The Journal of Supercomputing (2024) 80:27370–27393

https://doi.org/10.1007/s11227-024-06461-7

A secure VM live migration technique in a cloud computing

environment using blowfish and blockchain technology

Ambika Gupta1 · Suyel Namasudra2 · Prabhat Kumar1

Accepted: 14 August 2024 / Published online: 30 August 2024

© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature
2024

Abstract
Data centres have become the backbone of infrastructure for delivering cloud ser-
vices. In the emerging cloud computing paradigm, virtual machine (VM) live migra-
tion involves moving a running VM across hosts without visible interruption to the
client. Security vulnerabilities, resource optimization, and maintaining the quality
of service are key issues in live VM migration. Maintaining security in VM live
migration is one of the critical concerns. To create a secure environment, this paper
proposes a live migration technique using the blowfish cryptographic algorithm for
encryption and decryption, along with blockchain technology, to address challenges
such as decentralization, data privacy, and VM security. The algorithms, namely
key management blowfish encryption (KMBE), access control searchable encryp-
tion (ACSE), protected searchable destination server (PSDS), and key expansion
blowfish decryption (KEBD), improve security in VM live migration in terms of
various parameters such as data centre request servicing time, response time, and
data transfer cost. The proposed technique KMBE improves migration cost ($) by
60–70%, ACSE reduces overall energy consumption (w) by 70–80%, PSDS reduces
makespan (ms) by 40–50%, and KEBD improves the security in live VM migration
by 30–40%.

Keywords Virtual machine · Blowfish · Encryption · Decryption · Blockchain ·

Performance · Security

* Ambika Gupta
ambikagupta2007@gmail.com
1
Department of Computer Science and Engineering, National Institute of Technology,
Patna, Bihar, India
2
Department of Computer Science and Engineering, National Institute of Technology Agartala,
Agartala, Tripura, India

Vol:.(1234567890)
A secure VM live migration technique in a cloud computing… 27371

1 Introduction

In recent decades, cloud computing has proliferated in the IT sector because of the
benefits of multiple sub-technologies and concepts such as global networks, process-
ing power, virtualization, collaboration, accessibility, and storage with minimal ser-
vice provider interaction [1, 2]. Despite all the benefits of cloud computing, some
significant concerns such as security [3, 4], energy consumption, and resource opti-
mization could affect the efficiency and reliability of this cutting-edge technology
[5, 6]. Some researchers attempted to resolve these concerns using VM migration
[7]. A VM migration service is migrating a VM from one host computer to another
to improve resource utilization, enhance load balancing, and reduce power con-
sumption [8, 9]. Two techniques are mainly used in VM migration: cold migration
(non-live migration) and hot migration (live migration) [10, 11]. Non-live migration
could improve some things, such as losing VM status and stopping user service [12].
Live VM migration is used to improve migration, performance, scaling, better infra-
structure, and fault tolerance [13, 14]. However, due to the communication network,
when VM contents are migrated, the transferred data can face various security and
integrity vulnerabilities [15, 16]. Furthermore, the VM code can be susceptible to
multiple threats [17]. There are many things to maintain security in live VM migra-
tion, such as IPSec, VLAN, and role-based migration. IPSec is used in secure com-
munication among networks [18]. A virtual local area network (VLAN) connects
devices in those networks, whereas role-based migration assigns permission to use
a particular network [19]. The drawbacks of these existing approaches are increased
hardware and dedicated network costs due to growth in the VM population [20].
To reduce the requirements of hardware and dedicated network costs and the
secured live VM migration, the blowfish cryptographic algorithm will be used
along with blockchain technology [21–25]. Many existing techniques are avail-
able for solving the problem of secure communication among networks with
reduced hardware usage and lower network costs.
Krill Herd (KH) algorithm [26] reduces energy consumption in data centres by
improving VM aggregation and stopping idle servers from maintaining service
quality in VM placement [27, 28]. The limitation of this approach is that it does
not guarantee a fast convergence solution. A technique [29] Crow search algorithm
(CSA) for VM placement selects a server from the available servers once a VM is
scheduled for placement. It includes a two-phase VM placement approach. At first,
a queuing framework is developed to arrange and manage the large amount of VM
[30]. In the second phase, a CSA VM placement is utilized to reduce server resource
utilization and power consumption. The disadvantage of this approach is that it is
more time-consuming. Artificial Bee colony–Bat algorithm (ABC-BA) [31] using
the concept of continuous Markov chain approach. This algorithm improves the
security of the VM and protects them against attacks. The limitation of this approach
is the overhead of network traffic.
An improved, cost-effective Levy-based whale optimization algorithm
(ILWOA) [32] optimizes energy consumption and resource utilization. It is
required to consider the dynamic approach for migration of VM placement. The
27372 A. Gupta et al.

