Hybrid AES-ECC Model for the Security of Data over Cloud Storage

Round 1
Reviewer 1 Report
The authors have proposed a method for secure cloud computing that combines AES and ECC. However, the structure of the paper does not allow us to understand the advantages of the proposed method, and we cannot make a decision based on the current data. The reviewers ask the authors to review the overall structure of the paper based on the following points.
- The structure of the paper is strange. The reviewer think that the proposal is to build a secure cloud service by combining AES and ECC. However, Fig. 4, which is the proposal, is a common configuration and not novel. Also, it does not show that it can prevent the attacks pointed out by the authors. Figure 4 is not divided into entities such as upload user, download user, server, etc., and is not a diagram that can be used to discuss the security level. The authors should properly explain the novelty of the proposed method.
- Since the idea of combining ECC and AES is not new, it seems that the authors need to discuss how to combine or implement them to achieve higher speed. However, the comparisons in Fig. 5 and Fig. 6 seem to only list the existing cryptographic algorithms and compare their performance. Therefore, it does not seem to be a fair comparison since there is no discussion on the data size when constructing the system. The authors should compare the performance against something close to the proposed system.
- This comment related to item 2. Why single AES is slower than Hybrid method? Hybrid method include single AES. This does not seem to be correct. The authors should not only present the data but also the comparison conditions. As it is, the reader cannot judge whether the data is correct or not.
Minor:
Wording is strange. What is Elliptical curve. ECC is Elliptic Curve Cryptography. The author should check and update usage of technical term. Some word is difficult to trace. For example, what is hybrid method? Is it proposed one? The author should read related paper which cited by many papers and use same way to show your proposed method.
It seems very low-quality figures. The resolution of each entity and organization of figures don’t support the understanding of proposed method.
Author Response
[Electronics] Manuscript ID: electronics-1388628
Hybrid AES-ECC Model for the Security of Data over Cloud Storage
Saba Rehman, Nida Talat Bajwa, Munam Ali Shah, Ahmad O. Aseeri and Adeel Anjum
We thank the anonymous reviewers for their valuable comments and suggestions. We have revised the paper. The changes proposed by Reviewer 1 has been highlighted with the yellow color in the main file whereas, the changes of Reviewer 2 have been written with the red font color in the main file.
Reviewer 1 (major issues)
|
|
|
The structure of the paper is strange. The reviewer think that the proposal is to build a secure cloud service by combining AES and ECC. However, Fig. 4, which is the proposal, is a common configuration and not novel. Also, it does not show that it can prevent the attacks pointed out by the authors. Figure 4 is not divided into entities such as upload user, download user, server, etc., and is not a diagram that can be used to discuss the security level. The authors should properly explain the novelty of the proposed method.
|
The structure of the paper is revised. A new section i.e., Section 3.1 is added which also explains the paper flow with the help of a methodology diagram. Moreover, Figure 4 is now updated. It can be observed that how the proposed scheme differs from a normal encryption technique. The details have been elaborated in the Lines 318-319 on Page 12 of the main file. A preview of the Figure 4 is provided in appended text. Following text has been added in the main file. “Attack prevention can be done in the following way. For example, if attacker wants to attack on user side, in order to gain user personal information or for some other purpose; in the proposed approach, once the user upload the input file, file is converted into encrypted text with the help of AES Encryption, now the text is fully encrypted. So, if in a case attacker performs attack and somehow get the user uploaded file, then it’s useless because information is already encrypted on uploading. Similarly, on the other end, if attack performed, attacker is not able to decrypt the encrypted file and hence the data is secured from attacks.” Also in the Fig.4, now the division of entities can be clearly seen like upload user and download users are now mentioned properly. “Novelty of the proposed method can be seen in the new proposed diagram, in which secure transmission of user data to server and then storage mechanism is even secured due to encrypted data. Also, novelty can be determined in terms of computational cost and time.” Quoted descriptions are also added in the main file as well in the lines 321-331 in Page 13 of the main file. |
