Enhanced Obfuscation Technique for Data Confidentiality in Public Cloud Storage

With an advent of cloud computing, data storage has become a boon in information technology. At the same time, data storage in remote places have become important issues. Lot of techniques are available to ensure protection of data confidentiality. These techniques do not completely serve the purpose in protecting data. The Obfuscation techniques come to rescue for protecting data from malicious attacks. This paper proposes an obfuscation technique to encrypt the desired data type on the cloud providing more protection from unknown hackers. The experimental results show that the time taken for obfuscation is low and the confidentiality percentage is high when compared with existing techniques.


Introduction
We are in the middle of an insurgency in cloud computing.The rapid deployment in cloud gives tremendous advantages to cloud users.Cloud Computing (CC) is defined as "a model for enabling convenient, ondemand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or services provider interaction" [1].In nutshell, CC could be comprised as '3 4 5', i.e., Three service models as SPI, namely Software as a service, Platform as a service, Infrastructure as a Service, Four deployment models as P2CH namely Private, Public, Community and Hybrid clouds and Five essential characteristics as on-demand self-service, broad network access, resource pooling, rapid elasticity, measured service.These essential characteristics promote lot of benefits in cloud computing utilization, working in various P2CH cloud environments, keeping SPI as base models.
Many techniques are available to protect sensitive data of users from attackers and service providers.Our approach is to protect data confidentiality from service providers, and to ensure that service providers cannot tamper the data stored in cloud environments.CC fascinates the users with many advantages.However several important problems in encryption process are resolved through data obfuscation method.
The term obfuscation means attempting "to transform a program into an equivalent one that is harder to reverse engineer" [2].The earliest work was done by Cohen [3] who called this as "security through obscurity" and advocated program evolution as the technique to increase complexity.This was the first of many techniques for data obfuscation where obscurity is maximized and execution time is minimized.
The goal of data obfuscation is to insert complex code or data structures into programs, thus making the programs supposedly harder to analyse and making sensitive data difficult to tamper.Many research findings on obfuscation proved that data obfuscation made the intruders harder to understand and even impossible in some cases.
Various obfuscation techniques are available to protect the confidentiality of data.For an example the word 'GOD' is encoded as 'R09E' using base64 encoding.It is converted into ASCII characters, ASCII characters into binary bits and grouped into 6 digits.The 6 digits are converted into decimal values and then equivalent character of it.The base32 encoding, ASCII encoding and hexadecimal encoding are few examples for obfuscation where the data are converted into nonreadable format.These examples are used in this paper for comparison with the proposed obfuscation technique.
This paper is organized as follows: Section 2 deals with the related works which support the obfuscation method.This section leads to Motivation and Derivation, and Objective of this paper in section 3 and 4 respectively.Section 5 gives the Methodology followed by the Proposed Obfuscation technique in section 6. Section 7 gives the experimental results.Section 8 concludes the paper.

Related Works
The authors [4] proposed a model to encrypt and to obfuscate data on client side before uploading into cloud database and proposed a mechanism to query over encrypted and obfuscated data on server side and decryption and de-obfuscation is performed on client side.Anitha et al. proposed a method to provide protection of data with cipher key stored through metadata at the data server [5].The cipher key generation is time consuming which is proportional to the number of attributes in the metadata as well the algorithms used for cipher key generation.
The privacy manager called obfuscation discussed in [6] reduces risks of data misuse of cloud users where a key chosen by user is not communicated to service provider, making it to de-obfuscate user's data.The privacy manager is also discussed [7] in conforming to privacy law in order to control policy-based obfuscation and de-obfuscation of personal, sensitive, or confidential data within cloud system.The plug-in log of obfuscation keys with the use of Double Authentication and Hybrid Obfuscation Technique, the maximum security and privacy for data is ensured in [8].The 'divide and rule' policy for safe and secured cloud environment is limited due to the implementation of two clouds being active and responsive all the time without direct communication.
The performance results of data confidentiality through scalable approach [9] reveal that the overhead for data obfuscation and de-obfuscation appear to increase linear with the size of input data.The architecture [10] provided a user-centric trust model to ensure and to control the security of user's sensitive data instead of leaving them entirely on server-centric for implementation.The key is not revealed to the service provider in this obfuscation method for protecting security of data.This approach of obfuscation for security is further proposed in [11] for protection by increase of complexity to withstand malicious attacks.