dynamic and energy-efficient live VM migration reduces the power wastages of

idle physical machines, resulting in reduced power consumption [33]. The pro-
posed model consists of seven phases: resource monitoring analysis, agent for
local migration, agent for allocating tasks, capacity distributor, optimizer anal-
ysis, energy manager, and orchestrator module for migration [34]. This scheme
uses ant colony optimization (ACO) to identify overutilized and underutilized
physical servers [35]. In this approach, the size of the VM is required to be
reduced [36].
The whale optimization genetic algorithm (WOGA) [37] is used for VM place-
ment by combining the non-dominated sorting-based genetic technique and the
whale evolutionary algorithm. It lowers the inter-communication delay, providing
an energy-efficient distribution of physical resources among VMs [38–40]. A new,
improved optimization technique, a dual conditional Moth flame algorithm (DC-
MFA) [41], considers various parameters such as energy consumption, secure envi-
ronment, CPU utilization, and cost. The merit of this approach is that it provides
better performance in terms of cost, energy used, and security analysis. The values
of these parameters can be further reduced.
Blowfish is one of the free and faster algorithms used for symmetric encryption.
It is an efficient cryptographic algorithm whose key length ranges from 32 to 448
bits. In this algorithm, encryption and decryption can be done using the same secret
key [15, 16]. There are two important parts of this algorithm: One is data encryp-
tion, which performs specified iterative rounds of the encryption function, and the
second one is a key expansion, which divides at most 448 bits of key length into
subkeys totalling 4168 bytes. Blowfish keeps 18 subkeys P-array [17], the key size
is 32 bits–448 bits variable size, and the number of substitution boxes is four, each
having 512 entries of 32 bits. After the initialization of the string, the first 32 bits of
the key are exclusively XORed with the first 32 bits of P-array like P1. This process
continues until the algorithm completes the specified round iteration. After the last
round of iteration, the left (L) and right (R) are swapped, and the left (L) is XORed
as the 17th index of the P-box, and finally, the right is XORed as the 18th index of
the P-box. This new 64-bit output becomes the cipher data. The decryption process
performs a reverse order of the encryption process [18].
For VM live migration, blockchain-enabled solutions solve various security-
related issues such as man-in-the-middle and side-channel attacks [42]. No third
party or single admin can modify or control the system due to blockchain technol-
ogy, as depicted in Fig. 1. This protects against any unwanted modification in VM
images (VMIs) by an attacker, ensuring the scheme remains efficient. Blockchain
has essential applications in improving throughput capacity, energy cost, and secu-
rity [43–45]. In the public blockchain, any node can start processing; any node can
store the data and validate the transactions as the structure is decentralized. The vali-
dation is carried out through a consensus mechanism [39].
This paper presents four main algorithms, namely key management blowfish
encryption (KMBE), access control searchable encryption (ACSE), protected
searchable destination server (PSDS), and key expansion blowfish decryption
(KEBD), to protect the live VM migration in a cloud computing environment by
applying blowfish algorithm one of the cryptographic algorithms using blockchain
A secure VM live migration technique in a cloud computing… 27373

Fig. 1  Blockchain-enabled data provenance architecture for cloud data centre

technology. The blowfish algorithm is the effective algorithm for secure VM live
migration in terms of computational overhead, encryption/decryption method,
and resource consumption compared to other cryptographic algorithms, such as
Rivest Cipher 6 (RC6) or advanced encryption standard (AES). A comparison
table (Table 1) has been given among all three cryptographic algorithms: blow-
fish, RC6, and AES.
Using the blockchain infrastructure and its programming model to design a
secure framework that provides transparency and accountability in transferring
the processing of faulty nodes to the target server results in an efficient system.
The following are the key contributions of the work:

1. Identifying the attacks on live VM migration and deliberating existing security

techniques and their merits and challenges.
2. Proposing an efficient environment comprising four main algorithms, KMBE,
ACSE, PSDS, and KEBD, and testing the algorithms that provide the protected
live VM migration, resulting in lesser costs, reduced data centre servicing time,
and response time.
3. This work proves that the proposed technique achieves security in the live VM
migration process and provides a better approach to reduced energy consumption
under attack.
 27374

Table 1  Comparative parameters for cryptographic algorithms: blowfish, RC6, and AES
Features Blowfish RC6 AES

Initialization time Fast (less precomputation required) Moderate (complex initialization) Moderate
Encryption speed Fast Relatively slower Fast, optimized for hardware
Resource requirements Low memory usage High (complex operations) Low to moderate
Flexibility (key size) Very flexible (32–448 bits) Flexible (128, 192, or 256 bits) Standard key sizes (128, 192, or 256 bits)
Block size 64 bits 128 bits 128 bits
A. Gupta et al.
A secure VM live migration technique in a cloud computing… 27375

The remaining part of the paper is divided into many sections. Section 2 describes
various related investigations and essential findings from existing approaches.
A description of the entire strategy is discussed in Sect. 3. Section 4 contains the
experimental setup, results, and their discussion, and Sect. 5 concludes the paper
with possible future research ideas.

2 Related works

Many researchers have proposed many existing approaches for secure live VM
migration. Identification of attacks can be started from the virtualization process
itself. In this section, various identified attacks that may take place during the live
migration have been discussed. While the VMs are migrated from one node to
another as per their resource requirements, a man-in-the-middle attack may occur if
an attacker locates himself in the current path of VM migration [27].
Niranjanamurthy et al. [28] have developed a lightweight encryption algorithm,
an authentication technique, and a secure key transfer method for reduced energy
consumption compared to the system under attack. This technique, moreover, uses
a blind signature scheme to provide more authentication. This scheme uses more
time to migrate the data. Hui et al. [29] proposed a secure and short signature tech-
nique designed to guarantee the authenticity of the verification object itself. The key
benefit of this scheme is that it can verify the encrypted query result’s correctness.
This scheme is not applicable to provide a secure migration process. Divyambika
et al. [25] proposed that the technique uses the concept of hashing and encryption
to provide protected and secure migration. It reduces the downtime and migration
time to improve the system’s overall efficiency and performance. The disadvantage
of this scheme is to improve the cost used in overall execution. Mavus et al. [27]
proposed a secure and efficient model for live migration of containers. This model
provides secure authentication to protect from migration attacks. The limitation of
this approach is that there is no optimization in the multi-user scenario.
Dickinson et al. [28] presented a joint performance and security-driven feder-
ated resource allocation scheme that characterizes a data-intensive application’s
security specifications (SSpecs) and describes an alignment technique to homoge-
nize the various domain resource policies along an application’s workflow lifecycle
stages. Both performance and security requirements must be met without overrid-
ing domain policies to gain performance advantages. The demerits of this approach
are that end-to-end security design schemes are not considered. Nguyen et al. [30]
discussed many solutions based on blockchain to address challenges in the Cloud of
Things in terms of decentralization, data privacy, and network security. To a further
extent, blockchain-based security design schemes can be implemented. Basu et al.
[34] introduced a secure approach utilizing an Ethereum-based blockchain network
which stores VMIs at the administrator end. This approach’s continuous monitoring
of the VMIs guarantees that the scheme’s efficiency is higher than that of any other
methodology designed for the same task. The disadvantage of this approach is the
enactment of the security issues related to VM instances for only single cloud ser-
vice provider (CSP) setups, not multi-provider federated clouds.
27376 A. Gupta et al.

