Programmable Order-Preserving Secure Index for Encrypted Database Query

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Programmable Order-Preserving Secure Index for Encrypted Database Query"

Transcription

1 2012 IEEE Fifth International Conference on Cloud Computing Programmable Order-Preserving Secure Index for Encrypted Database Query Dongxi Liu Shenlu Wang CSIRO ICT Centre, Marsfield, NSW 2122, Australia Abstract The database services on cloud are appearing as an attractive way of outsourcing databases. When a database is deployed on a cloud database service, the data security and privacy becomes a big concern for users. A straightforward way to address this concern is to encrypt the database. However, an encrypted database cannot be easily queried. In this paper, we propose an order-preserving scheme for indexing encrypted data, which facilitates the range queries over encrypted databases. The scheme is secure since it randomizes each index with noises, such that the original data cannot be recovered from indexes. Moreover, our scheme allows the programmability of basic indexing expressions and thus the distribution of the original data can be hidden from the indexes. 1. Introduction Cloud database services, such as Amazon Relational Database Service (RDS) and Microsoft SQL Azure, are appearing as an attractive way for enterprises to outsource their databases. In cloud database services, the hardware and software underlying databases are shared among users. The database services allow enterprises to deploy their databases quickly without making the large investment on their proprietary hardware and software, hence reducing the total cost of ownership. Moreover, the database services on cloud can be elastic, meaning that an enterprise can dynamically increase or decrease the compute resources allocated to its databases according to its business requirements. Though attractive as a new paradigm of data management, database services cannot be fully exploited if the problem of data privacy and security cannot be addressed [1, 5]. When a database is deployed into a public database service, the service provider has the complete physical control over the database. The data in the database might be improperly accessed by the service provider accidentally or Shenlu Wang is a vacation student from RMIT University. intentionally, or by attackers who compromise the database service platforms. Since the database services are a kind of cloud computing services, the techniques of trusted cloud computing have the potential to be used to build trusted database services. However, there is still a gap of applying the techniques of trusted cloud computing such as [7, 15] to address the security and privacy problem in database services. For cloud database services, a straightforward approach to addressing the security and privacy problem is to encrypt the database. By this way, the service provider or an attacker only can see the meaningless encrypted data. However, after encrypted, a database cannot be easily queried. It is not acceptable to decrypt the entire database before performing each query because the decryption might be very slow for a large database and the decrypted database is again at the risk of having its security and privacy breached. Ideally, a query should be executed directly over the encrypted database. A database query can be an equality query, a range query, an aggregate query or their combinations. In this paper, we focus on the problem of performing range queries on encrypted databases. For example, a range query can be select staffs who join the company between 2000 and For other two types of queries over encrypted databases, the equality queries are not hard to handle when a deterministic encryption scheme (e.g., AES in ECB mode) is used, since in this scheme the same plaintexts are always encrypted into the same ciphertexts, and the aggregate queries need homomorphic encryption algorithms [11] to process the SQL operations SUM and AVG over encrypted databases. We also describe how to apply our method together with secure hash algorithms and homomorphic encryption algorithms to deal with all types of queries over encrypted databases. To deal with range queries on encrypted databases, an order-preserving encryption scheme has been proposed in [2]. In this scheme, the ith value in the plaintext domain is mapped to the ith value in the ciphertext domain, such that the order between plaintexts is preserved between ciphertexts. To use this scheme, users need to be able to model the distributions of values in the plaintext and ciphertext /12 $ IEEE DOI /CLOUD

