication and encryption is done based on the enhanced
elliptic curve cryptography where a cryptographically
generated random number is utilized for make the
unpredictable number, key management, secure disposal of
information, and data integrity. In this work the Google App
Engine is used for deployment process. In this work basically
analysis the cloud security challenges for example account
hijacking, information leakage and denial of service.
In [6] author proposes a cloud data integrity model in the
distributed multi-cloud environment. In this method the
experimental process is done by using prototype application
which shows the proof of concepts. Mainly in this work
concentrated on a cloud security concern such as secure data
storage. Here also consider the virtualization technology
which is used for computer resources has become a reality.
The experimental work shows that the promising results in
term of higher performance in security concern when
compared with other existing solution.
In [7] author constructed a system which comprises of proxy
re-encryption scheme combined with decentralized erasure
code such that a secure storage system. In this proposed
system not only used for robust and secure data, but it also
used for data forwarding and retrieving process. This process
is fully integrates forwarding, encoding and encryption
process. This work suggests and analyzes suitable parameters
for a number of storage servers queried by key server and
number of messages delivered to storage servers.
In [8] author proposes artificial immune algorithm based novel
data security strategy system which is process in architecture
of Hadoop Distributed File System (HDFS). In this work
introduce a new framework such as HDFS which is known as
data security model. This proposed model used for improve
the cloud security process. Additionally, the artificial immune
algorithm related with data security and this algorithm also
Copyright@IDL-2017
IDL - International Digital Library Of
Technology & Research
Volume 1, Issue 6, June 2017 Available at: www.dbpublications.org

International e-Journal For Technology And Research-2017

termed as dynamic selection algorithm and negative selection Admin
algorithm. The experimental work done by using Cloudsim
User
platform and the results shows promising results in term of Registration
Upload
cloud data security strategy which is depends on the artificial
RSA+ AES Cloud Users
immune system algorithm.
Download
User Login
In [9] author analyzes the characteristics of present cloud
RSA+ AES
computing process and then develops a comprehensive real- Else (Fail)
IF (Success)
time network risk evaluation model.This model effectively
Unique ID Provided
used in cloud computing process and this process is based on by Cloud Service
Register/Login
Provider to Cloud Again
the relation between pathogen invasion intensity and artificial User

immune systems antibody. In this work considered the Trojan

THEN
virus which is used for check the single terminal. The
Send request for Verify Token_ID
experimental work evaluate network by using integration data transfer before data transfer

evaluation system. This evaluation work considered the three

kind of layer such as network layer, host layer, and application
Generate One
layer. The experimental results show this proposed work Time Password
(OTP) using GA
enhances the ability of intrusion detection and it can use for
present cloud computer security process. Send on
YES
OTP Mobile or Mail
3. Proposed System Verification

The proposed system has four main entities such as Hybrid
Cloud, Administrator, Role Manager, and Owner. Initially the
setup a hybrid cloud in the process, the administrator is known
as main authority and the authority creates the cloud users
username and password for and generates the secret key for
role corresponding role manager, here have to define the role
hierarchy. Manage the given user name and password by using
role manager and the owner is the cloud user who has the
authority to store or upload the cloud data securely in the
cloud system. The users want to decrypt to access the stored
cloud data. The proposed cloud storage and accessing system
is as shown in figure 1.
No
Exit
Figure 1Secure Cloud Storage System with Trust
Management
Hybrid Cloud:
In this proposed system two main cloud frameworks are used
such as private and public cloud. In this integration may
overcome the each other disadvantages. The private cloud will
not be exists from the user, so the user only interact with the
public cloud over the administrator. The administrator will be
permit to access the private cloud.

Administrator:

The main authority of secure cloud storage system is termed

as administrator and the administrator has all the credentials
and system parameters to manage the secure cloud.
Additionally, the administrator adds cloud users and role
manager in the framework and provides fundamental
credentials to access the secure cloud system. The