Sutar et al. [35] given an approach based on dynamic and energy-efficient live
VM migration, reducing idle physical machines’ power wastages and power con-
sumption. The proposed model consists of seven phases: resource monitoring analy-
sis, agent for local migration, agent for allocating tasks, capacity distributor, opti-
mizer analysis, energy manager, and orchestrator module for migration. This scheme
uses ACO to identify overutilized and underutilized physical servers. The merits of
this approach include reduced energy consumption in successful VM migration. In
this approach, the size of the VM is required to be reduced. Zou et al. [39] discussed
architectures and models of the integration of blockchain and cloud computing and
the roles of cloud computing in blockchain by analysing the challenges of integrated
blockchain and cloud computing systems. Further, the work can be implemented by
using blockchain with cloud computing.
Saxena et al. [37] developed a WOGA for VM placement using the non-domi-
nated sorting-based genetic technique and whale evolutionary algorithm. It lowers
the inter-communication delay, providing an energy-efficient distribution of physical
resources among VMs. Kalpanadevi et al. [40] suggested the Runge Kutta (RK)—
blowfish algorithm to provide an efficient technique for better memory usage and
encryption decryption in the system. Verma [41] introduced a new, improved opti-
mization technique that considers various parameters such as energy consumption,
secure environment, CPU utilization, and cost utilization in a DC-MFA. The merit
of this approach is that it provides better performance in terms of cost, energy, and
security analysis. The values of these parameters can be further reduced.
Infantia et al. [46] given improved binary battle royale with Moth flame optimiza-
tion (IBBRMO) for VM migration for data security and performance. The limitation
of this approach is that it does not apply to a large number of data transmissions
across VMs. Narayanan et al. [47] introduced a novel method for enhancing security
in live VM migration in cloud computing, a Gorilla-based shuffled Shepherd optimi-
zation approach (GBSSOA). The disadvantage is that this approach does not delve
into implementing an actual cloud computing environment. Naeem et al. [48] sug-
gested a model that uses machine learning to ensure data security against intrusion
attacks in cloud computing. It does not explore the model’s scalability in complex
cloud computing environments. A comparison analysis of existing techniques with
their merits and demerits is discussed in Table 2.

3 Proposed scheme

In this proposed work, there is a source node consisting of several VMs that transfer
their workload to the target node in case of a fault. This work presents a secure live
migration technique for VMs in a cloud computing environment. There are many
security and integrity concerns while transferring this processing of the source node
to the target node. To overcome these attacks, two layers of security are applied.
Firstly, the source node’s data are encrypted using the blowfish algorithm to prevent
external hijacking. The encrypted migration request is then sent to the data centre
manager (DCM), which utilizes blockchain technology to generate the encrypted file
blocks and compute hash values. A Merkle tree is constructed, and the final root
Table 2  Comparative study on existing approaches
Schemes Key findings Advantages Disadvantages

[26] An optimized VM placement algorithm is developed This scheme closes the idle servers, resulting in a The limitation of this approach is no guarantee of a fast
using Krill Herd (KH) reduction of energy consumption convergence solution
[29] An algorithm that chooses a server from the set of It optimizes power consumption and resource wastage The disadvantage of this approach is that it consumes
servers once a VM is scheduled for placement is more time
called the Crow search algorithm (CSA) for VM
placement
[31] An artificial Bee colony—Bat algorithm (ABC-BA) is This technique improves the security of the clouds The limitation of this approach is the overhead of
developed using the continuous Markov chain and prevents them from propagating attacks network traffic
[32] To reduce the underutilized and overutilized physical This scheme reduces the cost of VM placement and The demerit of this approach is that it requires consid-
machines in data centres, an enhanced Levy-based improves energy consumption ering various multi-objective VM placements, such
whale optimization algorithm (ILWOA) is proposed as CPU utilization, data transfer rate, etc., in dynamic
migration
[35] Ant colony optimization (ACO) introduced a tech- This scheme provides minimum migration time This approach requires a reduction in the size of the
nique to reduce power wastage called dynamic and VM
energy-efficient live VM migration
A secure VM live migration technique in a cloud computing…

[37] The whale optimization genetic algorithm (WOGA) The key benefits of this work are the lower communi- The mapping of VMs to various server clusters is not
method is used for VM placement by combining the cation costs and low-resource wastage considered
non-dominated sorting-based genetic technique and
the whale evolutionary algorithm
[41] A new, improved optimization technique that consid- The merit of this approach is that it provides better The values of these parameters can be further reduced
ers various parameters such as energy consumption, performance in terms of cost, energy, and security
secure environment, utilization of CPU, and cost, a analysis
dual conditional Moth flame algorithm (DC-MFA),
is introduced
[46] A short signature technique is designed to guarantee The key benefit of this scheme is that it can verify the This scheme is not applicable to provide a secure
the authenticity of the verification object itself encrypted query result’s correctness migration process
[47] This technique uses the concept of hashing and It reduces the downtime and migration time to This technique requires more cost in overall execution
encryption to provide protected and secure migra- improve the system’s overall efficiency and perfor-
tion mance
27377
27378 A. Gupta et al.