2 domains. However, when using cloud database services, an enterprise may not have database professionals who know the techniques [9] for data distribution modeling. In addition, the scheme [2] can only deal with plaintexts in a finite domain. The cryptographic study of the order-preserving encryption scheme is done in [3]. The work [1] shows a way of building order-preserving polynomials, which are based on the polynomials proposed by Shamir for secret sharing [16]. However, the proposed mechanism is only applicable to a finite plaintext domain, where the number of plaintexts are needed to determine the range of coefficients in a polynomial. On the other hand, the evaluation results of order-preserving polynomials may reveal the distribution of plaintexts, since similar plaintexts are transformed with similar polynomials. As discussed in [2], the coupling distribution of plaintext and ciphertext domains might be exploited by attackers to guess the scope of the corresponding plaintext for a ciphertext. In [8], an indexing mechanism for range queries is proposed. This mechanism is not strictly order preserving since two different values may be mapped into the same bucket, which is used when checking query conditions. The mechanism can lead to inaccuracy of query results and hence some post-processing is needed to remove unexpected query results. In this paper, we propose an order-preserving indexing scheme, which is secure and easy to use. The scheme is built over the simple linear expressions of the form a x+b. The form of the expressions is public, however the coefficients a and b are kept secret (not known by attackers). Based on the linear expressions, the indexing scheme maps an input value v to a v + b + noise, where noise is a random value. The noise is carefully selected, such that the order of input values is preserved. For example, suppose the linear expression is defined over integers (i.e., a, b and x are all integers), then the noise is selected from the set {0, 1,...,a 1}. When more input values are indexed, more noises are introduced into the result, implying that attackers cannot recover the input values from the generated indexes. Hence, our indexing scheme is information-theoretically secure, since attackers cannot get enough information to solve the linear equations over the input values and the generated indexes. Our indexing scheme allows the programmability of basic indexing expressions (i.e., the linear expressions). Users can make an indexing program that deals with different input values with different indexing expressions. On the one hand, the programmability improves the robustness of our scheme against brute-force attacks since there are more indexing expressions to attack. On the other hand, the programmability can help decouple the distributions of input values and indexes. When a single linear expression is used to index all input values, the distribution of indexes is iden- Figure 1. Architecture of Querying Encrypted Databases tical to the distribution of input values. This problem can be addressed by designing appropriate indexing programs. For example, suppose input values are uniformly distributed. Then, if the indexing program maps a bigger input value into an index that is distributed in a bigger range, then the indexes do not take the uniform distribution. Hence, the distribution of input values is not revealed by indexes. Our indexing scheme is easier to use than that in [2], since our scheme does not need users to model data distribution. Unlike the scheme in [2], our scheme does not generate the indexes with specified distribution. We only require the indexes do not reveal the distribution of input values. Our indexing scheme only depends on linear expressions, which are easier for users to understand and use than polynomials used in in [1]. The usability of security mechanisms is important for them to be effectively taken in practice. In addition, unlike the schemes in [1, 2], our scheme is not an encryption scheme. It is used together with existing encryption algorithms (e.g., AES) to deal with range queries over encrypted databases. Thus, our scheme can benefit from the advances in the encryption algorithm research. The rest of the paper is organized as follows. Section 2 describes the architecture of querying encrypted databases. Section 3 gives the details of our indexing scheme. Section 4 introduces query translation. In Section 5, we describe an prototype of the system. At last, related work and conclusion are given. 2. The Architecture of Querying Encrypted Databases In this section, we describe the architecture in which our indexing scheme is used in the queries to encrypted databases. The architecture is shown in Figure 1. In this 503