|
Since the idea of combining ECC and AES is not new, it seems that the authors need to discuss how to combine or implement them to achieve higher speed. However, the comparisons in Fig. 5 and Fig. 6 seem to only list the existing cryptographic algorithms and compare their performance. Therefore, it does not seem to be a fair comparison since there is no discussion on the data size when constructing the system. The authors should compare the performance against something close to the proposed system. |
Explanation of Fig. 5 and Fig. 6 is now updated for comparing the performance fairly. Following text has been added in the main file. “Figure 5 and 6 shows comparison of the encryption and decryption time of the data with different cryptographic algorithms. Hence, the results are prominent that the Hybrid ECC-AES approach takes less time to encrypt and decrypt data than the existing approaches. Also, the hybrid ECC-AES algorithm has characteristics of both algorithms which provides higher security by increasing the complexity and makes the system strong against attacks. It can also be clearly seen that encryption and decryption time for proposed Hybrid Algorithm is much less as compared to other algorithms. As the time for encryption and decryption is reduced, so as our computational cost also reduced, which is very effective. Hence, our proposed approach works efficiently than others. The evaluation of our proposed scheme is based on encryption time, and decryption time.” Same description is added in the main file on lines 400-409 in page 17 of the main file as well below Fig. 5 and Fig. 6. Added Data Size section in Section 4, under sub-heading 4.3 in lines 384-391 on page 15 of the main document. Following is the newly added text. “We take 3 different images datasets for the comparison of our proposed method with other existing schemes because images usually take more time than the text data, so we want to check the computational cost as well as time required to complete the Encryption and Decryption of the images. Reason for taking different datasets is to compare performance in multiple scenarios. Size of datasets on which experiments are performed is 3233, 4830, 6308 respectively. We take three different dataset sizes for ensuring our proposed scheme works efficiently in each one.” Above same description is also added in the Data size section as well. We also compare our proposed system with one of the closely related system i.e., AES and Blowfish. Comparison can clearly be seen in Fig. 4 and Fig. 5. |
|
This comment related to item 2. Why single AES is slower than Hybrid method? Hybrid methods include single AES. This does not seem to be correct. The authors should not only present the data but also the comparison conditions. As it is, the reader cannot judge whether the data is correct or not.
|
Yes “It’s true that single AES is little bit slower than the Hybrid (AES-ECC) method due to its large key size, while Hybrid method allows reduced key size as well as faster security mechanism for securing the data. Another reason is that small key size is the main property of ECC, and when AES uses ECC for encryption, key size is reduced and hence performance is increased.” Quoted description is also added in the main file in lines 305-310 on Page 12 of the main document.
|
|
Wording is strange. What is Elliptical curve. ECC is Elliptic Curve Cryptography. The author should check and update usage of technical term. Some word is difficult to trace. For example, what is hybrid method? Is it proposed one? The author should read related paper which cited by many papers and use same way to show your proposed method.
|
Elliptical curve is now abbreviated to Elliptical curve cryptography (Line 20, Page 1). Description about important words is now abbreviated correctly. “Hybrid method is the proposed AES-ECC method. Main reason for combining AES with ECC is to reduce the key size of the data by not compromising the security of the system.” Added explanation in the main file at page 17 in lines 397-399. Also, Hybrid method is now described in Introduction section of the paper in lines 62-68 on page 2 of the main file. As mentioned in the paper, Chen et.al proposed AES-ECC approach first time, for increasing the system security. We read few papers of Chen et.al, to check the method for showing our best and made all possible changes accordingly.
|
|
It seems very low-quality figures. The resolution of each entity and organization of figures don’t support the understanding of proposed method.
