Dynamic virtual cluster cloud security using hybrid steganographic image authentication algorithm

ABSTRACT Storing data in a third party cloud system causes serious problems on data confidentiality. Generally, encryption techniques provide data confidentiality but with limited functionality, which occurs due to unsupported actions of encryption operation in cloud storage space. Hence, developing a decentralized secure storage system with multiple support functions like encryption, encoding, and forwarding tends to get complicated, when the storage system spreads. This paper aims mainly on hiding image information using specialized steganographic image authentication (SSIA) algorithm in clustered cloud systems. The SSIA algorithm is applied to virtual elastic clusters in a public cloud platform. Here, the SSIA algorithm embeds the image information using blowfish algorithm and genetic operators. Initially, the blowfish symmetric block encryption is applied over the image and then the genetic operator is applied to re-encrypt the image information. The proposed algorithm provides an improved security than conventional blowfish algorithm in a clustered cloud system.


Introduction
In recent years, cloud computing gained a better recognition in organization and individuals using storage, computation, and software services [1]. The cloud computing faces multiple challenges, some include auditability, lock-in, transfer problems, confidentiality, unpredictability, performance, storage scalability, bugs, and software licensing [2]. The main risk in cloud computing is its privacy, interoperability, and compatibility [3]. The owner is unaware to control the data privacy and the issues of security and privacy related to data integrity, availability of service, and intrusion in data [4].
The main drawback associated with cloud computing is its issues related to security and privacy of data. Since, cloud computing is an important application in health, banking, and security services [5][6][7], the data is considered sensitive. Hence, better confidentiality has to be maintained at the user and server side during processing, rest, and transfer. This has imposed the present study to consider data security as an important and critical issue that has to be addressed thoroughly. The present research deals with analysing the security using steganographic encryption procedure in cluster-based cloud data model. In the proposed system, the cloud computing security is improved using secured cryptosystem. The modules of steganography security are different for cloud system and general systems, especially in distributed computing. The main feature of the steganography model is that it is possible to make the model work under various sites of the distributed system [8]. For cloud computing, the attacks on steganography operation relate to side channel attacks. To make the steganography algorithm to operate on cloud, the cloud system should provide better elastic services and better support of the steganography algorithm on a cloud environment.
The cryptosystem used is steganography based system, which is designed to work on the distributed data and further, it accumulates and reduces the data loss with increased efficiency without any security loss. The efficiency of the proposed system is computed on both high-performance computation and usage of valuable resource while designing key and random sequence. Careful measures are considered in the proposed study and the proposed method is modelled with machine learning steganography approaches.
In this paper, a domain-specific model is proposed to encrypt the images. The major contributions of this work is discussed as follows: (i) The blowfish algorithm is used for steganographic encryption and genetic algorithm is used to encrypt the image further using crossover and mutation operators during image distribution.
(ii) The novel contribution is the usage of steganographic hybrid encryption which is adopted in cluster-based cloud environment to improve the security of images. (iii) Here, the security is ensured by GA and the BA is utilized to reduce the computations involved in encrypting and decrypting the message.
The outline of the paper is organized as follows: Section 2 provides the related works. Section 3 discusses the proposed hybrid algorithm and the stages of encryption. Section 4 evaluates the performance of the proposed algorithm. Section 6 concludes the work.