3 architecture, there is a database service provided in a public cloud, and an enterprise that deploys into the cloud a database, which is encrypted by the enterprise to protect its privacy. To query or update the encrypted database, the enterprise has a query proxy managing the communication between the database applications and the encrypted database. When a query is received from an application, the proxy translates it into a query that can be executed directly over the encrypted database. When a query result is returned from the database, the query proxy decrypts it before forwarding the result to the application. The query proxy depends on some metadata, such as keys and database schema, to translate queries and decrypt query results. Briefly, when a value is put into the database, the proxy uses the indexing mechanism to generate its index and also encrypts the value with some encryption algorithm like AES. The index and the encrypted value are then stored into corresponding fields in the same record of the database. When a range query is made, the proxy calculates the index of the value in the query condition, which is then used by the database service to search indexes stored in the databases. The order-preserving indexing mechanism reveals the order information of encrypted values. Hence, the cryptographic system based on order-preserving encryption or order-preserving indexing is vulnerable to plaintext-chosen attacks [2, 3]. In this architecture, the proxy is put into the administrative boundary of the enterprise. The attackers from the cloud cannot control the proxy. Hence, the attackers cannot recover the encrypted values by using plaintextchosen attacks. 3. Order-Preserving Secure Indexing and Its Programmability There are several data types (i.e., integer, double, string, etc.) used in a database. In our work, we design the indexing scheme primitively for numerical values, and other data types are translated into integers before indexing. 3.1 Basic Order-Preserving Indexing Our indexing scheme is based on the linear expression a x + b, where x is the input value, a and b are secret coefficients (only known by the query proxy in the architecture of Figure 1). The input value and coefficients can be integers or real numbers. To make sure the linear expression strictly increasing, we require a>0 in the linear expression. Hence, for all v 1 and v 2,ifv 1 >v 2 and a>0, then a v 1 + b>a v 2 + b. As shown above, the basic linear expression respects the order of input values. When the outputs of the linear expressions, used as indexes of the input values, are put into the encrypted databases, the attackers there cannot break the indexes if they do not know a, b and any input values. That is, the basic indexing scheme is secure against ciphertext only attacks. Though in our threat model we do not allow attackers to choose arbitrary input values, the attackers may happen to know the input values of some particular indexes. At this case, they may be able to recover a and b by solving two linear equations, since the equations have only two unknowns a and b. Suppose attackers know two different input values v 1 and v 2 corresponding respectively to indexes i 1 and i 2, then the following two equations can be used to recover a and b. a v 1 + b = i 1 a v 2 + b = i Order-Preserving Indexing with Randomness To solve the vulnerability described above, our idea is to add some random noise to each index. That is, given two input values v 1 and v 2, their indexes i 1 and i 2 will be a v 1 + b+noise 1 and a v 2 +b+noise 2, respectively, where noise 1 and noise 2 are randomly sampled from some range (to be defined later) by the query proxy. Consequently, even if v 1, v 2 and their indexes are known accidentally by attackers on the cloud, they still cannot have enough information (i.e., due to the random noises) to solve the following equations. a v 1 + b + noise 1 = i 1 a v 2 + b + noise 2 = i 2 In the following, we describe how to determine the range of noises, such that if v 1 >v 2 and a>0, then a v 1 + b + noise 1 >a v 2 + b + noise Randomized Order-Preserving Indexing Over Integers We start the definition of the noise range from a special case, building up the intuitiveness of our method. In this special case, we assume the input values and coefficients in the linear expression are all integers. Suppose v 1 and v 2 are two integers and v 1 >v 2. Then, the gap between them is at least 1, that is v 1 v 2 1. We will use sensitivity to mean the least gap, as in differential privacy research [10]. To determine how much noise can be added into indexes, such that the indexes keep the order between v 1 and v 2,we need to know the least gap between a v 1 + b (denoted i 1) and a v 2 + b (denoted i 2). Since v 1 v 2 1, wehave i 1 i 2 = a (v 1 v 2 ) and hence i 1 i 2 a 1 and i 1 i 2 + a 1. If noise 1 and noise 2 are both randomly sampled from the range [0,a 1) (We keep writing a 1 to manifest the sensitivity of input values in the noise range), then we have i 1 + noise 1 >i 2 + noise 2, which holds even when noise 1 is 0 (the minimum of noise 1 ) and noise 2 is its maximum in [0,a 1). 504

