Proceedings of the 5th National Conference; INDIACom-2011

Computing For Nation Development, March 10 11, 2011

Bharati Vidyapeeths Institute of Computer Applications and Management, New Delhi

Data Encryption and its Impact on Performance of Cloud Applications

Dinesh Verma1 and Vikas Raheja2
1,2
Assistant Professor, Dept. of Computer Applications
N.C College of Engineering Israna, Panipat
me.dinesh17@gmail.com1 and rahejavikas@yahoo.com2
ABSTRACT
As cloud computing becomes prevalent, sensitive information
are being increasingly centralized in to the cloud. For the
protection of data privacy, sensitive data has to be encrypted
before outsourcing in to the cloud environment. Several
techniques can be used for providing security in Cloud systems
including encryption and other access control mechanism.
Usually the additional overhead and penalties caused by these
mechanisms is ignored. In this paper, we reinvestigate the issue
of the impact of encryption on the through performance of
Cloud system. The purpose of this paper is also to present the
results of investigations conducted by the authors regarding the
emerging data security and the impact of excessive data
encryption on the performance of Cloud system and discuss
some guidelines for encryption of data in cloud system.
KEYWORDS
Cloud computing, encryption, access control, data security
1. INTRODUCTION
Cloud computing is emerging as a key computing platform for
sharing resources that include infrastructure, software,
application, and business process. The main idea of the cloud
computing is that work done on the client side can be moved to
some unseen cluster of resources on the internet. There are
three major cloud systems catogories: software-as-aservice(SaaS),
plateform-as-a-service(PaaS),
and
infrastructure-as-a-service(IaaS).
Benefits of Cloud Computing:
Minimized Capital expenditure
Location and Device independence
Huge storage
Utilization and efficiency improvement
Very high Scalability
High Computing power
In the last three to four decades the world of computing has
changed from centralized (server attached storage) to
distributed system and now again getting back to virtual
centralization (Cloud computing). Cloud computing providing
unlimited infrastructure to store and execute customer data and
program. As customers you do not need to own the
infrastructure, they are merely accessing or renting, they can

forego capital expenditure and consume resources as a service,

paying instead for what they use.
Cloud computing describe a data-processing infrastructure
in which the application software and the data itself is stored
permanently not on your PC but rather a remote server thats
connected to the internet. When you need to use the application
or access the data, your computer connects to through internet
and some of the information is cached temporarily on your
client machine. This new technique of storage has brings
vulnerabilities in data storage and data access facility. With this
new computing environment where the data widely spread over
the network a lot of attention is required to manage data storage
and its security.
In cloud computing data security is required at different layers
like network layer, process hosting layer, storage layer, system
management layer and application layer [1].
Application layer: Identity management, authorization and
auditing can be used to achieve the data security.
Data Layer: Data encryption, Backup and Recovery are used
to ensure data protection.
Network layer: The cloud environment was configured to drop
packets based on a known signature, whereas alert on packets
identified by the heuristic engine. The network security actors
were then engaged to provide monitoring and updates in a
timely basis. Firewall and an Intrusion Detection System (IDS)
is used at network layer for analyses of traffic against potential
intrusion attempts.
Process hosting layer (Servers): The main issue at the process
hosting layer is the ability to move processing and data from
one physical system to another. Change is inevitable when the
movement takes place between hosts. System hardening,
antivirus and host intrusion detection techniques are used to
protect the host.
Storage Layer: In cloud data of different users could be
mixed. The storage and backup systems needed to provide
sufficient security to ensure cloud user data is not
compromised. It is unacceptable for one user to be able to
access another users data or backup. Encryption techniques are
also used to save the data from the malicious users.
Here the main focus would be on data layer security i.e. data
encryption techniques and its overall effect on the performance
on cloud service. Encrypting and managing encryption keys of
data in transit to the cloud or at rest in the service providers
data center are critical to protect data privacy and comply with
compliance mandates. The encryption of mobile media and the