Fig. 2  Proposed framework for securing the migration request from source node to target node
A secure VM live migration technique in a cloud computing… 27379

hash is stored at the DCM. In the second layer, the stored root hash is compared with
the value of the migration request.
If they match, the DCM outsources the request to the target node, decrypting the
migration request using the blowfish decryption method as depicted in Fig. 2. There
are certain conditions for using the proposed scheme for migration which are as fol-
lows: (1) Live VM migration is initiated at the source node when a fault is detected.
(2) Migration occurs to manage the workload across servers. (3) VMs are migrated
to servers that offer better performance to data resources. (4) Migration is mandatory
to meet security policies. Following are the steps to ensure secure and integrity-pre-
served live migrations of VMs from the source node to the target node: (1) Source
node configuration, (2) fault handling, (3) security and integrity concerns, (4) first
layer of security: data encryption and migration request transfer, (5) blockchain inte-
gration: encrypted file blocks, hash values, and Merkle tree, and (6) second layer of
security: root hash verification, request outsourcing, and data decryption.

3.1 Mathematical model

In the proposed scheme, there is a mathematical model to evaluate migration cost

($), energy consumption (w), and makespan (ms) in the context of secure VM live
migration. The procedure for each metric evaluation is given below:

3.1.1 Migration cost ($)

The migration cost is the total sum of the cost due to downtime of the VM during
migration, the cost of transferring the data, and the cost associated with the compu-
tational resource required for migration given in Eq. (1).
Cmigration = Cdowntime + Cdata + Cresource (1)
where:
Cdowntime is the cost due to downtime of the VM during live migration.
Cdata is the cost of transferring the data.
Cresource is the cost associated with the resources such as CPU and memory usage.
If M is the number of hours of downtime, and L is the loss per hour of downtime,
then the cost due to downtime of the VM during migration can be calculated as
follows:
Tmakespan
( )
Cdowntime = L ∗ (2)
M

If D is the amount of data to be transferred in GB, B is the bandwidth in Gbps,

and P is the price of data transfer, then the cost of transferring the data can be calcu-
lated as follows:
27380 A. Gupta et al.

D
( )
Cdata = P ∗ (3)
B
If H is the number of hours the resources used, and R is the cost per hour of
resource usage, then
Tmakespan
( )
Cresource = R ∗ (4)
H

3.1.2 Energy consumption (w)

The energy consumption is the total sum of power ratings of the source node, des-
tination node, and network devices when these devices are active during live VM
migration given in Eq. (5).
Etotal = Psource node ∗ Tsource node + Pdestination node ∗ Tdestination node + Pnetwork ∗ Tnetwork
(5)
where:
Psource node and Tsource node are the power ratings of the source node and time, these
devices are active during the migration.
Pdestination node and Tdestination node are the power ratings of the destination node and
time, these devices are active during the migration.
Pnetwork and Tnetwork are the power ratings of the network devices and time, these
devices are active during the migration.

3.1.3 Makespan (ms)

The makespan is the total time taken to complete the migration process. It is the
sum of time taken to prepare the VM for migration, transfer the data from the source
node to the destination node, and finalize the migration at the destination to restore
the VM state.
Tmakespan = Tpreparation + Tdata transfer + Tfinalization (6)
where:
Tpreparation is the time taken to prepare the VM for migration to capture the VM
state.
Tdata transfer is the time taken to transfer the data from the source node to the desti-
nation node.
Tfinalization is the time taken to finalize the migration at the destination to restore
the VM state.
From the above system model, migration cost ($), energy (w), and makespan (ms)
can be calculated.
A secure VM live migration technique in a cloud computing… 27381

3.2 Key management blowfish encryption

The KMBE algorithm is proposed to secure the data at the source node. Using
the blowfish encryption technique, this algorithm uses the input of a 64-bit data
element to generate the cipher text. There are 16 rounds of input data and a vari-
able key length, which ranges from 32 to 448 bits. Initially, data are divided into
the left part and the right part, named data element left and data element right.
A P-array comprises 18 subkeys K1, K2, …, K18. Instead of static subkey gen-
eration, the KMBE implements dynamic key scheduling that changes the subkey
periodically based on a secure random number generator. There are four 32-bit
S-boxes with 256 entries each: S1,0, S1,1,…, S1,255; S2,0, S2,1,…, S2,255;

Table 3  Description of representations

Abbreviation Description

UserRequest User’s request

VMsource VM at the source node
p 18 subkeys P-array
i, j, k Variables for set of servers
RSj jth running server
x Variable to choose j value
y Variable to choose k value
N Total number of running server
SSk kth slave server
M Total number of the slave server
VMj jth VM
Rk kth resource
DCM Data centre manager
Capmax Maximum capacity of the node
nonce Random or unique number used only once
x Variable to choose j value
DataElementj Data request at the source node
DataElementL Data element after dividing into two halves (left part)
DataElementR Data element after dividing into two halves (right part)
ciphertextsource Encrypted text after applying blowfish encryption
PUBKVMj Source node public key
PVTKVMj Source node private key
VMstatus Current status of VM
attname Attributes name
attrecord Attributes record
T Nonce, VM status, attributes (name, record)
Sign[H(T)] Digital signature with hash value for T variable
27382 A. Gupta et al.