IDL - International Digital Library 3|P a g e Copyright@IDL-2017

IDL - International Digital Library Of
Technology & Research
Volume 1, Issue 6, June 2017
International e-Journal For Technology And Research-2017
administrator generates the role hierarchy and specifies the
organization structure according to cloud framework.
Role Manager:
A role manager is used to manage the relationship between
specific roles and cloud users. When updating the user roles,
the role manager required to enter the password given by the
administrator. No one of the cloud users are affected by this
operation, therefore the role managers do not required to
communicate with the cloud users, and they only required to
interact with private cloud. Beforehand a user is involvedinto
a given role and the role manager required authenticating the
cloud user so as to ensure that the user is authorized user.
Owner:
Owner can be a user who has the authority to upload and
encrypt the data in the cloud. The owners particularize who
can access the data rendering to the role based procedures. In
this work the owner manages the relationship between roles
and their permission. Owner performs the encryption process
for that it does not need any password or secret key.
User:
Users are known as general cloud users who have specific
work according to their skills. Every user is authenticated by
the administrator. Users are permitted only for downloading
the secure data based on their assigned roles.
3.1 Data Storage
In this proposed work Role Based Access Control Model
(RBACM) is proposed. Thus, the roles manager assigns the
each role to the cloud user who can work with their
appropriate role. The cloud provider is not able to find the data
which is stored in the form of encrypted data. A role manager
is able to allocate a role for specific user after the data owner
has encrypted the data. A user allocated to specific role can be
revoked at any time, the revoked user have not any access
permission to data. The user revocation will not affect other
cloud users. This work, achieves a great encryption and
decryption process on client side.
In this, initially required to create the cloud user, allocate the
specific roles to the user and this process comprises
IDL - International Digital Library 4|P a g e
Available at: www.dbpublications.org
subsequent operation. In the proposed work Advanced
Encryption Standard (AES) [10] [11] algorithm utilized for
encrypt the cloud data and the secret key generated by AES is
encrypted by using Rivest-Shamir-Adleman(RSA) algorithm
[12]. When the roles in the proposed framework defined then
the each and every roles have one private key and public key.
The private key is utilized by the cloud user to access the
cloud data from different cloud server. The public key is
utilized by the cloud data owner to encrypt and upload or store
the cloud data in public cloud.
The AES algorithm is high speed algorithm and it needs low
RAM requirements, however here same secret key used for
encryption and decryption process. It faces the main problem
because of key exchange. To overcome this issue, in this work
use RSA algorithm for generating encrypted secret key with
the help of users public key.
128 bit plaintext
AES
Round Key (128 bit)
Pre-round Transformation
Cipher Key (128,
192, or 256 bits)
Round 1
Key Expansion
Round 2
10
Key size
128
12 192
14 256
Round Relationship between
number of rounds and
cipher key size
128 bit Cipher text
Figure 2 AES Cipher
Basically, the AES algorithm initiated with Add round key
stage than it will followed by nine rounds of four different
stages and a 10th round of three different stages. Here, the
four different stages are defined as Substitute bytes, Mix
Columns,Shift rows, and Add Round Key. AES working
process is as shown in figure 2. Initially, the nine rounds of
AES decryption process contain Inverse Substitute
bytes,Inverse Shift rows,Inverse Mix Columns andInverse
Add Round Key. Again the 10th round not executesthe Inverse
Mix Columns stage as same as 9th round as shown in figure 2.
The RSA algorithm used for measured the encoding and
decoding AES secret key. Let S is defined as the secret key
and C is defined as the cipher key then at encryption is defined
Copyright@IDL-2017
IDL - International Digital Library Of
Technology & Research
Volume 1, Issue 6, June 2017 Available at: www.dbpublications.org

International e-Journal For Technology And Research-2017

= as the same time the decryption is defined as Selection:After initialization process chromosomes or the
= . Where n is defined as the very huge prime parents are to be choosing for reproduction is select based on
number which is generated at the time of key generation their fitness value.
process is shown in Figure 3.
Crossover:after finding the fitness, select the high fitness
RSA key Generation value for next process such as crossover operation. In this
RSA crossover, replace with one highest fitness value to another
( , = highest fitness value if it is greater than that, so here new
, ) offspring should be generated. For example here have two
is known as the modulus. chromosomes or parents P1 and P2 as:
is known as the public exponent.
1 = 1 0 0 1 0 0 0 1
Step 1: .
Step 2: = .
Step 3: () = ( 1)( 1) 2 = 1 1 0 1 1 0 0 0
Step 4: After crossover the offsprings are as:

(). 3 = 1 0 0 1 1 0 0 0
Step 5:
1 ( ()) <4 = 1 1 0 1 0 0 0 1.
().
Step 6: = {, }, = {, } Mutation:After done the crossover operation, it will move on
Figure 3 RSA Key Generation Process the mutation process. In some cases there is not required for
crossover directly go for mutation operation. From the above
In this proposed system, the RBACM is utilized for example two same generations are produced after that random
authentication the users to access appropriate files and bit from one generation is mutated to the produce different
maintain the data integrity and privacy and which is achieved generation.
by using AES and RSA algorithm.
Suppose here have generation 3 = 1 0 1 1 0 0 0 and here
3.2 Data Recovery required to mutate it 4 8 finally here get new
offspring such as 5 = 1 0 0 0 1 0 0 1
In this work the secure data storage is done by using
integration of AES and RSA algorithm and the secure data From this process providing data security to user and also
recovery processing achieved with the help of Genetic multi cloud transaction process and each time of data
algorithm. In this proposed work the GA is used for obtaining transaction the GA will generate the dynamic One Time
data privacy with the help of creating dynamic password. Password (OTP). This dynamic OTP is treating as a single
Basically, the GA is defined as heuristics optimization time transaction so each time of transaction the GA is
algorithm it has four different processes such as Initialization, automatically created a new password. This password not easy
Selection, Cross-Over, Mutation and their fitness function is to crack like static password it is also time based which means
used for evaluation function. after specific time span the generated OTP is become expired
or invalid. So, the unauthorized user may not use the cloud
Initialization:initially select the chromosomes population
data and also the authorized user if wrongly enters the OTP in
then calculate the fitness function for each and every three times means the system is automatically logout.
chromosome. An initial population size is generated randomly
and then then that can also seeding the initial population So that the GA done a good job of obtaining dynamic OTP on
which means select some initial population from exiting each and every request of the cloud user for accessing their
research. cloud data from different kind of cloud server. By utilizing
GA it will generate optimized random value and this random
value can be utilized as a password. Each time the password

IDL - International Digital Library 5|P a g e Copyright@IDL-2017

IDL - International Digital Library Of
Technology & Research
Volume 1, Issue 6, June 2017 Available at: www.dbpublications.org

International e-Journal For Technology And Research-2017

will mutate different values, therefore it must be altered which Step 6:Verify the _ before transfer the data
means it is not reversible. Thus, the security level of cloud
storage is very high and data recovery is also secured by using Step 7: Generate the one time password by using the
obtaining OTP. Genetic Algorithm

As the architecture of proposed system shows cloud security
utilizing OTP by using GA in figure 1. Initially Admin upload
the data on cloud so that each and every register cloud user
can access the cloud data with using their specific role. For
accessing data user required to do two important processes
such as user registration and submission of OTP. From the
architecture registered user want to access the cloud data, the
user must be logged in. After login the user gets their OTP on
mail or mobile and when user gets the OTP they should enter
in the system correctly. If OTP correct the system will permit
for data accessing otherwise the system will ask correct OTP.
The data recovery using GA is as shown in Figure 4.
Data Recovery using Genetic Algorithm
Step 1: When cloud user : = ,
THEN NEW ACCOUNT CREATED & CLIENT
REGISTERED.
Step 2: IF cloud
: = _ is generated on
that Token FOR SPECIFIC CLOUD SERVICE.
Steps 3: THEN cloud user
SEND
: =
_
with Data Security.
Step 8: send the generated password to could users mobile
or mail
Step 9:REPEATSTEP 4 TO 5
Figure 4 Data Recovery Process
4. Results and discussion
Different kind of methods are utilized to employing RBACM
and encryption and decryption processes to cloud secure
storage system such as Anonymous HIBE [14],HDFS with
AIS [8] and these algorithm are compared with proposed
system such as RBACM with GA. In this work successful
done in Netbeans JAVA version 7.0 as a frontend and backend
is used as DERBY database.
In figure 5 shows the comparison of communication
complexity in three different algorithms such asAnonymous
HIBE,HDFS with AIS and proposed RBACM with GA. From
the figure 6 results can see that the communication cost
riseswhen the data block size increases, but in the proposed
system shows promising results in term of communication
cost when compared with other two algorithms such as
Anonymous HIBE,HDFS with AIS.

Step 4: (_: = )
{
Authenticated user.
}
ELSE
{
Intruder (Fake user).
}

Step 5: _ does with the database

entry for a specific cloud service that indicated existence of
1 4.O
Figure 5 Communication Cost
Otherwise Data transferred through Secure Channel and
. Figure 6 shows that the comparison results in term of
execution timewith three different algorithms such assuch