Copy Right INDIACom-2011 ISSN 0973-7529 ISBN 978-93-80544-00-7

Proceedings of the 5th National Conference; INDIACom-2011

ability to securely share those encryption keys between the

cloud service provider and consumer is an important and often
overlooked need. Because moving large volumes of data
quickly and cheaply over the Internet is still not practical in
many situations, many organizations must send mobile media,
such as an archive tape, to the cloud provider. It is critical that
the data is encrypted and that only the cloud provider and client
have access to the encryption keys.
In order to secure the data in rest and in movement
multilayered security is being used without paying any
attention towards the overall performance of the cloud. This
excessive security is being paid in terms of performance, data
movement and high cost.
2. DATA SECURITY IN CLOUD
As with so many other technical choices, security is a twosided coin in the world of cloud computing. Data privacy in the
cloud becomes more prominent if we compare it with that in
the enterprise computing infrastructure. One of clouds
characteristics is that data storage or data centers are
outsourced to specialized storage services where multitendency may take place. The exact data location becomes
uncertain and can change dynamically.
Encryption is a feasible technical solution for data protection.
However, from an operational perspective, overhead introduced
by data encryption must be considered. Cryptographic
operations such as encryption and decryption are resource
intensive computations[2]. When strong algorithms are applied
they will generate significant impact to the operation of the
applications in the cloud. Therefore, the encryption technique
should not degrade the performance of the cloud application.
Data encryption can be enforced on four layers, from bottom
up to top, they are storage layer, database layer, middleware
layer and application layer. IDCs encryption survey says that
over 66% customers expect to encrypt over 50% of their data.
A weighted average of 55% is expected to be encrypted. Over
80% of end user would deploy host based encryption and end
user will deploy various types of encryption to fit their needs.
So we can avoid the 100% data encryption in order to avoid the
performance penalties and degradations. Encryption can not be
applied without thinking of its consequences on performance.
There are some hurdles also in implementing encryption, few
of them are given below table1.
Table 1: Hurdles to Implementing Encryption
Key
management/data
loss

Complexity

Performance

Traking and
managing
encryption key
Traking and
managing
authentication keys
Data Classification
Impact on OS, applications,
databases.
interoperability
Performance degradation;

degradation
Cost

Scalability
Initial acquisition cost
Deployment cost
From the above table 1, it is clear that the encryption would
affect the cloud application from various angles. So before
applying the encryption one should consider all possible
parameters which can be affected by encryption and avoid
unnecessary encryption of data items.
3. RELATED WORK
Data security in cloud computing is the emerging thrust area in
the research work. Lots of research work is being carried out in
data security in distributed networks like cloud and grid.
Information or data security helps us to ensure privacy and to
protect personal data. IEEE defines the data security as the
degree to which data is protected from exposure to accidental
or malicious alteration or destruction. More specifically
information security is defined as the preservation of CIA
(confidentiality, Integrity and accessibility).
Encryption of data is the widely used technique to secure the
confidential data. There are two basic types of encryption
techniques: symmetric (also known as conventional or secret
key) and asymmetric (public key). The most widely used
symmetric cryptography algorithm is the advanced encryption
standard (AES). One of the most interesting asymmetric
cryptography algorithm is the RSA, developed in 1977 by Ron
Rivest, Adi Shamir and Lan Adleman at MIT. Asymmetric
ciphers are much slower, and their key sizes must be much
larger than those used with symmetric cipher. So an interesting
technique proposed by researchers that combines and
synthesizes the high security of asymmetric cryptography
algorithms with the efficiency of the symmetric approach is
PGP (Pretty Good Privacy). In PGP data are encrypted by
using a symmetric cryptography. Then, in order to secure the
symmetric key, an asymmetric cryptography algorithm is
applied, since this ensures high security.
Zhidong Shen and Qiang Tong have worked on Trusted
Computing Technology in they have integrated Trusted
Computing platform in cloud computing [3]. The TCP will be
used in authentication, confidentiality and integrity in cloud
computing environment. The TCP can improve the cloud
computing security and will not bring much complexity to
users. Because the TCP is based on relatively independent
hardware modules, it does not cost too much resource of CPU,
and can improve the performance of processing cryptographic
computation[4].
So many authors are paying their attention in securing the
data in cloud but paying less attention on performance
degradation caused by the excessive and complicated
encryption techniques.
3. PERFORMANCE COMPARISONS
IDC conducted a survey of 244 IT executives about cloud
services. As figure 1 shows, security concern are the number
one issue facing cloud computing.

Copy Right INDIACom-2011 ISSN 0973-7529 ISBN 978-93-80544-00-7

Data Encryption and its Impact on performance of cloud Applications

decryption operations at runtime. Encrypted data increases the

write times, read times, update times and space requirement. So
there should be some trade of between the encryption of data
and performance of cloud system. All the data in cloud are not
the equally sensitive, so the complexity of encryption can be
different for the different data types. Even the compression
ration is also affected by the encryption of data.
Some comparisons are shown here.