S3,0, S3,1,…, S3,255; S4,0, S4,1,…, S4,255. The 18 subkeys generation process
is complex and based on a secure random number generator. The following algo-
rithm steps are applied, and the description of the representation used in the algo-
rithm is given in Table 3.
Algorithm 1  Key management blowfish encryption

3.3 Access control searchable encryption

This algorithm starts by selecting a DCM of maximum capacity in continuation

with algorithm 1 to receive all users’ requests and create the T variable with the
current VM status and attributes. Then, generate the public and private keys using
encrypted file blocks and publish the public key. After that, create the VM status
with various attributes such as name and record. Then, match the received request
to the source node. If verified, write the nonce values using the T variable from
Eq. 7. Then, put the signature along with the private key of DCM. And return the
value for further processing.
T = (𝐧𝐨𝐧𝐜𝐞; 𝐕𝐌j ; 𝐚𝐭𝐭 𝐧𝐚𝐦𝐞 ; 𝐚𝐭𝐭 𝐫𝐞𝐜𝐨𝐫𝐝 ) (7)
Equation 7 represents a security token during the live migration of a VM in a
cloud computing environment. Each equation component is critical in enhancing
A secure VM live migration technique in a cloud computing… 27383

the overall security of live VM migrations. A 𝐧𝐨𝐧𝐜𝐞 is a random number gener-

ated for one-time use during a transaction. 𝐕𝐌j is the identifier of the VM being
migrated. 𝐚𝐭𝐭𝐧𝐚𝐦𝐞 refers to the name of a specific attribute associated with the
VM migration. It includes the current state of the VM and the data’s encryption
status. 𝐚𝐭𝐭𝐫𝐞𝐜𝐨𝐫𝐝 is the value or status of the attribute related to an integrity check.
Algorithm 2  Access control searchable encryption

3.4 Protected searchable destination server

After finishing the execution of the previous algorithm, algorithm 3 starts with a
search operation among secondary servers to identify the destination server (DS).
The maximum capacity node from the available secondary servers will be known
as DS. DS has sufficient capacity to process all the data elements available on the
source node, as shown in Fig. 3. Then, the hash values are updated with the attrib-
uted. If the request is verified, the results are returned to DS with the DCM’s digital
signature and private key. Algorithm 3 represents the working of PSDS.
27384 A. Gupta et al.

Algorithm 3  Protected searchable destination server

3.5 Key expansion blowfish decryption

Algorithm 4, in continuation with algorithm 3, executes a decryption process by

using blowfish decryption to finally decrypt the faulty node (FN) request at DS. The
decryption process of the blowfish technique is similar to the encryption method;
the only difference is that the subkeys are used in reverse, like P17 to P0. The
decryption process takes the cipher text as input and XORed with K16, which cre-
ates the source ciphertext for the left. Then, apply the transformative function on the
left side of the cipher text XORed with the right-side cipher text. After that, replace
both of them. For K17, repeat the above steps, and finally, recombine and return the
data element to the secured DS. Algorithm 4 represents the working of KEBD. The
KEBD method combines dynamic key scheduling, blockchain-based integrity veri-
fication, and strong blowfish encryption to increase the security of live VM migra-
tion by 30–40%. Together, these enhancements offer a strong security framework
that guarantees the validity, confidentiality, and integrity of data while it is being
migrated, reducing the possibility of intrusions and unwanted access.
After the successful execution of all the algorithms, there are detailed steps to
maintain the existing state of the VM after live migration given as follows:

1) Pre-migration preparation takes place through state capture and initial encryption.
2) The migration process takes place through data transfer and blockchain logging.
A secure VM live migration technique in a cloud computing… 27385

3) Post-migration at the destination takes place through hash verification and decryp-
tion.
4) State restoration occurs with memory reconstruction, CPU, and storage restora-
tion.

Algorithm 4  Key expansion blowfish decryption

4 Performance analysis

The algorithms are implemented in a simulation environment to compute the perfor-

mance of the proposed idea, which is discussed in the section below.

4.1 Experimental setup

The CloudSim toolkit is used as a simulating environment to test the proposed algo-
rithms’ performance. To check the final performance of the blowfish cryptographic
algorithm and blockchain technology in the experiments, on the system CloudSim
3.0.3 installed of the configuration of RAM 64 GB capacity, 64-bit operating system
windows 10 Pro, 11th generation core i7 processor having 1 TB SSD and 2 TB hard
disk. There are different configurations (Table 4) of VMs to define particular block
variations B1, B2, B3, and B4 for bandwidth (bits/s), CPU speed (MIPS), number
of CPU cores, RAM (MB), and input–output file size in MB [41]. The experiments
describe four sets of VMs ranging from 10, 20, 30, and 40 in Table 4. Set 1 for
27386 A. Gupta et al.

Fig. 3  Comparison of migration cost ($) among KH, CSA, ABC + BA, ILWOA, ACO, WOGA, DC-
MFA, and KMBE a set of blocks (10 VMs), b set of blocks (20 VMs), c set of blocks (30 VMs), and d
set of blocks (40 VMs)

10 VMs, which comprises four VM tasks such as T1, T2, T3 and T4, respectively,
equals 20 total blocks; similarly, set 2, set 3, and set 4 for 25, 30, and 35 blocks,
respectively. These sets of VMs were tested individually for different blocks of mul-
tiple tasks, T1, T2, T3, and T4, respectively.
Block variation 1 can be calculated as 4 (T1) + 7 (T2) + 6 (T3) + 3 (T4) which is
equal to 20 number of blocks.
Block variation 2 can be calculated as 6 (T1) + 8 (T2) + 6 (T3) + 5 (T4) which is
equal to 25 number of blocks.