Related work
To ensure confidentiality or privacy and to make reliability on storage data, various mechanisms are proposed by the researchers. In [9], a novel authentication scheme is used to combine text and graphical passwords for better access control. The first round of graphical authentication is a recognition technique and the second round is a recall technique. A next step is a behavioural study of the user and this approach offers highly secured systems in real time. In [10], an implicit password authentication system is used, where authentication is presented to the user. If the user "clicks" the grid-of-interest compared with the server, consumer and user are authenticated for using the services. No password information is exchanged between the client and the server. Since the authentication information is conveyed implicitly, this system tolerates shoulder surfing and screen dump attack. The main advantage lies in creating a better authentication space with a large collection of images to avoid short repeating cycles. Image encryption schemes meet the demand for realtime secure image transmission over the Internet [11]. The security of the digital image is important due to the rapid evolution of the Internet.
Homomorphic encryption [12] is a cryptographic tool used widely for improved security in cloud computing. This makes the cloud to operate on specific computation like encryption, ciphertext generation, and decryption. It provides privacy and security to the cloud outsourced data and storage. In [13], homomorphic encryption is used to encode the image with direct operation. It suffers mainly from resource constraints since the encryption is performed mostly on the client side with high computational overhead. Proxy reencryption [14] secures the data sharing in cloud and delegates the capability of proxy re-encryption. The reencrypt is taken place by the re-encryption key. Timeproxy re-encryption scheme [15] does not allow the client to encrypt the data and this avoids computational limitations during the use of resource-based constraint. Secure multiparty computation [16] enables different parties for computing on the same function and maintains the inputs, private. The other schemes related to secure multiparty computation in image processing is seen in [17,18]. However, it does not fit with thin clients, since parties involve in computational overhead due to symmetry property. Convectional cryptographic encryption models are proposed in [19] to encrypt the plain image before sending it over the cloud. It includes lossy image compression [20] with compressive sensing, template matching [21], image masking, and splitting. Steganography technique in [22] stores the images in the cloud. It could be concluded that there are several techniques available to encrypt the data storage in a cloud environment using proxy re-and homomorphic encryption.
However, the proposed technique does not fit with the above technique, since the operation involves the encryption of images inside the cluster cloud network and further the resource is user limited. The secure multiparty computing can be used in such a hybrid cloud; however, the cost of operation at the client side is still expensive. Here, many steganography techniques [23,24] for image encryption is studied, but adoption in the cloud environment [20] is still less. The studies failed to report the hiding of images during its distribution over the cloud. Computation on such steganography image is not available in conventional literature.

Proposed algorithm
The proposed method is intended to provide proper authentication of images in the hybrid cluster cloud system. The high-level security is attained by using a dual encrypting algorithm or SSIA algorithm. This algorithm uses blowfish technique to encrypt the image information and then the genetic operators like crossover and mutation is used to encrypt the encrypted parent individuals. The subkeys of the blowfish are stored in the cloud storage which avoids unauthorized access. This method avoids the selection of random individuals to encrypt the images since it is difficult to decrypt the images by the third party. However, a random number is utilized for the following purposes: (1) to encrypt the plain text with xor operation and (2) to reduce the total rounds in the blowfish algorithm.
Initially, a new random number is generated by the selection of a new random number by genetic algorithm from the whole set of population. The random number generated is of 64 bits and it checks for minimum five ones in the least significant bits of the random number, usually 16 bits. The generation of the random number is shown in Figure 1. Depending on the position of the ones in random number i.e. least significant 16 bits, the function F is executed. If the least significant 16 bits have zeros then the rounds will not be executed. Now, check the condition P i lesser than 16, since the output of N is 16. When the condition is true, the loop goes from the initial condition of generating population, on the contrary, the random number obtained from f is stored.
The operation of two-tier encryption by the blowfish and genetic algorithm is shown in Figure 2. This leads to severe variation in function F during the process of executing the encryption and decryption function. This method resists the attacks at any stages or rounds since it executes five rounds using blowfish and the final rounds are done genetically. The proposed method thus has an integrated SSIA algorithm to provide high-level security to the images in the private cloud.

Blowfish algorithm
Blowfish algorithm is a symmetric operation, which is used for both encryption and data protection in highend system. The algorithm operates on a key length of 32 bits, variable in its manner and it extends till 448 bits. This is considered supreme for protecting the data in the cloud environment. This is a 16-round Feistel cipher with 4 keydependent S-boxes. The scheduling procedure of key is done by initializing both the S-box and P-box and the  values are obtained from hexadecimal digits of p i with an improper pattern, respectively. The P-box entries are XORed with the secret key to improve the encryption process. When the value of i is lesser than 16, the process gets back to the initialization step, where f (i) is the considered one to acquire xL and xR, otherwise only xL is computed. On the other hand, when the value of i is greater than 16, then the process shifts to final operations like swapping, second level encryption, crossover, mutate, and combination of child individuals.
From Figure 3, the matrix value of each pixel value is obtained. The matrix values are used to obtain the RGB plane and it is dissected vertically into two halves, xR and xL. Each half is of 32 bits and the keys of two halves are encrypted individually using a user-defined key. The encrypted planes are then retrieved by concatenating vertically the two halves, xR and xL. The encrypted RGB planes are then merged together for constructing the final image, which is passed to the next stage of genetic operation.

