Toward Securing Cloud-Based Data Analytics: A Discussion on Current Solutions and Open Issues

In the last few years, organizations and business professionals have realized the value of collaborative data analytics in supporting decision-making. Where several activities are performed on online data by different stakeholders, such as cleansing, aggregation, analysis, and visualization, cloud-based data analytics has become a favored choice for business professionals due to the elasticity, availability, scalability, and pay-as-you-go features offered by cloud computing. However, large amounts of data stored on the cloud are very sensitive (e.g., innovation, financial, legal, and customers’ data), and so data privacy remains one of the top concerns for many reasons; mainly those relating to legal or competition issues. In this paper, we review the security and cryptographic mechanisms which aim to make data analytics secure in a cloud environment and discuss current research challenges.

[1]  Craig Gentry,et al.  Private Database Queries Using Somewhat Homomorphic Encryption , 2013, ACNS.

[2]  Jérôme Darmont,et al.  Enforcing Privacy in Cloud Databases , 2017, DaWaK.

[3]  Patrick Th. Eugster,et al.  Practical Confidentiality Preserving Big Data Analysis , 2014, HotCloud.

[4]  Silvio Micali,et al.  Computationally Private Information Retrieval with Polylogarithmic Communication , 1999, EUROCRYPT.

[5]  Christoph Meinel,et al.  Processing Over Encrypted Data: Between Theory and Practice , 2016, SGMD.

[6]  Yücel Saygin,et al.  Distributed Privacy Preserving Clustering via Homomorphic Secret Sharing and Its Application to (Vertically) Partitioned Spatio-Temporal Data , 2011, Int. J. Data Warehous. Min..

[7]  Adam O'Neill,et al.  Generic Attacks on Secure Outsourced Databases , 2016, CCS.

[8]  Charles V. Wright,et al.  Inference Attacks on Property-Preserving Encrypted Databases , 2015, CCS.

[9]  Peter Williams,et al.  Usable PIR , 2008, NDSS.

[10]  Raluca A. Popa,et al.  Building practical systems that compute on encrypted data , 2014 .

[11]  Ramarathnam Venkatesan,et al.  Orthogonal Security with Cipherbase , 2013, CIDR.

[12]  Andreas Schaad,et al.  Privacy by Encrypted Databases , 2014, APF.

[13]  Elaine Shi,et al.  Multi-Dimensional Range Query over Encrypted Data , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[14]  Alexandra Boldyreva,et al.  Provably-Secure Schemes for Basic Query Support in Outsourced Databases , 2007, DBSec.

[15]  Nickolai Zeldovich,et al.  An Ideal-Security Protocol for Order-Preserving Encoding , 2013, 2013 IEEE Symposium on Security and Privacy.

[16]  Hakan Hacigümüs,et al.  Efficient Execution of Aggregation Queries over Encrypted Relational Databases , 2004, DASFAA.

[17]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[18]  Radu Sion,et al.  TrustedDB: A Trusted Hardware based Outsourced Database Engine , 2011, Proc. VLDB Endow..

[19]  Jérôme Darmont,et al.  fVSS: A New Secure and Cost-Efficient Scheme for Cloud Data Warehouses , 2014, DOLAP '14.

[20]  Ernesto Damiani,et al.  Database as a Service: Towards a Unified Solution for Security Requirements , 2012, 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops.

[21]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[22]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[23]  Rasool Jalili,et al.  Secure Data Outsourcing Based on Threshold Secret Sharing ; Towards a More Practical Solution , 2010 .

[24]  Yan-Cheng Chang,et al.  Single Database Private Information Retrieval with Logarithmic Communication , 2004, ACISP.

[25]  Andreas Schaad,et al.  Adjustably encrypted in-memory column-store. , 2013, CCS 2013.

[26]  Frank Pallas,et al.  Three Tales of Disillusion: Benchmarking Property Preserving Encryption Schemes , 2018, TrustBus.

[27]  Gene Tsudik,et al.  Signature Bouquets: Immutability for Aggregated/Condensed Signatures , 2004, ESORICS.

