METHOD AND SYSTEM FOR SECURELY COMMUNICATING IN A COMPUTING ENVIRONMENT

Abstract

Data security and storage challenges increasingly impact consumers' interactions with computer systems. Cloud computing addresses storage issues effectively, but securing data in the cloud remains a critical concern. This paper focuses on safeguarding data in cloud environments through a proposed encryption technique, with four primary objectives. The first goal is to develop an advanced cryptographic algorithm to enhance data safety. The second is to automate the generation of encryption keys. The third aims to minimize the key size required for encryption, and the fourth focuses on reducing the number of keys used during the encryption rounds. Achieving these objectives will ensure secure cloud data storage while improving performance compared to existing approaches. The proposed method emphasizes both efficiency and security, offering a practical solution to mitigate data security risks in cloud environments.

Specification

Description:FIELD OF INVENTION
The field of invention relates to secure communication in computing environments, focusing on methods and systems that ensure data confidentiality, integrity, and authentication. It includes advanced cryptographic techniques, secure protocols, and access control mechanisms to protect sensitive information during transmission and storage, addressing vulnerabilities in networks, cloud computing, IoT devices, and distributed systems.
BACKGROUND OF INVENTION
In the digital age, secure communication in computing environments is critical as organizations and individuals increasingly rely on interconnected systems to share and process sensitive information. With the rise of cloud computing, IoT devices, and distributed systems, the risk of cyberattacks, data breaches, and unauthorized access has grown exponentially. Traditional security methods often fail to provide adequate protection against sophisticated threats, such as man-in-the-middle attacks, phishing, malware, and advanced persistent threats (APTs).
Existing communication systems are vulnerable to exploitation due to weaknesses in encryption protocols, insecure authentication methods, and inadequate network protections. For instance, reliance on static encryption keys or outdated algorithms can expose systems to brute force or cryptographic attacks. Similarly, poor implementation of access control mechanisms or weak identity verification can lead to unauthorized access and data leakage.
The demand for robust and efficient systems that ensure secure data transmission, authentication, and integrity verification has become paramount. These systems must address the challenges of scalability, high performance, and seamless integration with existing infrastructure while remaining resilient against emerging threats.
This invention aims to overcome these limitations by introducing a novel method and system for securely communicating in a computing environment. Leveraging advanced cryptographic techniques, dynamic key management, secure protocols, and adaptive threat detection, the invention ensures confidentiality, integrity, and authentication of data. It is designed to provide comprehensive security for diverse applications, including enterprise networks, IoT ecosystems, cloud platforms, and other critical computing environments, safeguarding against evolving cyber risks.
The patent application number 201941009729 discloses an apparatus and methods for accelerating tasks during storage caching/tiering in a computing environment.
The patent application number 202047018096 discloses a provisioning using pre-fetched data in serverless computing environments.
The patent application number 202147044172 discloses a transferral of process state and/or components in computing environments.
The patent application number 202111052884 discloses a method and system for securly communicating in a computing environment.
The patent application number 202247048192 discloses a secure key exchange in a computing environment.
SUMMARY
The invention provides a comprehensive method and system for securely communicating in a computing environment, addressing critical challenges in data confidentiality, integrity, and authentication. It incorporates advanced cryptographic techniques, dynamic key management, secure communication protocols, and adaptive threat detection to safeguard sensitive information during transmission and storage.
A core aspect of the invention is the dynamic encryption mechanism that utilizes adaptive algorithms for real-time key generation and exchange, mitigating risks associated with static keys. The system employs multi-factor authentication and identity verification to prevent unauthorized access while enabling robust user authentication in diverse environments.