4 For example, suppose the linear expression over integers is 5 x +3, and then the noise can be randomly selected from the range [0, 5). Hence, the index of input value 1 is distributed in the range [8, 13), the index of 2 is in [13, 18), and so on Randomized Order-Preserving Indexing As shown above, the sensitivity of input values is needed to determine the amount of noise that can be added into indexes. The following is the formal definition of sensitivity of input values. Definition Let V be the set of all input values. The sensitivity of V is the minimum element in the set { v 1 v 2 v 1 V,v 2 V,v 1 v 2 }. By its definition, the sensitivity is always greater than 0. The sensitivity of input values is usually specific to applications. For example, if the salary in a company takes the format of d 1 d 2 d 3.d 4 d 5, where d i is a digit, then the sensitivity of salary is That is, the least salary difference of between two staffs is 0.01 in the company. For another example, if the input values in an application can only be even numbers, then the sensitivity of input values in this application is 2. Definition Given the sensitivity sens of input values V, the randomized index of value v V is a v + b + noise, where a>0 and noise is randomly sampled from the range [0,a sens). For example, suppose the linear expression is 7.2 x , and the sensitivity of input values is Then, the range for generating noises is [0, 0.072). For two example input values 2.04 and 2.05, their randomized indexes are calculated by noise 1 and noise 2, and hence distributed in the ranges [18.438, 18.51) and [18.51, ), respectively. Note that due to random noises two same values can have different indexes. We use the notation rindex sens [a,b](v) to represent the randomized index of input value v, calculated by using the above definition. The following theorem shows that randomized index defined above is order-preserving, reflecting the correctness of the randomized indexing scheme. Theorem Given the sensitivity sens of input values V, for all v 1 V and v 2 V,ifv 1 >v 2, then rindex sens [a,b] (v 1) > rindex sens [a,b] (v 2). To prove this theorem, we need to show that rindex sens [a,b] (v 1) rindex sens [a,b] (v 2) > 0. Let noise 1 and noise 2 denote the noises added to the indexes of v 1 and v 2, respectively. Then, our proof goal becomes a (v 1 v 2 )+noise 1 noise 2 > 0. According to the definition of randomized indexes, both noise 1 and noise 2 lie in the range [0,a sens). Hence, the proof goal holds if a (v 1 v 2 ) noise 2 > 0. Since sens is the sensitivity of the input values, we have v 1 v 2 sens and hence a (v 1 v 2 ) a sens > noise 2, that is, a (v 1 v 2 ) noise 2 > 0. In the following, we introduce a special type of randomized indexes. In this type of indexes, the sensitivity of indexes is the same as that of input values. Such sensitivitykeeping indexes will make the indexing programs easier to write, as to be discussed in the next subsection. Definition Given the sensitivity sens of input values V,if a>1, then the sensitivity-keeping index of value v V is a v + b + noise, where noise is randomly sampled from the range [0,a sens sens]. Note that the sensitivity-keeping index of value v is defined only when a>1, which ensures a sens sens > 0. Consider the previous example where the linear expression is 7.2 x and the sensitivity of input values is Then, the range of noises is [0, ] (i.e., [0, 0.062]). The sensitivity-keeping index of v is indicated by the notation skindex sens [a,b] (v). The following theorem states that the sensitivity of input values is kept by indexes. Theorem Given the sensitivity sens of input values V, v 1 V and v 2 V,ifv 1 v 2 = sens, then skindex sens [a,b] (v 1) skindex sens [a,b] (v 2) sens. For the proof of this theorem, we have skindex sens [a,b] (v 1) skindex sens [a,b] (v 2) = a (v 1 v 2 )+noise 1 noise 2 = a sens + noise 1 noise 2. According to the definition of skindx, we have 0 noise 1 (a 1) sens and 0 noise 2 (a 1) sens, and hence a sens + noise 1 noise 2 sens. Since the sensitivity sens is greater than 0, the theorem also shows the order between v 1 and v 2 is preserved. To keep sensitivity, skindex withholds some noise (i.e., the amount of sens). In the next section, we will show that skindex is always followed by rindex in an indexing program, such that there is no noise withheld from final indexes. 3.3 Programmability of Indexes In this section, we describe how to compose basic indexing expressions (skindex or rindex) into indexing programs. Briefly, an indexing program allows different input values to be indexed by different linear indexing expressions and allows indexes to be indexed again (like the 3DES algorithm, in which a ciphertext is encrypted again by DES). 505

