Two layered protection for sensitive data in cloud

Security and privacy are the biggest obstacles in Database as a service (DBaaS) of Cloud Computing. In DbaaS, cloud service providers provide services for storing customers data. As the data are managed by an un-trusted server, the service is not fully trustworthy. The data at the third party data center can be made secure by encrypting the database. But querying the encrypted database is not easy. The result can be obtained from the encrypted database either by decrypting the database for every query or the query itself is encrypted and encrypted query is executed over encrypted database. Another problem associated with most of the database encryption algorithms is that they do not support range query. The proposed framework performs database encryption, query encryption and also supports range query over encrypted databases. This framework is focused on securing database as well as storing sensitive information without any leaks. A double layered encryption is used for sensitive data and a single layer encryption is used for non-sensitive data. Order Preserving Encryption (OPE) is used for single layer encryption. OPE maintains the order in encrypted database and so range query can be performed over encrypted database using encrypted query. OPE has a drawback of revealing information and so for sensitive data, a double layered encryption using Format Preserving Encryption (FPE) followed by OPE symmetric key encryption algorithm is proposed. Symmetric key is used for both OPE and FPE but key is divided into two parts for double encryption.

[1]  Athanasios V. Vasilakos,et al.  Survey on routing in data centers: insights and future directions , 2011, IEEE Network.

[2]  Ramakrishnan Srikant,et al.  Order preserving encryption for numeric data , 2004, SIGMOD '04.

[3]  Divyakant Agrawal,et al.  Database Management as a Service: Challenges and Opportunities , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[4]  Gultekin Özsoyoglu,et al.  Anti-Tamper Databases: Querying Encrypted Databases , 2003, DBSec.

[5]  Dongdai Lin,et al.  Security Analysis for an Order Preserving Encryption Scheme , 2010 .

[6]  Sung Je Hong,et al.  Order-Preserving Encryption for Non-uniformly Distributed Plaintexts , 2011, WISA.

[7]  Xiaolei Dong,et al.  Security and privacy for storage and computation in cloud computing , 2014, Inf. Sci..

[8]  Athanasios V. Vasilakos,et al.  A Survey on Service-Oriented Network Virtualization Toward Convergence of Networking and Cloud Computing , 2012, IEEE Transactions on Network and Service Management.

[9]  Mihir Bellare,et al.  Format-Preserving Encryption , 2009, IACR Cryptol. ePrint Arch..

[10]  Hiroyuki Kitagawa,et al.  A Secure and Efficient Order Preserving Encryption Scheme for Relational Databases , 2010, KMIS.

[11]  Dongxi Liu,et al.  Nonlinear order preserving index for encrypted database query in service cloud environments , 2013, Concurr. Comput. Pract. Exp..

[12]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[13]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[14]  Dongxi Liu,et al.  Programmable Order-Preserving Secure Index for Encrypted Database Query , 2012, 2012 IEEE Fifth International Conference on Cloud Computing.

[15]  I-Ling Yen,et al.  A Note for the Ideal Order-Preserving Encryption Object and Generalized Order-Preserving Encryption , 2012, IACR Cryptol. ePrint Arch..

[16]  Wei Wang,et al.  Storage and Query over Encrypted Character and Numerical Data in Database , 2005, The Fifth International Conference on Computer and Information Technology (CIT'05).

[17]  Wei Wang,et al.  Fast Query Over Encrypted Character Data in Database , 2004, International Conference on Computational Intelligence and Security.

[18]  Hari Balakrishnan,et al.  CryptDB: protecting confidentiality with encrypted query processing , 2011, SOSP.

[19]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[20]  Hiroyuki Kitagawa,et al.  MV-OPES: Multivalued-Order Preserving Encryption Scheme: A Novel Scheme for Encrypting Integer Value to Many Different Values , 2010, IEICE Trans. Inf. Syst..

[21]  Athanasios V. Vasilakos,et al.  DFL: Secure and Practical Fault Localization for Datacenter Networks , 2014, IEEE/ACM Transactions on Networking.

[22]  Sushil Jajodia,et al.  Balancing confidentiality and efficiency in untrusted relational DBMSs , 2003, CCS '03.

[23]  Nathan Chenette,et al.  Order-Preserving Encryption Revisited: Improved Security Analysis and Alternative Solutions , 2011, CRYPTO.

[24]  Nathan Chenette,et al.  Order-Preserving Symmetric Encryption , 2009, IACR Cryptol. ePrint Arch..

[25]  Dawn Xiaodong Song,et al.  Practical techniques for searches on encrypted data , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[26]  Stanley B. Zdonik,et al.  Fast, Secure Encryption for Indexing in a Column-Oriented DBMS , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[27]  Athanasios V. Vasilakos,et al.  SecCloud: Bridging Secure Storage and Computation in Cloud , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops.

[28]  Sehun Kim,et al.  Chaotic Order Preserving Encryption for Efficient and Secure Queries on Databases , 2009, IEICE Trans. Inf. Syst..

[29]  I-Ling Yen,et al.  Extending Order Preserving Encryption for Multi-User Systems , 2012, IACR Cryptol. ePrint Arch..

[30]  Helmut Knebl,et al.  Introduction to Cryptography , 2002, Information Security and Cryptography.