Sensitive Data Protection of DBaaS Using OPE and FPE

DBaaS (Database as a Service) is a service provided and managed by the cloud provider and supports traditional database functionalities. The DBaaS use multi-tenant architecture to support multiple customers. The biggest problem concerned with DBaaS is the privacy and security of the data contained in the database stored in the cloud environment. The database is stored in a third party data center and it is assumed to be as untrusted. The database is therefore encrypted in order to prevent any data leaks on the third party data center. The result of any query to the database is decrypted at the service provider site before it is sent to the user. The above mentioned solution have two disadvantages. Firstly, the encryption and decryption are done at the server side and hence the cloud owner can extract information from the database. Secondly, the encryption of database does not support range queries on the database. The proposed framework focuses on securing database by supporting range queries and storing sensitive information with protection of memory leak. It performs database encryption, query encryption and also supports range query over encrypted databases. A double layered encryption mechanism is used for sensitive data and a single layer encryption is used for non-sensitive data. Order Preserving Encryption (OPE) is used for single layer encryption. OPE maintains the order in an encrypted database and so range query can be performed over encrypted database using an encrypted query. The drawback associated with OPE is the attacker can guess the value based on the ordering of data and so for sensitive attributes in the database, a double layered encryption using Format Preserving Encryption (FPE) followed by OPE symmetric key encryption algorithm is proposed.

[1]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[2]  Hiroyuki Kitagawa,et al.  MV-OPES: Multivalued-Order Preserving Encryption Scheme: A Novel Scheme for Encrypting Integer Value to Many Different Values , 2010, IEICE Trans. Inf. Syst..

[3]  Satish Narayana Srirama,et al.  A Statistical Approach for Identifying Memory Leaks in Cloud Applications , 2011, CLOSER.

[4]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[5]  Wei Wang,et al.  Fast Query Over Encrypted Character Data in Database , 2004, CIS.

[6]  Divyakant Agrawal,et al.  Database Management as a Service: Challenges and Opportunities , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[7]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[8]  Wei Wang,et al.  Storage and Query over Encrypted Character and Numerical Data in Database , 2005, The Fifth International Conference on Computer and Information Technology (CIT'05).

[9]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[10]  Nathan Chenette,et al.  Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions , 2011, CRYPTO.

[11]  Dongdai Lin,et al.  Security Analysis for an Order Preserving Encryption Scheme , 2010 .

[12]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[13]  Dongxi Liu,et al.  Programmable Order-Preserving Secure Index for Encrypted Database Query , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[14]  Mihir Bellare,et al.  Format-Preserving Encryption , 2009, IACR Cryptol. ePrint Arch..

[15]  Bruce Schneier,et al.  Practical cryptography , 2003 .

[16]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[17]  Hiroyuki Kitagawa,et al.  A Secure and Efficient Order Preserving Encryption Scheme for Relational Databases , 2010, KMIS.

[18]  Stanley B. Zdonik,et al.  Fast, Secure Encryption for Indexing in a Column-Oriented DBMS , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[19]  J. Mixter Fast , 2012 .

[20]  Gultekin Özsoyoglu,et al.  Anti-Tamper Databases: Querying Encrypted Databases , 2003, DBSec.

[21]  I-Ling Yen,et al.  A Note for the Ideal Order-Preserving Encryption Object and Generalized Order-Preserving Encryption , 2012, IACR Cryptol. ePrint Arch..

[22]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[23]  Dongxi Liu,et al.  Nonlinear order preserving index for encrypted database query in service cloud environments , 2013, Concurr. Comput. Pract. Exp..

[24]  I-Ling Yen,et al.  Security analysis for order preserving encryption schemes , 2012, 2012 46th Annual Conference on Information Sciences and Systems (CISS).

[25]  Sehun Kim,et al.  Chaotic Order Preserving Encryption for Efficient and Secure Queries on Databases , 2009, IEICE Trans. Inf. Syst..

[26]  I-Ling Yen,et al.  Extending Order Preserving Encryption for Multi-User Systems , 2012, IACR Cryptol. ePrint Arch..

[27]  Helmut Knebl,et al.  Introduction to Cryptography , 2002, Information Security and Cryptography.

[28]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[29]  Sung Je Hong,et al.  Order-Preserving Encryption for Non-uniformly Distributed Plaintexts , 2011, WISA.