Table 4  Configurations of various sets of blocks (10 VMs), sets of blocks (20 VMs), sets of blocks (30
VMs), and sets of blocks (40 VMs)
Configuration Set of blocks (10 Set of blocks (20 Set of blocks (30 Set of blocks
VMs) VMs) VMs) (40 VMs)

Bandwidth (bits/s) 500 750 1000 1250

CPU speed (MIPS) 250 300 450 500
No. of CPU (cores) 2 3 2 2
RAM (MB) 512 1024 1024 1024
I/O file size (MB) 10,000 20,000 30,000 400,000
A secure VM live migration technique in a cloud computing… 27387

Fig. 4  Comparison of energy consumption (w) among KH, CSA, ABC + BA, ILWOA, ACO, WOGA,
DC-MFA, and ACSE a set of blocks (10 VMs), b set of blocks (20 VMs), c set of blocks (30 VMs), and
d set of blocks (40 VMs)

Block variation 3 can be calculated as 6 (T1) + 10 (T2) + 7 (T3) + 7 (T4) which is

equal to 30 number of blocks.
Block variation 4 can be calculated as 7 (T1) + 11 (T2) + 8 (T3) + 9 (T4) which is
equal to 35 number of blocks.

4.2 Results and discussion

Figure 3 represents the migration costs of transferring data from FN to DS in the

proposed algorithm KMBE. It shows that the proposed algorithm works better than
the existing algorithms.
On executing the experiments, taking data input from Table 4, and observing the
presented work, KMBE significantly reduces migration costs. The KMBE satis-
fies the objective of reduced migration cost for a set of blocks at VM = 10 (Fig. 3a),
VM = 20 (Fig. 3b), VM = 30 (Fig. 3c), and VM = 40 (Fig. 3d). The results calculated
using Eqs. (1), (2), (3), and (4) represent (in Fig. 3) that the proposed algorithm
works better than existing techniques such as KH, CSA, ABC + BA, ILWOA, ACO,
WOGA, and DC-MFA. In the KMBE algorithm, the improvement is attributed to
27388 A. Gupta et al.

Fig. 5  Comparison of makespan (ms) among KH, CSA, ABC + BA, ILWOA, ACO, WOGA, DC-MFA,
and PSDS a set of blocks (10 VMs), b set of blocks (20 VMs), c set of blocks (30 VMs), and d set of
blocks (40 VMs)

the dynamic key scheduling mechanism, which minimizes frequent key updates,
reducing computational overhead and the overall cost. Therefore, the KMBE algo-
rithm optimizes the overall cost and enhances protection against attacks through effi-
cient dynamic key scheduling.
Figure 4 compares the proposed algorithm’s energy usage with previously exist-
ing techniques across VM. The energy used for the proposed work (ACSE) in com-
parison with already existing techniques is presented in Fig. 4 for a set of blocks
from Table 4 at VM = 10 (Fig. 4a), VM = 20 (Fig. 4b), VM = 30 (Fig. 4c), and
VM = 40 (Fig. 4d). The results, calculated using Eq. 5, show that the ACSE algo-
rithm consumes significantly less energy throughout the data migration process from
FN to DS compared to existing techniques such as KH, CSA, ABC + BA, ILWOA,
ACO, WOGA, and DC-MFA.
The proposed ACSE algorithm in Fig. 4 achieves lower energy consumption
through efficient resource allocation and adaptive task scheduling, which ensures
that VM live migration is completed in the shortest possible time. This optimiza-
tion is basically due to the use of blockchain technology for generating hash values,
which is instantaneous compared to traditional methods.
A secure VM live migration technique in a cloud computing… 27389

Fig. 6  Comparison of security among KH, CSA, ABC + BA, ILWOA, ACO, WOGA, DC-MFA, and
KEBD a set of blocks (10 VMs), b set of blocks (20 VMs), c set of blocks (30 VMs), and d set of blocks
(40 VMs)

The results of the make-span parameter, which measures the time taken to com-
plete tasks, are depicted in Fig. 5. The figure represents that the proposed algorithm
has the lowest makespan in comparison with the existing techniques such as KH,
CSA, ABC + BA, ILWOA, ACO, WOGA, and DC-MFA. The makespan for the
PSDS algorithm over these existing methods is calculated using Eq. 6 for varying
counts of VM and blocks. From Fig. 5, it is clearly shown that the proposed algo-
rithm works better in comparison with existing methods for a set of blocks from
Table 4 at VM = 10 (Fig. 5a), VM = 20 (Fig. 5b), VM = 30 (Fig. 5c), and VM = 40
(Fig. 5d). The proposed method minimizes idle time, and optimized key manage-
ment reduces the time to secure data during migration, resulting in less makes-
pan. Therefore, the objective of reducing the makespan is attained from the pro-
posed algorithm by using the Merkle tree to make the overall system more secure,
which gives instant and automatic results. The Merkle tree structure used by PSDS
enhances overall system security by providing instant and automatic data integrity
verification. This efficient approach secures the data and ensures that tasks are com-
pleted more quickly, thus reducing the makespan.
The proposed algorithm, KEBD, demonstrates significantly higher security than
existing techniques. The comparative performance of the proposed algorithm KEBD
27390 A. Gupta et al.

and other models concerning security is depicted in Fig. 6. The blowfish algorithm
demonstrated a lower likelihood of successful brute-force attacks, contributing to
increased security. The integration of blockchain technology introduced an addi-
tional layer of security by ensuring data integrity during VM migration. The secu-
rity metrics include confidentiality, integrity, and availability (CIA). The security
improvement is measured through CloudSim, where the proposed method consist-
ently showed a 30–40% lower risk of data breaches, unauthorized access, and data
integrity than traditional methods. The results, calculated using Eq. 7, show that the
proposed algorithm presents less risk across various blocks and VM counts. Spe-
cifically, the security performance for a set of blocks (VMs = 10) in (Fig. 6a), a set
of blocks (VMs = 20) in Fig. 6b, a set of blocks (VMs = 30) in Fig. 6c, and a set
of blocks (VMs = 40) in Fig. 6d. The multifaceted approach of the proposed model
KEBD uses encryption, blockchain, dynamic key scheduling, and integrity verifi-
cation to provide an enhanced, secure model. From the diagrammatic presentation,
it is proved that the proposed work ensures high security by applying a blowfish
decryption technique in comparison with already existing techniques.