5 I ::= rindex sens [a,b] S; rindexsens [a,b] S ::= skindex sens [a,b] if C then S 1 else S 2 S 1 ; S 2 C ::= gt(c) ge(c) Figure 2. Abstract Syntax of Indexing Programs The syntax of indexing programs is shown in Figure 2. An index program I is either rindex sens [a,b] or has the form S; rindex sens [a,b], where S is the composition of sensitivitykeeping indexing expressions. S can be a basic sensitivitykeeping indexing expression skindex sens [a,b], a conditional indexing expression, or a sequential composition of expressions. In the conditional indexing expression, C means a condition, which can be gt(c) or ge(c), where c is a constant. The semantics of indexing programs is defined as follows. Suppose v is an input value. Then, I(v) means the application of I to v, generating v s index. If I is rindex sens [a,b], then I(v) = rindex sens [a,b](v). If I is S; rindexsens [a,b], then I(v) =rindex sens [a,b](i), where i = S(v). The semantics of indexing steps S is defined inductively. If S is skindex sens [a,b], then S(v) =skindex sens [a,b](v). IfS is the conditional indexing step, then S(v) =S 1 (v) if v makes the condition C true; otherwise, S(v) =S 2 (v). The condition C is gt(c) or ge(c). The condition gt(c) is true if v>c, and ge(c) is true if v c. IfS is a sequential composition of steps, then S(v) =S 2 (i), where i = S 1 (v). An indexing program is said well-formed if it is orderpreserving. Since in an indexing program the basic indexing expressions skindex and rindex are already orderpreserving, it is order-preserving if all conditional indexing expressions are also order-preserving. For any conditional indexing expression if C then S 1 else S 2, where C is gt(c) or ge(c), it is order-preserving if S 1 (c) S 2 (c). This condition also makes sure there is no overlap among indexes generated by S 1 and S 2. Note that this order preserving condition can be checked by using only the program code (i.e., without using any input values). When writing an indexing program, the argument sens on all skindex and skindex represents the sensitivity of input values. In an indexing program that consists of a sequence of expressions, all intermediate indexes are calculated by skindex, which does not change the sensitivity of input values. Hence, programmers can use the sensitivity of input values in the whole program, easing the burden of programming. An indexing program example is given in Figure 3. In this example, we assume the sensitivity of input values is 1. Suppose input values are from the range [0, 500] and evenly I = skindex 1 [3.1,14.7]; S; rindex 1 [0.3,73] S = if gt(1200) then skindex 1 [12,121.5] else S 1 S 1 = if gt(900) then skindex 1 [9.2,81.7] else S 2 S 2 = if gt(650) then skindex 1 [6.3,78.3] else S 3 S 3 = if gt(400) then skindex 1 [4.1,65.2] else S 4 S 4 = if gt(280) then skindex 1 [3.3,43.6] else S 5 S 5 = if gt(150) then skindex 1 [2.5,30.1] else S 6 S 6 = if gt(100) then skindex 1 [1.8,19.7] else skindex 1 [1.2,3.7] Figure 3. An Indexing Program Example distributed. This indexing program first transforms the input values with skindex 1 [3.1,150], leading to intermediate indexes in range [14.7,1566.8] (i.e., the upper bound is calculated by ). Then, the program divides the intermediate indexes into eight parts, processed by indexing expressions with different coefficients. At last, an randomized indexing expression is applied to generate the final indexes. In this example the indexes are not evenly distributed, since a bigger index is distributed in a bigger range. The programmability of indexes increases the robustness of our index scheme in two aspects. First, input values can be indexed by multiple linear expressions, making bruteforce attacks harder. Second, the distribution of indexes can be decoupled from the distribution of input values, making it harder to estimate the range of input values according to the positions of indexes. The following notations will be used later. Let Index be an indexing program, which is used secretly by the proxy when translating queries. Then, Index(v, s) generates the index of v by using the program Index, with all indexing expressions in the program taking s as their sensitivity. Specially, Index(v, 0) means the index of v without adding any noise, which the minimum index of v. 3.4 Indexing String Input Values In this section, we introduce how to convert a string into an integer, such that our indexing scheme can be applied. Our basic idea is to convert a string into an integer, where a character in the string has its ASCII encoding as the value of the corresponding byte in the integer. For example, BC is converted to 0x4243. Strings are usually compared in the lexical order. For example, the string BC is greater than ABC. When strings are converted into integers, their order must be preserved. Hence, it is not acceptable that BC is converted to 0x4243 and ABC is converted to 0x414243, since 0x4243 is less than 0x To solve this problem, our indexing scheme needs to know the maximum length of strings that will be compared. If the maximum length of input strings is l and a string has the length n, then (l n) bytes of zeros will be 506