|
Some figures in the paper are now updated. We tried to improve the figure quality by importing them directly into the Word file instead of pasting. Figure 1, Page 4, Line 105 Figure 3, Page 5, Line 134 Figure 4, Page 11, Line 318
|
|
Reviewer 2 (major issues) |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Please briefly discuss AES and justify the importance and the hypothetic advantages of the proposed method (combining the ECC and the AES). In other words, please explain why we need this new method to ensure authentication given that many existing data security methods have been developed recently. |
“AES is based on the Symmetric key Encryption algorithm, which was developed for the replacement of Data Encryption Standard (DES) and is much faster than the DES because AES contains 128-bit key size whereas DES contains 64-bit key size. Hypothetic advantage of the proposed method i.e., Hybrid Method (AES-ECC) is maintaining the security of the system over cloud storage efficiently. Main reason for using this Hybrid approach is to reduce the key size of the data while maintaining the security of the system efficiently in less time. Although, many authentication methods exist, however, computational overhead cost and time is not aimed to minimize. In the proposed research, our focus is to make an encryption technique which is less computationally expensive for cloud environment. All the above details are also added in the Introduction section in Page 2 on Lines 51-55, 62-68 respectively. The need of the AES along with its justification is now provided in the Introduction section. Moreover, the need for authentication forms part of the paper. |
||||||||||||||||||||||||||||||||||||||||||||||||||
I cannot find any citations in Section 1. Please go through this section again and add citations to support your arguments. |
Four new references i.e., [1], [2], [3] and [5] have been added in the Introduction section for supporting arguments in the lines 52, 58, 59 and 87 respectively. |
||||||||||||||||||||||||||||||||||||||||||||||||||
Related Work. Please justify the originality of this paper since the AES-ECC method was firstly proposed by Chen et al. (2021) (line 123).
|
The main difference between Chen et al. work and the proposed work is the key size. Secondly, a reduced key size which can lower the computational cost over cloud environment and takes less time than existing security schemes. This is our main contribution and the required details are provided at the end of Page 2 in the main file. |
||||||||||||||||||||||||||||||||||||||||||||||||||
Methodology. Please add a section to describe and discuss the methodology |
Methodology section is added in Section 3 of the paper, under subheading 3.1 Research Methodology. “Below is the research methodology that we followed for this paper:
Firstly, we studied about many existing security schemes and find their limitations for comparing their performance and find out drawbacks in existing schemes. After finding Limitations, we found that computation overhead cost for all schemes is larger and so as the time. Hence, we proposed our new Hybrid approach i.e., AES-ECC for addressing all these limitations. Experimental setup is created for our proposed hybrid scheme and comparison can be done with other methods and hybrid scheme as well. We found that our proposed hybrid scheme outperforms other security schemes in terms of performance and efficiency.” All the above description along with flowchart is added in the Proposed framework section in Page of Lines 277-302 on page 11. Along with the paper methodology, we also updated figure for Proposed scheme methodology is included in Section 3.2
All the above description along with diagram is added in the Proposed framework section at Page 12 on line 318.
|
Reviewer 2 (minor issues) |
|
Line 23: Please change "AES" to "Advanced Encryption Standards (AES)" |
|
Line 42: change "ley" to "key"
|
|
Line 44-53: in addition to symmetric key encryption, please briefly discuss asymmetric key encryption. |
“Asymmetric key encryption is also known as Public-key cryptography. It contains a pair of keys i.e., Public and Private keys for Encryption and Decryption of the message.” Description added for Asymmetric Key Encryption in the Introduction section. (Page 2, Line 45,46) |
Line 55: Missing a parenthesis |
parenthesis added (Page 3, Line 73) |
Line 247: Missing a period. |
Period added (Page 3, Line 87) |
Please check the indent throughout the article. |
Indentation completed |
Line 300 and 302 (titles of the figure). Please keep the capitalization consistent. |
Titles of the figures are now consistent. (Page 16, Line 394, 396) |
Professional proofreading is highly recommended. There are serval formatting and language issues throughout the paper. |
Several additional changes were made in the document, also formatting issues are now resolved. |
Reviewer 2 Report
Thank you for the opportunity to review the manuscript titled "Hybrid AES-ECC Model for the Security of Data over Cloud Storage". The authors proposed a new method to ensure data security which is a critical and timely topic. Overall, the authors have done a decent job of developing and testing the method. I believe the paper can be further improved if the issues below can be addressed.
Major issues:
Introduction. The introduction provides relevant background information about the topic. However, it still can be improved.
- Please briefly discuss AES and justify the importance and the hypothetic advantages of the proposed method (combining the ECC and the AES). In other words, please explain why we need this new method to ensure authentication given that many existing data security methods have been developed recently.