To ensure data integrity, the invention integrates tamper-proof hashing mechanisms and real-time integrity checks. It also includes intrusion detection and anomaly detection systems powered by machine learning to identify and respond to threats proactively. The system adapts to varying network conditions and scales efficiently to accommodate complex and distributed architectures such as IoT, cloud computing, and enterprise networks.
A unique feature of the invention is its seamless integration with existing infrastructure, ensuring compatibility with various communication protocols and computing environments. By implementing end-to-end encryption and secure tunneling mechanisms, it provides an additional layer of protection against cyber threats such as man-in-the-middle attacks, data breaches, and eavesdropping.
This invention delivers a robust, efficient, and scalable solution to secure communication, offering significant advancements over traditional methods. It is particularly suited for applications in critical sectors, including finance, healthcare, defense, and telecommunications, ensuring resilience against evolving cybersecurity threats.
DETAILED DESCRIPTION OF INVENTION
In today's digital landscape, limited hard drive storage has led to the widespread adoption of cloud computing for data storage tailored to user needs. While cloud computing offers convenience, flexibility, and cost-effectiveness by abstracting and virtualizing resources, it also raises significant concerns about data security and privacy. Information stored in the cloud is accessible over the internet, making it vulnerable to unauthorized access and cyberattacks. Cryptography plays a crucial role in ensuring data confidentiality in cloud environments by transforming data into an unreadable format for unauthorized users and reverting it for authorized entities.
This paper explores data security in cloud computing, focusing on cryptographic algorithms and the use of keys in encryption processes. Symmetric and asymmetric key encryption are the two primary methods, with the former using the same key for encryption and decryption and the latter relying on a public-private key pair. The strength of cryptographic security depends on key size, design, and implementation. The proposed method aims to optimize key size and structure to enhance encryption efficiency and reduce computational overhead.
In the first part of the related work, we review studies on data security and cryptographic algorithms in cloud computing environments. Data stored in the cloud, while convenient, is susceptible to hacking during transmission. One study introduces a novel cryptographic algorithm for safeguarding cloud applications, highlighting various encryption techniques and their roles in mitigating risks like Man-in-the-Middle attacks. Another proposes a framework utilizing public auditing and dynamic indexing for secure data auditing in cloud storage, ensuring data integrity and preventing DoS attacks.
Other research demonstrates how encryption mechanisms enhance cloud data security. Algorithms are tested across diverse file sizes, ensuring efficiency and reliability. Techniques like data mining and decision tree algorithms have also been employed to bolster security levels. A lightweight cryptographic algorithm featuring a 128-bit block cipher is proposed, incorporating advanced methods such as Feistel architecture, XOR, and shifting for enhanced encryption strength.
In the second part, key usage in cryptographic algorithms is explored. Studies evaluate the strength of key scheduling techniques, focusing on statistical properties like randomness and independence. A new approach reduces key sizes by up to 54%, accelerating encryption without compromising security. Recommendations for determining key lengths balance security and computational efficiency, emphasizing the importance of well-designed cryptographic systems.
Design of the Proposed Algorithm:
This research presents a novel approach to enhance data security in cloud computing environments. The method involves encrypting plaintext data, transforming it into an unreadable format before transmission to the cloud. This ensures that stored data remains secure and inaccessible to unauthorized users. The encryption process consists of multiple rounds, as illustrated in the proposed methodology. Specifically, the data undergoes 18 encryption rounds, each utilizing three primary steps: Transport Subbytes, Row Transit, and Round Key.