Operation of blowfish algorithm
The entire blowfish operation takes place under 16 rounds. Initially, a random number is generated and then the given input image of 64-bit element is generated. Then, the random number is XORed with the input data. The x is divided into two equal halves, each of 32 bit size, namely, xL, xR.

Genetic algorithm
Genetic algorithm searches the individuals based on the probability and it solves the problem associated with optimization. This paper assigns the individuals to encrypt the given images using crossover and mutation operators. Also, the selection of individuals for random numbers is based on natural selection procedure. The main steps of the proposed genetic model have initial random number generation and assessment of individuals, obtained from the blowfish algorithm. It involves computing parent after selection from blowfish and production of offspring. Then, the child is allowed to mutate and next generation is chosen.
The generated chromosomes or random number from the entire set of population has a gene of different variants. Then, the suitable fitness function is assigned to assess the chromosome since it is a natural selection process, the higher fitness chromosome individuals are chosen for the next generation and then it is XORed with the input values. Finally, it produces children and proved to be fittest in terms of the initial fitness function.
The main aim is to find the optimal value of such element. Here, each chromosome has genes that are referred to as variables or element. Due to the natural selection process, the chromosome of parents competes with each other, depending on the fitness function. The higher compatibility objective function reproduces with higher probabilities based on following equation 1, The ith probability of chromosome is denoted as P, with fitness value of the chromosome is denoted by Fitness. Finally, the child chromosomes from the two parent genes are shown in equation 2, 3, where xL and xR are the child chromosomes and P 1 and P 2 are the parent chromosomes. Here, α and β are the constant values, where the values lie between 0 and 1. During mutation, the parent chromosome from the blowfish stage of random position interchanges, in terms of its bits. The main aim is to increase the fitness of the chromosome, so that when the chromosome stay fit when the image pixels are shuffles and the pixel correlation stays least.

Blowfish image decryption
The output of the combined bits are given as an input to the blowfish decryption, which operated in the reverse way of the encryption mode; however, the order of the rounds is operated in a reverse way.

Proposed cloud stegnographic image authentication model
The proposed security model on cluster private cloud shares the image data in a dynamic way over the untrusted cloud. The proposed model preserves the data and identity. The unauthorized access of the data is prevented using hybrid stegnographic model with improved security in the private cloud. This is attained using the edge detection technique, which reduces further the key size and computational complexity. The data is accessed by the end user and it is not authorized to be used by the other data owners. The proposed data cloud model is shown in Figure 3.
The proposed SSIA algorithm is intended to share the user data in clusters and provides privacy and security when it is been distributed over the cloud. SSIA algorithm had embedded image like image steganography; however, an edge detection method is used for edge detection, where the user data is hidden. Prior to hiding the cover image data, confidentiality method is used to encrypt the data using the above blowfishgenetic operator.
The ciphertext while encrypting an image depends on the key with high quality, perfect selection, and design, since the adjacent pixel arrangement in the transposition cipher is disturbed and rearrangement pattern selects the encryption quality. The key is used to derive the rearrangement pattern and the quality of encryption is improved with the proper key. The rearrangement of n-pixel blocks is done using a key with n numbers of n! patterns. The genetic algorithm is used to improve the search pattern for obtaining the optimal value.
In the proposed method, the best chromosome is affected heavily by the image pixel correlation. Here, the chromosome of size 16 is considered and the elements are integers, which indicates the updated position by the image pixel with a block size of 16. Each integer of the element in the chromosome is said to exist between the values of 1 and 16. The integer k on the chromosome (left) is considered as the new position, which is been assigned to pixel (k) inside the string of chromosome. The fitness function is used to evaluate how fit the chromosomes is, which is given in equation 1.
The proposed method uses the initial pre-processing operation to improve image encryption in an effective way. The image blocks are applied with the scrambling technique for pre-encryption process. Then, the image is broken down into small square blocks with 90 deg phase shift along the counter-clockwise direction, which has been flipped upside down. Finally, the transformed image is obtained from such shuffled blocks using the chaotic generator.

