International Journal of Security and Its Applications Vol.9, No.11 (2015), pp.155-166 http://dx.doi.org/10.14257/ijsia.2015.9.11.16 ISSN: 1738-9976 IJSIA Copyright ⓒ 2015 SERSC Ensuring Data Confidentiality and Authentication through Encryption at Application Layer Kaleem Ullah, M.N.A. Khan Shaheed Zulfikar Ali Bhutto Institute of Science and Technology (SZABIST) Islamabad, Pakistan kkqaisrani@yahoo.com, mnak2010@gmail.com Abstract Cloud computing has emerged as a powerful and viable architecture to meet large- scale and complex computational needs of the organizations. It extends the IT capability by providing on-demand access to computer resources for dedicated use. Data security and privacy are the major concerns over the cloud from user perspective. Consequently, the organizations which deal with cloud computing should amicably address the key data security risks. In this paper, a generic scheme of user authentication and data confidentiality has been introduced. We introduce a tool that encrypts/decrypts the user data at application layer using public key infrastructure. The information security experts of both the sides i.e. cloud users and service providers must comprehend and address the risk and security issues in detail before actually benefiting high-end computing power offered by the cloud computing paradigm. Keywords: Cloud Computing, Data Security, Confidentiality, Authentication, Public Key Infrastructure, Encryption 1. Introduction Cloud computing is an emerging computing arena which refers to on demand delivery of both the applications and resources in the form of services over the Internet. The hardware and software resources in a data center that provide diverse servi ces over the Internet are called “cloud” [ 1]. According to NIST, cloud computing provides a convenient on demand network access to a shared pool of configurable computing resources [2]. Here, the term “resources” refer to computing applications, network resources, platforms, software services, virtual servers and computing infrastructure. Generally, the data security is a joint responsibility of the client and cloud vendor. Nevertheless, the client itself is solely accountable for security of all its resources over the cloud. Although cloud computing offers several benefits, especially the low cost computing, but the data security and privacy issues are of serious concerns in this paradigm. There are several conventional methods to secure data as described below. 1.1 Cryptography Cryptography is an effective way to protect information. It is a method of transmitting and storing data in such a way that only the authorized user can access and process it. The commonly used generic terms in cryptography are plaintext (readable data), cyphertext (unreadable data), encryption (conversion process), decryption (reverse conversion process) and algorithm (set of rules used for data encryption and decryption). Figure 1 illustrates the conventional encryption and decryption procedure.