Figure 1: Data Encryption
Encryption Process: Data (Plaintext):
Plaintext refers to the original text or information intended for protection through the proposed encryption technique. Before transmitting data to the cloud, it is secured using the outlined process, ensuring robust cloud data security.
Initially, the plaintext is subjected to a bitwise XOR operation with a 32-bit key, which is generated automatically using a pseudo-random generation technique. To enhance security further, the key is combined with a control vector. The result of this operation, referred to as the state array, serves as the input for the next step, Transport Subbytes.
Transport Subbytes:
The state array serves as the input for the byte substitution step known as Transport Subbytes. This process substitutes each byte with a new value by passing it through a specific function and transforming it using an S-Box table. Each byte is located within the S-Box table using its hexadecimal representation. For example, if a byte has a hexadecimal value of 43, the first digit (4) corresponds to the row, and the second digit (3) corresponds to the column in the S-Box table. The value at this row and column is used to replace the original byte. The output from this substitution forms the new state array for subsequent steps.
Rearranging Rows:
The output of Transport Subbytes is passed to the row rearrangement step. This step offsets or shifts the values in the last three rows of the state array by a specific number of positions. Each byte in the row moves a certain number of places to the left, with the leftmost value wrapping around to the rightmost position. This shifting rearranges the bytes in the state array, making it challenging to predict the original arrangement. This transformation ensures added complexity and security. The result is then sent to the next step: incorporating a round key.


Incorporating a Round Key:
In this step, the output from the previous stage is combined with a round key. Initially, a private key is used, but for added security, subkeys are generated for subsequent rounds. A new subkey is created every four rounds using the Rijndael method based on the key schedule. These subkeys, combined with control vectors, strengthen the encryption. During this process, the values from the round key and control vector are added to the corresponding bytes in the state array. This step is crucial as it is applied at both the beginning and the end of the encryption process.
Repeating Rounds:
The encryption process involves 18 rounds of these steps: Transport Subbytes, Rearranging Rows, and Incorporating a Round Key. These iterative transformations ensure that plaintext is progressively encrypted into an unreadable format (ciphertext).
Producing Unreadable Text:
After completing all 18 rounds, the sensitive plaintext is fully encrypted into an unreadable format. This ciphertext is highly secure and cannot be accessed or interpreted by unauthorized users. The encrypted data is then transmitted to the cloud for safe storage, ensuring robust protection against unauthorized access.
Automatic Key Generation Approach
A key is a sequence of random characters arranged in a specific order, essential for encryption techniques to securely scramble data, rendering it unreadable without the corresponding key. In cryptography, keys are generated through a systematic process, and these keys enable encryption of data or information. Typically, integers serve as the basis for keys in computer cryptography.
Keys can be generated randomly using a Random Number Generator (RNG) or a Pseudorandom Number Generator (PRNG). PRNGs simulate randomness computationally, producing outputs that appear random under analysis. PRNGs seeded with system entropy enhance security, as they make predicting the initial conditions significantly more challenging. Additional randomness can be introduced by incorporating external system data into the key generation process.
In the proposed approach, a PRNG combined with the Rijndael algorithm is employed to generate keys automatically. This method ensures robust and unpredictable keys to perform encryption effectively.

Minimizing the Number of Keys for Encryption
Conventional encryption techniques often generate multiple keys and subkeys for their processes. For instance, the DES algorithm creates 16 subkeys for its 16 rounds of encryption and decryption. In these methods, a separate key is computed and used for each round, resulting in the need for numerous keys.
The proposed approach aims to minimize the number of keys and subkeys required while maintaining encryption strength. This is achieved by reducing the key count to six for the entire 18-round encryption process:
1. Initial Key: Used in the first round, XORed with plaintext and coupled with a control vector.
2. Four Round Keys: Each key is used for four consecutive rounds, coupled with the control vector, ensuring efficient and secure encryption.
3. Final Round Key: Applied in the last encryption round, combined with a control vector for enhanced security.
This approach significantly reduces the key count compared to existing methods, simplifying the encryption process without compromising on security. By coupling keys with control vectors, the proposed method ensures strong encryption while utilizing fewer keys.