Experimental results
The proposed encryption algorithm is applied on Lena image. To check the effectiveness of the proposed SSIA algorithm, the correlation between the pixel blocks is tested. Initially, the pre-processing is carried out to obtain the transformed image. Then, RGB output images using blowfish and genetic algorithm is encrypted and analysed the performance of security over private cloud clusters. The results of encryption are shown in Figure 4.

NPCR and UACI
The proposed method uses double-layer encryption model, which is evaluated using pixels changing rate (NPCR), unified average changing intensity (UACI), and correlation co-efficient (CC).
The parameters, NPCR and UACI, have used security analysis during the process of image encryption. NPCR checks the pixel's absolute number and UACI checks the average difference between the cipher images (two pairs). The encryption technique is proved efficient if the value of NPCR is high and the value of UACI is low.
where C 1 and C 2 are the cipher images and D is the bipolar array, T is the total pixels in cipher image, and F is the largest pixel value in cipher image. PVAL is the qualitative NPCR/UACI and SCR is the quantitative NPCR/UACI. The values of the NPCR and UACI for the encryption using blowfish algorithm is shown in Tables 1 and  2. Similarly, the NPCR and UACI for the encryption using the proposed algorithm is shown in Tables 3  and 4.

Correlation coefficient
The correlation between the Lena images for encryption and decrypted image is shown in Table 2. From the results, it is seen that the proposed algorithm attains a better correlation than the blowfish alone. This is due to the fact that the proposed algorithm selects optimally the image pixels using a genetic algorithm.

Execution time
The execution time of the proposed system is compared with other conventional methods, shown in Table 3.
From the table, it is concluded that the proposed method attains a lesser execution time for encryption and decryption than the existing techniques like adaptive LSB substitution [25], adaptive neural networks [26], and iterative magic matrix encryption algorithm [25]. The simpler computation process attains a lesser execution time in the proposed system than the other methods, where all the three methods possess higher computational process.

PSNR
PSNR is used to test the difference between the original and processed image and it is considered as a main criterion to identify the image quality. The stego quality of the images under steganographic method with various embedding rate is estimated using the messages, which is embedded into 1000 cover and 1000 stego images. The PSNR results between cover and stego images is  shown in Figure 4.
where d is the number of bits for representing the samples. Further, the mse is the mean of m k values over entire image blocks: and m k is the mean square error between the blocks, which is given by From the results of Table 4, it is found that the proposed system attains better results than the conventional methods. This is due to the fact that the least significant bits have changed in the cover image. The PSNR of the proposed method under varying embedding rates are always greater than 40 decibels and that lies in the acceptable range.

Conclusion
Security in hybrid cluster cloud environment is an important concern in this paper, which is achieved dynamically by hybrid steganographic model in the private cloud. The issues related to security of images in the cloud is carefully handled by the proposed system using dual-type encryption model. This model performs fast and ensures better security with hybrid blowfish and genetic operator model. The selection of chromosomes plays a major part, which is attained in an optimized way than the other cryptographic algorithm over the cloud environment. From the results, it is seen that the proposed method attains better security than the conventional model and ensures fast processing capability. The risk of providing security over dynamic clusterbased private cloud is attained carefully with better operation, which does not increase much the computational complexity of the cloud system. Further, the Table 3. Execution time (in seconds) of the proposed method with other conventional methods.
Adaptive LSB substitution [25] Adaptive neural networks [26] Iterative magic matrix encryption algorithm [25] Proposed  Table 4. PSNR of the proposed method with other conventional methods.
Embedding rate LSB replacement Adaptive LSB substitution [25] Adaptive neural networks [26] Iterative magic matrix encryption algorithm [25] Proposed work can be improved with the use of proxy-encryption with the highest entropy and least correlation than this work.

Disclosure statement
No potential conflict of interest was reported by the authors.