Motivation and Derivation
From the above literatures and available findings, it is obvious that the protection of data from malicious threats is a prime concern in enhancing the security of data.Many research findings also proved that different techniques have not fully protected the confidentiality of data.Hence confidentiality factor needs to be considered more importance in spite of many advantages in cloud storage.
In spite of many confidentiality techniques, the obfuscation technique plays a vital role to protect the data from malicious attacks.This obfuscation technique is in a way "a black box" so to say in protecting the data from reverse engineering.Motivated by this factor, a novel obfuscation technique is proposed in this paper for protecting the data before uploading into cloud storage.
Data security is an aspect of concern in cloud computing.The data could be placed anywhere in physical form in cloud storage only left with the service provider having full liberty to access to data with its own control and privileges.This aspect leads more concerns with regard to data confidentiality.Since the users have no control over the data in cloud storage and providers have more privileges for data access, it is a temptation for the providers to mishandle the data or data has potential danger of being tampered by unauthorized users.
The maintenance of secret keys is rather difficult and worse when the keys are mishandled with other providers.So maintaining the secret keys with the users, both the data and the keys are safe with provider and with user respectively.So, it is obfuscated and then uploaded into cloud for protecting the data confidentiality.Hence security is enhanced.By enhancing the confidentiality techniques through the proposed obfuscation method, the security is enhanced.The size of the data is minimized.The time taken for storage is reduced.

Objective
The objective of this paper is to experiment and bring out the good results of data security by use of obfuscation method.By enhancing the confidentiality of data by obfuscation, the user feels more reliable with service provider.The user further makes it more confident that as long as the secret key is with him, the data in cloud storage is safe and unhacked.By proving less time and more security with this method, the user makes it sure that this obfuscation method is more suitable for data confidentiality.

Methodology
Data stored in the cloud are protected for maintaining security.Security of the data is maintained by ensuring confidentiality technique.The confidentiality of data stored in the cloud is ensured by the obfuscation technique.The proposed technique obfuscates the data before uploaded into the cloud.The proposed technique uses a key to obfuscate the data.The key is generated in the key management as a service.The generated key is securely sent to the user 09003-p.2ICMES 2015 using symmetric cryptosystem.This secret key is used for obfuscation and de-obfuscation of data in user's side.The user chooses the type of sensitive data for obfuscation.The proposed technique obfuscates the selected sensitive data with the secret key received from the cloud key management as a service.The same key is used for deobfuscation.User should keep the key secure.At the completion of obfuscation, the data are uploaded on to cloud storage.In the provider's side, each provider functions as different providers.In the above diagram, Cloud Service Provider (CSP) functions as Obfuscation as a Service (ObfaaS) for data obfuscation.The data is stored in the CSP3 where it functions as Storage as a Service (STaaS).While secret key is shared between the users, the CSP2 functions as Audit as a Service (AdaaS) for authentication of users.While maintaining the key and data in cloud service provider, the CSP4 functions as Key Management as a Service (KMaaS).Each provider invokes the command and request for various operations and demands of users to utilise cloud resources.

Proposed Obfuscation Technique
The proposed technique is an obfuscation technique.Generally, obfuscation is a technique like encryption but it uses different mathematical methods or some critical programming logics to hide original data.The proposed technique obfuscates the data before they are uploaded into the cloud.The proposed technique uses different methods like ascii(), binary(), rotate(), two complex() and decimal() to obfuscate the original data.It also uses a key which is used to rotate the bits.The steps in the proposed obfuscation technique is as follows: Step 1.