- I cannot find any citations in Section 1. Please go through this section again and add citations to support your arguments.
Related Work. Please justify the originality of this paper since the AES-ECC method was firstly proposed by Chen et al. (2021) (line 123).
Methodology. Please add a section to describe and discuss the methodology.
Some minor issues:
Line 23: Please change "AES" to "Advanced Encryption Standards (AES)"
Line 42: change "ley" to "key"
Line 44-53: in addition to symmetric key encryption, please briefly discuss asymmetric key encryption.
Line 55: Missing a parenthesis
Line 247: Missing a period.
Please check the indent throughout the article.
Line 300 and 302 (titles of the figure). Please keep the capitalization consistent.
Professional proofreading is highly recommended. There are serval formatting and language issues throughout the paper.
Author Response
[Electronics] Manuscript ID: electronics-1388628
Hybrid AES-ECC Model for the Security of Data over Cloud Storage
Saba Rehman, Nida Talat Bajwa, Munam Ali Shah, Ahmad O. Aseeri and Adeel Anjum
We thank the anonymous reviewers for their valuable comments and suggestions. We have revised the paper. The changes proposed by Reviewer 1 has been highlighted with the yellow color in the main file whereas, the changes of Reviewer 2 have been written with the red font color in the main file.
Reviewer 1 (major issues)
|
|
|
The structure of the paper is strange. The reviewer think that the proposal is to build a secure cloud service by combining AES and ECC. However, Fig. 4, which is the proposal, is a common configuration and not novel. Also, it does not show that it can prevent the attacks pointed out by the authors. Figure 4 is not divided into entities such as upload user, download user, server, etc., and is not a diagram that can be used to discuss the security level. The authors should properly explain the novelty of the proposed method.
|
The structure of the paper is revised. A new section i.e., Section 3.1 is added which also explains the paper flow with the help of a methodology diagram. Moreover, Figure 4 is now updated. It can be observed that how the proposed scheme differs from a normal encryption technique. The details have been elaborated in the Lines 318-319 on Page 12 of the main file. A preview of the Figure 4 is provided in appended text. Following text has been added in the main file. “Attack prevention can be done in the following way. For example, if attacker wants to attack on user side, in order to gain user personal information or for some other purpose; in the proposed approach, once the user upload the input file, file is converted into encrypted text with the help of AES Encryption, now the text is fully encrypted. So, if in a case attacker performs attack and somehow get the user uploaded file, then it’s useless because information is already encrypted on uploading. Similarly, on the other end, if attack performed, attacker is not able to decrypt the encrypted file and hence the data is secured from attacks.” Also in the Fig.4, now the division of entities can be clearly seen like upload user and download users are now mentioned properly. “Novelty of the proposed method can be seen in the new proposed diagram, in which secure transmission of user data to server and then storage mechanism is even secured due to encrypted data. Also, novelty can be determined in terms of computational cost and time.” Quoted descriptions are also added in the main file as well in the lines 321-331 in Page 13 of the main file. |
|
Since the idea of combining ECC and AES is not new, it seems that the authors need to discuss how to combine or implement them to achieve higher speed. However, the comparisons in Fig. 5 and Fig. 6 seem to only list the existing cryptographic algorithms and compare their performance. Therefore, it does not seem to be a fair comparison since there is no discussion on the data size when constructing the system. The authors should compare the performance against something close to the proposed system. |
Explanation of Fig. 5 and Fig. 6 is now updated for comparing the performance fairly. Following text has been added in the main file. “Figure 5 and 6 shows comparison of the encryption and decryption time of the data with different cryptographic algorithms. Hence, the results are prominent that the Hybrid ECC-AES approach takes less time to encrypt and decrypt data than the existing approaches. Also, the hybrid ECC-AES algorithm has characteristics of both algorithms which provides higher security by increasing the complexity and makes the system strong against attacks. It can also be clearly seen that encryption and decryption time for proposed Hybrid Algorithm is much less as compared to other algorithms. As the time for encryption and decryption is reduced, so as our computational cost also reduced, which is very effective. Hence, our proposed approach works efficiently than others. The evaluation of our proposed scheme is based on encryption time, and decryption time.” Same description is added in the main file on lines 400-409 in page 17 of the main file as well below Fig. 5 