Figure 1: IDCs finding on cloud issues

Ji Hu and Andreas Klein have worked on the performance
penalties caused by encryption techniques. Table 2 compares
encryption on four layers in terms of granularity, performance
penalties, transparency, security strength and vender
dependencies [6].
Figure 2 Comparison of write items
Stora
ge

Performan
ce
Penalties
Secure
data at rest

Low

Database layer
Databa Column
se
Based
Based
Low
High

Middle
ware
layer

Applica
tion
Layer

High

high

Yes

Yes

Yes

Yes

Yes

Secure
data at rest

No

No

Yes

Yes

Yes

Products

Wind
ows
EFS,
Bit
Locke
r etc.

SQL
Server
2008

My
SQL,Or
acle
DB2
ect.

Hiberna
te/Jasyp
t

In figure 2 solid line represents the creation time of encrypted

orders. The dashed line stands for the creation time of the order
in clear text. It is clear that there is an increase in creation time
by encryption. Similarly figure 3 shows that there is also
increase in read time by encryption.

Table 2 Comparison of Encryption on four layer

From table 2 it is clear that penalties caused by encryption at
middleware and application layer is more than storage layer
and databased based does. This happens because more CPU
computing and IO burdens for accomplishing encryption or
Copy Right INDIACom-2011 ISSN 0973-7529 ISBN 978-93-80544-00-7

Figure 3 Comparison of read items

Proceedings of the 5th National Conference; INDIACom-2011

The Storage cost is also affected by encryption of data which

can be determined by the algorithm and the cipher format
chosen for encryption. More complex the algorithm and cipher
format will be more cost will occur. In our benchmark, if a
256bitKey-CBC-AES encryption is applied. The size after
encryption can be calculated using the following formula:
Output size = (4 x ((16 x ((Input size + 16)/16) + 50)/3) +
11)

Figure 4 Space increase by encryption

TCP operates through a combination of software and hardware:
manufacturers add some new hardware to each computer to
support TC functions, and then a special TC operating system
mediates between the hardware and any TC-enabled
applications[6]. TCP provides two basic services, authenticated
boot and encryption, which are designed to work together. An
authenticated boot service monitors what operating system
software is booted on the computer and gives applications a
sure way to tell which operating system is running. It does this
by adding hardware that keeps a kind of audit log of the boot
process.

attack and outsider attack in network-distributed environments,

encryption of data is the essential for migration of application
in the cloud. Form the above related work in cloud security we
have observed that the improper encryption on data degrade the
performance of the cloud application. These penalties caused
by encryption can be minimized by using some means of
lightweight but strong encryption technique on particular layer
whose effect would me minimum on data write, data read, data
movement, and data storage in terms of cost and time.
REFERENCES
[1] Amazon, Amazon Elastic Compute Cloud (Amazon
EC2), available at http://aws.amazon.com/ec2/, 2009
[2] Heng-Sheng Chen, Tsang-Yean Lee, Huey-Ming Lee
Security of message passing based on Grid Environment 4 th
Int. Conference on Computer Sciences and Convergence
Information technology 2004, Page 196-199.
[3] Zhidong Shen, Qiang, The Security of Cloud Computing
System enabled by Trusted Computing Technology, 2010 2nd
International Conference on Signal Processing Systems
(ICSPS) ,page V2-11 to V2-15
[4] Hongwei Li and Shixin Sun, Identity-Based Cryptography
for Grid, 8th ACIS International Conference on Software
Engineering, Artificial Intelligence, Networking, and
Parallel/Distributed Computing 2007,page 132-137.
[5] Nima Behnood Rad, Hamed Shah-Hosseini, GBHE: GridBased Cryptography with AES Algorithm2008 International
Conference on Computer and Electrical Engineering, page 185189.
[6] Ji Hu, Andreas Klein, A Benchmark of Transparent Data
Encryption for Migration of Web Applications in the Cloud,
2009 Eighth IEEE International Conference on Dependable,
Autonomic and Secure Computing, page 735-740.

CONCLUSION
It is clear that data security is utmost requirement for the cloud
services providers to ensure confidentiality. But at the same
tine we can not ignore the performance degradation of the
cloud services due to excessive and some time unnecessary
encryption. So there should be some guide line to decide the
level of security required in cloud services. The encrypted data
takes more time in writing data items, reading data items and
even takes more space as compared to the unencrypted one. So
a encryption with no performance penalty can be used
FUTURE SCOPE
Performance of cloud application is a very important parameter
of QOS and SLA. It will be a good design of SLA if it
describes the performance level with multilayer security. In
order to adequately address security problem such as insider
Copy Right INDIACom-2011 ISSN 0973-7529 ISBN 978-93-80544-00-7