Reducing Key Size During Encryption
The encryption process relies on the key to govern operations on the data (plaintext). Only the correct key can be used to successfully transform plaintext into encrypted text and vice versa. While encryption algorithms are typically public, the security of the system depends solely on the complexity and secrecy of the key. This emphasizes the importance of the key in maintaining system security.
In the proposed approach, a 32-bit key is used for data encryption, ensuring strong security. This key is automatically generated using a pseudorandom number generator and is cryptographically combined with a control vector to enhance encryption strength.
The method incorporates control vectors to regulate the use of cryptographic keys. Each key is paired with an associated control vector, which defines its allowable operations within the encryption system. During key generation, the control vector is cryptographically bonded to the key through a specialized encryption process. This coupling ensures that unauthorized actions cannot deduce the key or decrypt the resulting encrypted data.
Illustration of the Proposed System
Overview of the Proposed System
The proposed system includes a user-friendly interface for encrypting data to ensure secure storage in a cloud environment. The homepage allows users to input plaintext and automatically generate encryption keys by clicking the "Generate" button. For strong encryption, a 32-bit key is generated using a control vector, and a total of six keys are utilized throughout the encryption process:
• Two keys for the initial and final rounds.
• Four keys distributed across the intermediate 16 rounds (one key per four rounds).
The control vector is cryptographically combined with the keys during the background process to enhance security. Unlike conventional systems that generate a new key for each round, this approach reduces the total number of keys while maintaining robust encryption. Upon clicking the "Encrypt" button, the plaintext is transformed into unreadable text, ensuring its security during transmission to the cloud.

Figure 2: Proposed system
Plaintext Input
The system provides a dedicated interface for users to input plaintext. This text serves as the data to be encrypted. The plaintext entered is then processed through the encryption mechanism to ensure secure transformation into unreadable text.

Figure 3: Plaintext input image
Key Generation and Round Key Incorporation
The key generation process is designed for simplicity and efficiency. Keys are generated and integrated into the encryption rounds via a streamlined approach. The system ensures strong encryption by cryptographically coupling the generated keys with the control vector, minimizing the risk of unauthorized decryption.

Figure 4: Key generation
Output: Unreadable Text
Once encryption is complete, the plaintext is converted into unreadable text. This encrypted data is then securely stored in the cloud. The proposed method significantly enhances security, making it extremely challenging for unauthorized users to revert the unreadable text back to plaintext.

Figure 5: Encryption of plain text
DETAILED DESCRIPTION OF DIAGRAM
Figure 1: Data Encryption
Figure 2: Proposed system
Figure 3: Plaintext input image
Figure 4: Key generation
Figure 5: Encryption of plain text , Claims:1. Method and System for Securely Communicating in a Computing Environment claims that a method for securing data communication in a computing environment, wherein plaintext is encrypted into unreadable text using a 32-bit key generated automatically through a pseudorandom number generator (PRNG) and cryptographically combined with a control vector.
2. Reduced Key Usage: A system that minimizes the number of keys used during encryption by generating six keys for an 18-round encryption process, including one key for the initial round, four keys for intermediate rounds, and one key for the final round.
3. Control Vector Integration: An encryption system that incorporates control vectors with each key to define their usage, enhancing cryptographic strength and restricting unauthorized access.
4. Round-based Key Generation: A system employing round-based key scheduling where a single key is reused across four rounds, reducing computational complexity while maintaining strong encryption.
5. Transport Sub Bytes Transformation: A method of byte substitution during encryption, utilizing an S-Box table to convert each byte in the state array to a new value, ensuring data obfuscation.
6. Row Rearrangement: A technique for enhancing encryption security by rearranging rows in the state array, shifting values to disrupt patterns and prevent reverse engineering of the plaintext.
7. Dynamic Key Incorporation: A method of integrating dynamically generated subkeys into the encryption process in conjunction with control vectors, ensuring adaptive and robust data protection.
8. Cloud Data Protection: A secure communication system for transmitting and storing encrypted data in a cloud environment, ensuring unreadability and protecting against unauthorized access.
9. Automated Key Generation: A system that generates encryption keys automatically using PRNG seeded with system entropy to increase unpredictability and enhance data security.
10. End-to-End Security Assurance: A method ensuring end-to-end encryption for data communicated between devices and cloud storage, maintaining data confidentiality and integrity throughout the transmission process.