and Fig. 6. Added Data Size section in Section 4, under sub-heading 4.3 in lines 384-391 on page 15 of the main document. Following is the newly added text. “We take 3 different images datasets for the comparison of our proposed method with other existing schemes because images usually take more time than the text data, so we want to check the computational cost as well as time required to complete the Encryption and Decryption of the images. Reason for taking different datasets is to compare performance in multiple scenarios. Size of datasets on which experiments are performed is 3233, 4830, 6308 respectively. We take three different dataset sizes for ensuring our proposed scheme works efficiently in each one.” Above same description is also added in the Data size section as well. We also compare our proposed system with one of the closely related system i.e., AES and Blowfish. Comparison can clearly be seen in Fig. 4 and Fig. 5. |
|
This comment related to item 2. Why single AES is slower than Hybrid method? Hybrid methods include single AES. This does not seem to be correct. The authors should not only present the data but also the comparison conditions. As it is, the reader cannot judge whether the data is correct or not.
|
Yes “It’s true that single AES is little bit slower than the Hybrid (AES-ECC) method due to its large key size, while Hybrid method allows reduced key size as well as faster security mechanism for securing the data. Another reason is that small key size is the main property of ECC, and when AES uses ECC for encryption, key size is reduced and hence performance is increased.” Quoted description is also added in the main file in lines 305-310 on Page 12 of the main document.
|
|
Wording is strange. What is Elliptical curve. ECC is Elliptic Curve Cryptography. The author should check and update usage of technical term. Some word is difficult to trace. For example, what is hybrid method? Is it proposed one? The author should read related paper which cited by many papers and use same way to show your proposed method.
|
Elliptical curve is now abbreviated to Elliptical curve cryptography (Line 20, Page 1). Description about important words is now abbreviated correctly. “Hybrid method is the proposed AES-ECC method. Main reason for combining AES with ECC is to reduce the key size of the data by not compromising the security of the system.” Added explanation in the main file at page 17 in lines 397-399. Also, Hybrid method is now described in Introduction section of the paper in lines 62-68 on page 2 of the main file. As mentioned in the paper, Chen et.al proposed AES-ECC approach first time, for increasing the system security. We read few papers of Chen et.al, to check the method for showing our best and made all possible changes accordingly.
|
|
It seems very low-quality figures. The resolution of each entity and organization of figures don’t support the understanding of proposed method.
|
Some figures in the paper are now updated. We tried to improve the figure quality by importing them directly into the Word file instead of pasting. Figure 1, Page 4, Line 105 Figure 3, Page 5, Line 134 Figure 4, Page 11, Line 318
|
|
Reviewer 2 (major issues) |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Please briefly discuss AES and justify the importance and the hypothetic advantages of the proposed method (combining the ECC and the AES). In other words, please explain why we need this new method to ensure authentication given that many existing data security methods have been developed recently. |
“AES is based on the Symmetric key Encryption algorithm, which was developed for the replacement of Data Encryption Standard (DES) and is much faster than the DES because AES contains 128-bit key size whereas DES contains 64-bit key size. Hypothetic advantage of the proposed method i.e., Hybrid Method (AES-ECC) is maintaining the security of the system over cloud storage efficiently. Main reason for using this Hybrid approach is to reduce the key size of the data while maintaining the security of the system efficiently in less time. Although, many authentication methods exist, however, computational overhead cost and time is not aimed to minimize. In the proposed research, our focus is to make an encryption technique which is less computationally expensive for cloud environment. All the above details are also added in the Introduction section in Page 2 on Lines 51-55, 62-68 respectively. The need of the AES along with its justification is now provided in the Introduction section. Moreover, the need for authentication forms part of the paper. |
||||||||||||||||||||||||||||||||||||||||||||||||||
I cannot find any citations in Section 1. Please go through this section again and add citations to support your arguments. |
Four new references i.e., [1], [2], [3] and [5] have been added in the Introduction section for supporting arguments in the lines 52, 58, 59 and 87 respectively. |
||||||||||||||||||||||||||||||||||||||||||||||||||
Related Work. Please justify the originality of this paper since the AES-ECC method was firstly proposed by Chen et al. (2021) (line 123).