[28]  Ramarathnam Venkatesan,et al.  A secure coprocessor for database applications , 2013, 2013 23rd International Conference on Field programmable Logic and Applications.

[29]  Ju Ren,et al.  DPPro: Differentially Private High-Dimensional Data Release via Random Projection , 2017, IEEE Transactions on Information Forensics and Security.

[30]  Rupak Majumdar,et al.  MrCrypt: static analysis for secure cloud computations , 2013, OOPSLA.

[31]  Xue Chen,et al.  Dynamic Multi-Phrase Ranked Search over Encrypted Data with Symmetric Searchable Encryption , 2020, IEEE Transactions on Services Computing.

[32]  Srikumar Venugopal,et al.  Elastic Business Process Management: State of the art and open challenges for BPM in the cloud , 2014, Future Gener. Comput. Syst..

[33]  Vinod Vaikuntanathan,et al.  Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages , 2011, CRYPTO.

[34]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[35]  Matteo Golfarelli,et al.  Beyond data warehousing: what's next in business intelligence? , 2004, DOLAP '04.

[36]  Jens Köhler,et al.  Tunable Security for Deployable Data Outsourcing , 2015 .

[37]  Radu Sion,et al.  Towards Secure Data Outsourcing , 2008, Handbook of Database Security.

[38]  Mihir Bellare,et al.  Deterministic and Efficiently Searchable Encryption , 2007, CRYPTO.

[39]  Kim-Kwang Raymond Choo,et al.  Fine-grained Database Field Search Using Attribute-Based Encryption for E-Healthcare Clouds , 2016, Journal of Medical Systems.

[40]  Adam O'Neill,et al.  Deterministic Encryption: Definitional Equivalences and Constructions without Random Oracles , 2008, CRYPTO.

[41]  Gene Tsudik,et al.  Aggregation Queries in the Database-As-a-Service Model , 2006, DBSec.

[42]  Rafail Ostrovsky,et al.  One-Way Trapdoor Permutations Are Sufficient for Non-trivial Single-Server Private Information Retrieval , 2000, EUROCRYPT.

[43]  Mauro Barni,et al.  Encrypted signal processing for privacy protection: Conveying the utility of homomorphic encryption and multiparty computation , 2013, IEEE Signal Processing Magazine.

[44]  Jérôme Darmont,et al.  A Novel Multi-Secret Sharing Approach for Secure Data Warehousing and On-Line Analysis Processing in the Cloud , 2015, Int. J. Data Warehous. Min..

[45]  Anwar Hithnawi,et al.  Talos a Platform for Processing Encrypted IoT Data: Demo Abstract , 2016, SenSys.

[46]  Siu-Ming Yiu,et al.  SDB: A Secure Query Processing System with Data Interoperability , 2015, Proc. VLDB Endow..

[47]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[48]  Radu Sion,et al.  TrustedDB: A Trusted Hardware-Based Database with Privacy and Data Confidentiality , 2011, IEEE Transactions on Knowledge and Data Engineering.

[49]  Donald Kossmann Confidentiality à la Carte with Cipherbase , 2017, BTW.

[50]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[51]  Sushil Jajodia,et al.  Key management for multi-user encrypted databases , 2005, StorageSS '05.

[52]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[53]  Ran Canetti,et al.  Modular Order-Preserving Encryption, Revisited , 2015, SIGMOD Conference.

[54]  Ilsun You,et al.  New order preserving encryption model for outsourced databases in cloud environments , 2016, J. Netw. Comput. Appl..

[55]  R. Kalaiselvi,et al.  SCALABLE AND SECURE SHARING OF PERSONAL HEALTH RECORDS IN CLOUD COMPUTING , 2016 .

[56]  Samuel Madden,et al.  Processing Analytical Queries over Encrypted Data , 2013, Proc. VLDB Endow..

[57]  Xiang Cheng,et al.  Differentially private multi-party high-dimensional data publishing , 2016, 2016 IEEE 32nd International Conference on Data Engineering (ICDE).