5 Conclusions and future works

Securing the running state VM to the DS without disrupting the client or applica-
tion is important in a cloud computing environment. This paper emphasizes secu-
rity concerns for the efficient and smooth functioning of the overall system in VM
migration. This work consists of four main algorithms to solve the problem of
secure transfer of memory contents from the source node to the destination server:
KMBE, ACSE, PSDS, and KEBD. Here, initially, the memory contents at the
source node are encrypted using subkeys with the help of the blowfish technique.
In the next phase, it declares the DCM and generates the hash values. In the subse-
quent phase, it searches for the DS, verifying the hash values using blockchain tech-
nology. Finally, the memory contents are decrypted at the destination server in the
last phase. The experimented results present the proposed technique as an improved
version in comparison with already existing schemes, and it reduces the total migra-
tion cost by 60–70%, energy consumption by 70–80%, makespan by 40–50%, and
improves security in live VM migration by 30–40%. The additional time needed
for blockchain processing and encryption may not be acceptable in scenarios where
real-time performance, large-scale migrations, and low latency are essential. Future
work could focus on reducing the fault occurrence rate for live VM migration to
address these identified limitations in the proposed scheme.

Author contributions This manuscript is written by Ambika Gupta. Suyel Namasudra and Prabhat
Kumar reviewed the manuscript and suggested corrections.

Data availability No datasets were generated or analysed during the current study.
A secure VM live migration technique in a cloud computing… 27391

Declarations
Conflict of interest The authors declare no competing interests.

References
1. Chaudhari RA, Gohil BN, Rao UP (2023) A review on cloud security issues and solutions. J Com-
put Secur 31:365–391
2. Abdul-Jabbar SS, Aldujaili A, Mohammed SG, Saeed HS (2020) Integrity and security in cloud
computing environment: a review. J Southwest Jiaotong Univ 55:1–15
3. Gupta S, Kumar P, Singh JP, Singh MP (2016) Privacy preservation of source location using phan-
tom nodes. In: Latifi S (ed) Information technology: new generations. Springer, New York, pp
247–256
4. Donno MD, Giaretta A, Dragoni N, Bucchiarone A, Mazzara M (2019) Cyber-storms come from
clouds: security of cloud computing in the IoT era. Future Internet 11:1–31. https://​doi.​org/​10.​3390/​
fi110​60127
5. Das S, Namasudra S, Deb S, Ger PM, Crespo RG (2023) Securing IoT-based smart healthcare
systems by using advanced lightweight privacy-preserving authentication scheme. IEEE Internet
Things J 1:1–10
6. Hongyou L, Jiangyong W, Jian P, Junfeng W, Tang L (2013) Energy-aware scheduling scheme using
workload-aware consolidation technique in cloud data centres. China Commun 10:114–124
7. Kumar P, Rahman M, Namasudra S, Moparthi NR (2023) Enhancing security of medical images
using deep learning, chaotic map, and hash table. Mob Netw Appl. https://​doi.​org/​10.​1007/​
s11036-​023-​02158-y
8. Dhanoa I, Khurni S (2014) Energy-efficient virtual machine live migration in cloud data centers. Int
J Comput Sci Technol 5:43–47
9. Ding Y, Qin X, Liu L, Wang T (2015) Energy efficient scheduling of virtual machines in cloud with
deadline constraint. Future Gener Comput Syst 50:62–74
10. Allouch H, Belkasmi M (2015) Distributed CloudIMS: future-generation network with internet of
thing based on distributed cloud computing. In: Jain LC, Patnaik S, Ichalkaranje N (eds) Intelligent
computing, communication and devices. Springer, New York, pp 31–45
11. Kaur P, Rani A (2014) Virtual machine migration in cloud computing. Int J Grid Distrib Comput
8:337–342
12. Motru V, Raja P, Kote A, Rao G, Duvvuru R (2015) A guideline for virtual machine migration algo-
rithm in cloud computing environment. Int J Comput Commun Eng Res 3:93–97
13. Ali M, Khan S, Vasilakos A (2015) Security in cloud computing: opportunities and challenges. Inf
Sci 305:357–383
14. Datta S, Namasudra S (2024) Blockchain-based smart contract model for securing healthcare trans-
actions by using consumer electronics and mobile edge computing. IEEE Trans Consum Electron
70:4026
15. Singh P, Singh K (2013) Image encryption and decryption using blowfish algorithm in MATLAB.
Int J Sci Eng Res 4:150–154
16. Saikumar M, Vasanth K (2015) Blowfish encryption algorithm for information security. ARPN J
Eng Appl Sci 10:4717–4719
17. Haldankar C, Kuwelkar S (2014) Implementation of AES and blowfish algorithm. Int J Res Eng
Technol 3:143–146
18. Valmik N, Krshirsagar V (2014) Blowfish algorithm. IOSR J Comput Eng 16:80–83
19. Ali S, Wang J, Bhuiyan M, Jiang H (2018) Secure data provenance in cloud-centric internet of
things via blockchain smart contracts. In: IEEE SmartWorld, Guangzhou, pp 991–998
20. Niranjanamurthy M, Nithya BN, Jagannatha S (2019) Analysis of blockchain technology: Pros, cons
and SWOT. Clust Comput 22:14743–14757
21. Pitropakis N, Pikrakis A, Lambrinoudakis C (2014) Behaviour reflects personality: detecting co-
residence attacks on xen-based cloud environments. Int J Inf Secur 14:299–305
22. Ranjan P, Singh V, Kumar P, Prakash S (2018) Models for the detection of malicious intent people
in society. Int J Digit Crime Forensics 10:15–22
27392 A. Gupta et al.