|
The main difference between Chen et al. work and the proposed work is the key size. Secondly, a reduced key size which can lower the computational cost over cloud environment and takes less time than existing security schemes. This is our main contribution and the required details are provided at the end of Page 2 in the main file. |
||||||||||||||||||||||||||||||||||||||||||||||||||
Methodology. Please add a section to describe and discuss the methodology |
Methodology section is added in Section 3 of the paper, under subheading 3.1 Research Methodology. “Below is the research methodology that we followed for this paper:
Firstly, we studied about many existing security schemes and find their limitations for comparing their performance and find out drawbacks in existing schemes. After finding Limitations, we found that computation overhead cost for all schemes is larger and so as the time. Hence, we proposed our new Hybrid approach i.e., AES-ECC for addressing all these limitations. Experimental setup is created for our proposed hybrid scheme and comparison can be done with other methods and hybrid scheme as well. We found that our proposed hybrid scheme outperforms other security schemes in terms of performance and efficiency.” All the above description along with flowchart is added in the Proposed framework section in Page of Lines 277-302 on page 11. Along with the paper methodology, we also updated figure for Proposed scheme methodology is included in Section 3.2
All the above description along with diagram is added in the Proposed framework section at Page 12 on line 318.
|
Reviewer 2 (minor issues) |
|
Line 23: Please change "AES" to "Advanced Encryption Standards (AES)" |
|
Line 42: change "ley" to "key"
|
|
Line 44-53: in addition to symmetric key encryption, please briefly discuss asymmetric key encryption. |
“Asymmetric key encryption is also known as Public-key cryptography. It contains a pair of keys i.e., Public and Private keys for Encryption and Decryption of the message.” Description added for Asymmetric Key Encryption in the Introduction section. (Page 2, Line 45,46) |
Line 55: Missing a parenthesis |
parenthesis added (Page 3, Line 73) |
Line 247: Missing a period. |
Period added (Page 3, Line 87) |
Please check the indent throughout the article. |
Indentation completed |
Line 300 and 302 (titles of the figure). Please keep the capitalization consistent. |
Titles of the figures are now consistent. (Page 16, Line 394, 396) |
Professional proofreading is highly recommended. There are serval formatting and language issues throughout the paper. |
Several additional changes were made in the document, also formatting issues are now resolved. |
Author Response File: Author Response.docx
Round 2
Reviewer 1 Report
The reviewers indicated that the organization of the paper should be revised significantly, but the paper does not seem to have been revised. The authors should review the basic paper writing style.
The paper should define a problem and describe a proposed method to solve the problem. Then, it is necessary to verify whether the proposed method solves the problem. In doing so, the paper should compare the proposed method with conventional methods under the same conditions and discuss the results. The comparison conditions should be reasonable and fair in situation under the problem. The paper should concentrate on this organization and should only refer to the results presented in conventional works, doesn’t describe whole part of conventional works. Because otherwise the paper will not have enough space.
However, 90% of this paper is about things that have already been pointed out or proposed in conventional works. The rest of the paper suddenly shows only the proposed method and the results, and does not provide enough information to discuss its novelty and usefulness. There is no discussion of how the proposed method is implemented on a reasonable platform and how it compares to other conventional studies with different implementations. It is impossible for the reviewers to evaluate the proposed method.
Minor:
Even the simple spelling mistakes I pointed out have not been corrected.
ECC is Elliptic Curve Cryptography. Not Elliptical.
Author Response
The paper has been majorly revised in Round 2. Please see attached the detail report.
Author Response File: Author Response.pdf
Reviewer 2 Report
I want to thank the authors for their effort in revising the manuscript. The authors did a great job in addressing reviewers' comments and the quality of the paper is much improved. I recommend the authors do a final proofread.