IDL - International Digital Library 6|P a g e Copyright@IDL-2017

IDL - International Digital Library Of
Technology & Research
Volume 1, Issue 6, June 2017
International e-Journal For Technology And Research-2017
asAnonymous HIBE,HDFS with AIS and proposed RBACM
with GA. Here the execution time is treated as both encryption
and decryption time. From the figure 6 results, here conclude
that the proposed system shows the promising results in term
of encryption time and decryption time which means whole
execution time when compared with other two algorithms
such as Anonymous HIBE,HDFS with AIS. The proposed
algorithm shows the minimum execution time.
Figure 6 Execution Time
Figure 7 User request /Load
Figure 7 shows that the comparison results in term of User
request /Load by using three different algorithms such assuch
asAnonymous HIBE,HDFS with AIS and proposed RBACM
with GA. Here the user request is treated as both uploading
and downloading processes. From the figure 6 results, here
conclude that the proposed system shows the promising results
in term of both uploading and downloading processes when
IDL - International Digital Library
Available at: www.dbpublications.org
compared with other two algorithms such as Anonymous
HIBE,HDFS with AIS.
5. Conclusion
In this paper successfully proposes cloud data confidentiality
by integrates encoding, encrypting and forwarding. The
TBDSA along with RSA and AES is used for decryption and
encryption process and Role Based Access Control Model is
access at the time of data forwarding. Here, cloud users
accessing password is created by using encoding process
which is done by GA and process of GA is presented in this
paper. This TBDSA and GA algorithms takes minimum time
to execute and raises the system performance. Experimental
results shows that the promising result in term of
Communication Cost, Execution Time and User request
/Load.
References
[1]FatemehArabalidousti, TourajBanirostam, A Security
Model For Cloud Computing Based On Autonomous
Biological Agents, International Journal on Cloud
Computing: Services and Architecture (IJCCSA), Vol.3, No.5,
PP. 19-26, 2013.
[2] AnshikaNegi, Mayank Singh, Sanjeev Kumar, An
Efficent Security Farmework Design for Cloud Computing
using Artificial Neural Networks, International Journal of
Computer Applications,Vol.129, No.4, 2015.
[3] Kolenchery. J, Parallel phrase matching for cloud based
security services, International Conference of Soft
Computing and Pattern Recognition (SoCPaR), IEEE, PP. 481
485, 2011.
[4] LifeiWeia, HaojinZhua, ZhenfuCaoa, Xiaolei Donga,
WeiweiJiaa, Yunlu Chena, Athanasios V. Vasilakosb,
Security and privacy for storage and computation in cloud
computing, Information Sciences,Vol.258, PP.371386,
2014.
[5] Nina Pearl Doe, Sumaila Alfa, V. Suganya, An Efficient
Method to Prevent Information Leakage in Cloud, IOSR
Journal of Computer Engineering (IOSR-JCE), 7Volume 16,
Issue 3, Ver. III, PP.134-139, 2014.
7|P a g e Copyright@IDL-2017
IDL - International Digital Library Of
Technology & Research
Volume 1, Issue 6, June 2017
International e-Journal For Technology And Research-2017
[6] Ali Mohammed Hameed Al-Saffar, Identity Based
Approach for Cloud Data Integrity in Multi-Cloud
Environment, International Journal of Advanced Research in
Computer and Communication Engineering, Vol. 4, Issue 8,
2015.
[7] AsadiSrinivasulu, Ch.D.V.Subbarao, A.Bhudevi,
Dynamic Data Storage Publishing and Forwarding in Cloud
Using Fusion Security Algorithms, Computer Science and
Information Technology, Vol.2, No.4, PP.203-210, 2014.
[8] Chen Jinyin, Yang Dongyong, Data Security Strategy
Based on Artificial Immune Algorithm for Cloud Computing,
Applied Mathematics & Information Sciences, Vol. 7, No. 1L,
PP.149-153, 2013.
[9] Jin Yang, Cilin Wang, Caiming Liu, Le Yu, Cloud
Computing for Network Security Intrusion Detection System,
Journal Of Networks, Vol. 8, No. 1, PP.140-147, 2013.
[10]R. H. Sakr, F. Omara, O. Nomir, An Optimized
Technique for Secure Data Over Cloud OS, International
IDL - International Digital Library
Available at: www.dbpublications.org
Journal of Emerging Trends & Technology in Computer
Science (IJETTCS),Volume 3, Issue 3, PP.278-284, 2014.
[11] M. Sudha, Bandaru Rama Krishna Rao, M. Monica, A
Comprehensive Approach to Ensure Secure Data
Communication in Cloud Environment, International Journal
of Computer Applications (0975 8887), Vol.12, No.8, PP.
19-23,2010.
[12]AbhaSachdev,MohitBhansali, Enhancing Cloud
Computing Security using AES Algorithm, International
Journal of Computer Applications, Vol.67, No.9, PP. 19-23,
2013.
[13] Poornima G. Naik,Girish R. Naik, A Framework for
Secure 3D Password using Genetic Algorithm,International
Journal of Advance Research inComputer Science and
Management Studies,Vol.3, Issue 1,PP. 7-23, 2015.
[14] Kwangsu Lee, Jong Hwan Park, Dong Hoon Lee,
Anonymous HIBE with Short Ciphertexts: Full Security in
Prime Order Groups, arXiv:1502.07812v1 [cs.CR], 2015.
8|P a g e Copyright@IDL-2017