23. Sura K, Khalid D, Mustafa M, Hassan R, Ahmed M (2021) Using energy efficient security tech-
nique to protect live virtual machine migration in cloud computing infrastructure. J Eng Sci Technol
16:2629–2651
24. Hui Y, Zheng Q, JiXin Z, Ou L, Keqin L (2021) achieving secure, universal, and fine-grained query
results verification for secure search scheme over encrypted cloud data. IEEE Trans Cloud Comput
9:27–39
25. Divyambika R, Umamakeswari A (2015) Protection of virtual machines during live migration in
cloud environment. Indian J Sci Technol 8:333–339
26. Soltanshahi M, Asemi R, Shafiei N (2019) Energy-aware virtual machines allocation by krill herd
algorithm in cloud data centers. Heliyon 5:1–6
27. Mavus Z, Angın P (2019) A secure model for efficient live migration of containers. J Wirel Mob
Netw Ubiquitous Comput Dependable Appl 10:21–44
28. Dickinson M et al (2021) Multi-cloud performance and security driven federated workflow manage-
ment. IEEE Trans Cloud Comput 9:240–257
29. Satpathy A, Addya S, Turuk A, Majhi B, Sahoo G (2018) Crow search based virtual machine place-
ment strategy in cloud data centers with live migration. Comput Electr Eng 69:334–350
30. Nguyen D, Pathirana P, Ding M, Seneviratne A (2020) Integration of blockchain and cloud of
things: architecture, applications and challenges. IEEE Commun Surv Tutor 22:2521–2549
31. Karthikeyan K et al (2018) Energy consumption analysis of VM migration in cloud using hybrid
swarm optimization (ABC–BA). J Supercomput 76:3374–3390
32. Basset M, Fatah L, Sangaiah A (2019) An improved Levy based whale optimization algorithm for
bandwidth-efficient virtual machine placement in cloud computing environment. Clust Comput
22:8319–8334
33. Namasudra S, Lorenz P, Kadry S, Bukhari SAC (2023) Introduction to the special issue on DNA-
centric modeling and practice for next-generation computing and communication systems. ACM
Trans Multim Comput Commun Appl 20:1–17
34. Basu S, Karmakar S, Bera D (2021) Blockchain-based secured virtual machine image monitor. In:
International conference on information systems security and privacy, pp 432–439
35. Sutar S, Mali P, More A (2020) Resource utilization enhancement through live VM migration in
cloud using ant colony optimization algorithm. Int J Speech Technol 23:79–85
36. Jinglin Z et al (2021) Integrated blockchain and cloud computing systems: a systematic survey, solu-
tions, and challenges. ACM Comput Surv 54:1–36
37. Saxena D, Gupta I, Kumar J, Singh A, Wen X (2021) A secure and multiobjective virtual machine
placement framework for cloud data center. IEEE Syst J. https://​doi.​org/​10.​1109/​JSYST.​2021.​30925​
21
38. Kumar T, Namasudra S, Kumar P (2023) Providing data security using DNA computing in the
cloud computing environment. Int J Web Grid Serv 19:463–486
39. Zou J, He D, Kumar N, Wang H, Choo K (2019) Integrated blockchain and cloud computing sys-
tems: a systematic survey, solutions, and challenges. ACM Comput Surv 54:1–7
40. Kalpanadevi D, Rani MJ, Karuppasamy M (2022) k-out-of-n systems growth study focusing
on redundant reliability systems by using heuristic programming approach. Math Stat Eng Appl
71:2326–9865
41. Verma G (2022) Secure VM migration in cloud: multi-criteria perspective with improved optimiza-
tion model. Wirel Pers Commun. https://​doi.​org/​10.​1007/​s11277-​021-​09319-w
42. Rahman M, Murmu A, Kumar P, Rao NM, Namasudra S (2024) A novel compression-based
2D-chaotic sine map for enhancing privacy and security of biometric identification systems. J
Inform Secur Appl 80:1–12
43. Gao X, Xiao J, Wang H, Stavrou A (2022) Understanding the security implication of aborting vir-
tual machine live migration. IEEE Trans Cloud Comput 10:1275–1286
44. Pecholt J, Huber M, Wessel S (2021) Live migration of operating system containers in encrypted
virtual machines. In: CCSW ’21—proceedings of the 2021 on cloud computing security workshop,
pp 125–137. https://​doi.​org/​10.​1145/​34741​23.​34867​61
45. Khan MSA, Santhosh R (2022) Hybrid optimization algorithm for VM migration in cloud comput-
ing. Comput Electr Eng. https://​doi.​org/​10.​1016/j.​compe​leceng.​2022.​108152
46. Infantia HN, Anbuananth C, Kalarani S (2023) An effective process of VM migration with hybrid
heuristic-assisted encryption technique for secured data transmission in cloud environment. Intell
Decis Technol 17:983–1006
A secure VM live migration technique in a cloud computing… 27393

47. Narayanan G, Kannan S (2024) Enhancing security in cloud-based VM migration: a trust-centric

hybrid optimization approach. Int Arab J Inform Technol 21:166–178
48. Naeem H (2023) Analysis of network security in IoT-based cloud computing using machine learn-
ing. Int J Electron Crime Investig 7:1–16

Publisher’s Note Springer Nature remains neutral with regard to jurisdictional claims in published maps
and institutional affiliations.

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under
a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted
manuscript version of this article is solely governed by the terms of such publishing agreement and
applicable law.