Author Response
We are thankful to the respectable reviewer for the encouraging remarks and comments
Round 3
Reviewer 1 Report
In this revision, the information of key length suddenly appear.
The comparison of speed and cost efficiency must under same condition (in security field mostly used security level). Why authors compare with DES? Is this proposed method is same security level of DES? DES is very old and discontinue algorithm.
The author should define security level of proposed method.
Normally new combination of algorithms and key length parameter need security level proof. In security field, first priority performance is security level and then speed, silicon area, power should be compared.
Author Response
We really appreciate the anonymous reviewer for another round of the valuable comments and suggestions which have further improved the quality of the paper. We have incorporated all the changes proposed by the reviewer in this 3rd round.
Some new changes made in this round are as follows:
- Added power consumption section at the end of the manuscript
- Updated graphs and their comparisons
- Description of some graphs has been updated accordingly
Reviews |
Answers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
In this revision, the information of key length suddenly appears.
|
The key length has been part of the paper since its first submission. However, it became prominent and vital in the revised versions when we received numerous rounds of revision. The respected reviewer suggested to make a performance comparison. We used the key length feature to highlight this. Moreover, we are using key length because it is important in any security algorithm. |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The comparison of speed and cost efficiency must under same condition (in security field mostly used security level). Why authors compare with DES? Is this proposed method being same security level of DES? DES is very old and discontinue algorithm.
|
We agree to the reviewer that DES is an old algorithm, however, it cannot be considered as obsoleted or discontinued as several well reputed and recent research papers [2][7][12][14] are still using DES for their proposed algorithms security and performance comparisons. Pls note that in this research we are not comparing the traditional architecture of DES. Furthermore, to satisfactorily answer the reviewer’s this comment, we add another comparison of our algorithm with base paper as well. The new comparison is provided in Figures 9 and 10 in the paper and their encryption and decryption time is now compared with Base Paper.
Figure 9: Comparison graph for encryption time in Hybrid and other existing algorithms using different key sizes
Figure 10: Comparison graph for encryption time in Hybrid and other existing algorithms using different key sizes
Here we can clearly see that our base paper values are also even fluctuating at different Encryption and Decryption times. However, our proposed algorithm outperforms the existing schemes.
DES has been the foundation of many algorithms. Many recent cryptographic algorithms still use DES for their comparisons.
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Normally new combination of algorithms and key length parameter need security level proof. In security field, first priority performance is security level and then speed, silicon area, power should be compared. |
In the paper, we updated the Table 8, and it clearly shows the security level of the proposed architecture, Updated table is attached below: “
Table 8 shows the avalanche effect for the various encryption algorithms. The more the change occurring in the cipher due to a single bit change in key or the plain text more is the avalanche effect. Higher the avalanche effect, (as of our proposed algorithm is higher) it becomes difficult to break the algorithm. Hence, we can see that the proposed algorithm has higher security in terms of its Avalanche effect. Below here is the visual representation of the above table, where we can easily see that our proposed algorithm has higher security than other encryption algorithms.
Now we calculate Avalanche effect of the base line model and compare with our proposed hybrid method and other existing schemes as well. ” We addressed the reviewer comments and have computed the power. The details are below. We are sorry, we did not understand what the reviewer means by “silicon area”.
From Table [6] & [7] of the paper, we can easily determine Power consumed in Watts also. Below here is the Power consumption table:
Table 1: Power consumption of Encryption time
Here is the power consumption of Encryption time in Watts, here we compared our proposed algorithm with DES.
Table 2: Power consumption of Decryption time
Here is the power consumption of Decryption time in Watts, here we compared our proposed algorithm with DES.
We updated and added 2 new tables in Power consumption section at page 29 of the manuscript. Tables are as below:
Table 3: Power consumption of Encryption time (Base Paper)
Here is the power consumption of Encryption time in Watts, here we compared our proposed algorithm with Base Paper.
Table 4: Power consumption of Decryption time (Base Paper)
Here is the power consumption of Decryption time in Watts, here we compared our proposed algorithm with Base Paper.
|
Author Response File: Author Response.docx