[58]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[59]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[60]  Elisa Bertino,et al.  Privacy-Preserving Complex Query Evaluation over Semantically Secure Encrypted Data , 2014, ESORICS.

[61]  Ling Ren,et al.  Path ORAM , 2012, J. ACM.

[62]  Wen Hu,et al.  Poster: Towards Encrypted Query Processing for the Internet of Things , 2015, MobiCom.

[63]  Hossein Shafagh Toward computing over encrypted data in IoT systems , 2015, XRDS.

[64]  Xiaokui Xiao,et al.  Obfuscating the Topical Intention in Enterprise Text Search , 2012, 2012 IEEE 28th International Conference on Data Engineering.

[65]  Mark Ryan,et al.  Cloud computing security: The scientific challenge, and a survey of solutions , 2013, J. Syst. Softw..

[66]  Jean-Sébastien Coron,et al.  Fully Homomorphic Encryption over the Integers with Shorter Public Keys , 2011, IACR Cryptol. ePrint Arch..

[67]  Sabrina De Capitani di Vimercati,et al.  Data protection in outsourcing scenarios: issues and directions , 2010, ASIACCS '10.

[68]  Jiwu Shu,et al.  Preferred search over encrypted data , 2018, Frontiers of Computer Science.

[69]  M. Gerstein,et al.  Quantification of private information leakage from phenotype-genotype data: linking attacks , 2016, Nature Methods.

[70]  Qian Zhang,et al.  Outsourcing high-dimensional healthcare data to cloud with personalized privacy preservation , 2015, Comput. Networks.

[71]  Feng-Hao Liu,et al.  Computation Over Encrypted Data , 2016, Cloud Computing Security.

[72]  Jérôme Darmont,et al.  A secure order-preserving indexing scheme for outsourced data , 2016, 2016 IEEE International Carnahan Conference on Security Technology (ICCST).

[73]  Chinya V. Ravishankar,et al.  Security Limitations of Using Secret Sharing for Data Outsourcing , 2012, DBSec.

[74]  Gene Tsudik,et al.  Authentication of Outsourced Databases Using Signature Aggregation and Chaining , 2006, DASFAA.

[75]  Craig Gentry,et al.  A fully homomorphic encryption scheme , 2009 .

[76]  Robert K. Cunningham,et al.  Computing on masked data: a high performance method for improving big data veracity , 2014, 2014 IEEE High Performance Extreme Computing Conference (HPEC).

[77]  Ian Goldberg,et al.  Sublinear Scaling for Multi-Client Private Information Retrieval , 2015, Financial Cryptography.

[78]  David Cash,et al.  What Else is Revealed by Order-Revealing Encryption? , 2016, IACR Cryptol. ePrint Arch..

[79]  Ken Eguro,et al.  Pushing the Limits of Encrypted Databases with Secure Hardware , 2018, ArXiv.

[80]  Fengjun Li,et al.  SEDB: Building Secure Database Services for Sensitive Data , 2014, ICICS.

[81]  Christine Legner,et al.  Analytics As A Service: Cloud Computing and the Transformation of Business Analytics Business Models and Ecosystems , 2017, ECIS.

[82]  Stanley B. Zdonik,et al.  Answering Aggregation Queries in a Secure System Model , 2007, VLDB.

[83]  Murat Kantarcioglu,et al.  Secure multidimensional range queries over outsourced data , 2012, The VLDB Journal.

[84]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[85]  Gene Tsudik,et al.  DSAC: integrity for outsourced databases with signature aggregation and chaining , 2005, CIKM '05.

[86]  Jiangtao Cui,et al.  Secure k Nearest Neighbors Query for High-Dimensional Vectors in Outsourced Environments , 2018, IEEE Trans. Big Data.

[87]  Rafail Ostrovsky,et al.  Software protection and simulation on oblivious RAMs , 1996, JACM.

[88]  Ken Eguro,et al.  Transaction processing on confidential data using cipherbase , 2015, 2015 IEEE 31st International Conference on Data Engineering.

[89]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[90]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.