. SÅsizeof(PT) // method to find the size of the PT 3. for iÅ 1 to S AC[i]Å ascii(PT[i]) //method to convert into ASCII BIN[i]Åbinary(AC[i]) //method to convert into 8 bits binary BUFFÅappend(BIN[i]) // Buffer variable for combine all the binaries next i 4. Generate a key from cloud K 5. for i Å 1 to K RDÅ rotate(BUFF) // method to rotate the bits one time next i 6. TCÅ two_comple(BUFF) //method to calculate two's complement 7. NÅ S/8 8. for iÅ 1 to N BIT[i]Ådiv_bits(TC) //method to divide the binaries into 8 bits DEC[i]Ådecimal(BIT[i]) // method to convert the 8 bits into decimal CT[i]Å ascii(DEC[i]) next i 9. CTÅCiphertext End 7 Experimental Results
The proposed algorithm is implemented in JAVA.The plaintext is given as the input.The name of the file is "Plaintext_File.txt".The obfuscated file is uploaded to the cloud.To access the obfuscated data, it should be de-obfuscated.The de-obfuscated data stored in a file is called "Deobfuscated.txt".Fig 5 .shows the de-obfuscated data file.The users' data are obfuscated before it is uploaded and de-obfuscated once retrieved from the cloud.Thus, the obfuscation is done in the user's machine connected to the cloud.Time taken for obfuscation and deobfuscation is calculated in the user's machine.Once the data are submitted, then they are obfuscated and uploaded to the cloud server.Security levels of the existing and proposed obfuscation techniques are computed in cloud server.Security level is analysed by using a security analysis tool called Hackman.Performance and security level of proposed technique is compared with existing techniques.
Table 1 represents the performance comparison of obfuscation with existing techniques such as Hexadecimal Encoding, Base 32, and Base 64.The time taken by the existing and proposed obfuscation techniques are calculated for different sized plaintexts.The result shows that compared to the existing obfuscation techniques, the proposed technique has taken low time for obfuscating different size of plaintext.The above performance comparison of security level shows that the proposed obfuscation technique gives maximum security and better performance than existing techniques while storing data into cloud.Hence, the confidentiality of data stored into cloud is achieved.
From the above experimental results it is evident that security level is high in the proposed obfuscation technique.Less time, minimum data size and more efficiency are obtained in this technique compared to other techniques while using security analysis tool called Hackman.The debugging process is more difficult and complicated without the proper, reliable and well-defined de-obfuscation tool.

Conclusion
In this paper, a new obfuscation technique is proposed and implemented secure data confidentiality.This novel method produced high percentage in security level and has taken minimum time for obfuscation and deobfuscation process when compared with the existing techniques while encrypting and uploading data into public cloud storage.In this way the data confidentiality is protected in cloud storage.Thus the security is enhanced through this proposed obfuscation method.

DOI: 10
.1051/ C Owned by the authors, published by EDP Sciences, 201

Figure 3 .
Figure 3. Plaintext File for input

Figure 3 . 3 "
Figure 3. shows the plaintext file for input.This file is obfuscated using the proposed technique and the obfuscated text are stored in another file called

Figure 4 .
Figure 4. Obfuscated File as Output

Figure 6 .
Figure 6.represents the graphical performance comparison of obfuscation with existing techniques such

Figure 6 .
Figure 6.Performance comparison of obfuscation techniques by time Table 2 represents the graphical performance comparison of de-obfuscation with existing techniques.The time taken by the existing and proposed deobfuscation technique is calculated for different size of plaintext.The result shows that compared to the existing de-obfuscation techniques, the proposed technique has taken low time for de-obfuscation of different size of plaintext.

Figure 7 .Figure 7 .
Figure 7. represents the graphical performance comparison of de-obfuscation with existing techniques such as Hexadecimal Encoding, Base 32, and Base 64.The time taken by the existing and proposed deobfuscation techniques are calculated and it is shown.

Figure 8 .
Figure 8. represents the graphical performance comparison of security level with existing techniques such as Hexadecimal Encoding, Base 64, Base 32 and proposed obfuscation technique.The security level of the proposed obfuscation technique is higher compared to the other three techniques.

Figure 8 .
Figure 8. Performance comparison of Security Level The given original text is converted into ASCII codes Step 2. ASCII codes are converted into binary values 0s' and 1s' Step 3. Generate a key k Step 4. Rotate the bits k numbers of time from right to left Step 5. Calculate 2's complement Step 6. Divide the bits into 8 bits Step 7. Convert the binary into decimal Step 8. Convert the decimal into ASCII character codes The pseudo code for the proposed obfuscation technique is as follows:

Table 1 .
Performance comparison of obfuscation techniques

Table 2 .
Performance comparison of de-obfuscation techniques

Table 3
represents the comparison of security level with existing techniques.The result shows that compared to the existing obfuscation techniques, the proposed technique has maximum percentage of security. 09003-p.4

Table 3 .
Security level of obfuscation technique compared with existing techniques