6 Figure 4. Change of Table Structures padded to the end of the converted integer. For example, suppose l = 4. Then, BC is converted to 0x (two bytes of zeros are padded) and ABC is converted to 0x (one byte of zero is padded). Apparently, we have BC > ABC, and also 0x > 0x Query of Encrypted Databases We introduce how to perform range queries on encrypted databases, under the architecture in Figure 1. The equality and aggregate queries are also discussed. 4.1 The Basic Idea The basic idea of performing range queries is illustrated with the following example. Suppose the database application developers have designed a database that has a Staff table, which includes only one column Salary. When creating such a table in a cloud database service, the proxy hashes the table name, such that the table name is meaningless to attackers on cloud. For the column Salary, the proxy actually creates two corresponding columns in the created table; their names are obtained by hashing SalaryEnc and SalaryRngIdx, respectively, where Enc and RngIdx are postfixes also applied to other columns. When an input value from the database application is being put into the encrypted table, the proxy encrypts the value with some encryption algorithms such as AES, generating the ciphertext for the SalaryEnc column, and also indexes the value for the SalaryRngIdx column (Note that the column names are hashed in the cloud database service). When the database application issues a range query on the column Salary, the proxy translates the query into a new one that selects the encrypted values from the column SalaryEnc with the range condition compared on the column SalaryRngIdx. The new query is then executed by the database service. The basic idea also applies to equality and aggregate queries. To support equality queries, the proxy adds another extra column, which contains the secure hash of input values. Thus, the same value appears the same in this column. For example, for the Salary column, another extra column SalaryEqIdx is added. When inserting a value into the encrypted table, the proxy hashes the value for the column SalaryEqIdx with the secure hash algorithms like HMACSHA1. Thus, for an equality query or a query that depends on equality comparison (e.g., a query using Group By), it will be translated to make equality comparisons on the column SalaryEqIdx. To support the queries involving the operations SUM and AVG, the proxy must use homomorphic encryption algorithms, such as [4, 13], to generate ciphertext for the SalaryEnc column. Thus, the aggregate operations can be performed directly on the encrypted data in the SalaryEnc column. Figure 4 summarizes the table structure seen by the database application and the table structure managed by the cloud database service, where the notation Staff represents the hash of name Staff, and similar notations are also for other names. 4.2 The Translation of SQL Statements The queries from database applications are translated by the proxy before being executed by the cloud database service. The translation of some representative queries is introduced below. Assume the proxy has the key k. We write Enc(k, v) for the encryption of v with k, and Hash(k, v) for the secure hash of v with k. The numeric and string data type is represented by Num and String Creation of Encrypted Databases and Tables To create a database and a table, the database application can issue the following two statements. create database dbname create table tblname (colnm Type,... ) In the statement above, Type is the data type for the column colnm. The statements are translated into the following statements by the proxy. In addition, the proxy records the schema of the created table in its metadata. create database Hash(k,dbname) create table Hash(k,tblname) (Hash(k,colnm+"EqIdx") String, Hash(k,colnm+"RngIdx") Num, Hash(k,colnm+"Enc") String,... ) That is, three columns are created for the column colnm. The column colnm+ EqIdx have the type String, since its values are always hexadecimal strings generated by secure hash functions. The values of column colnm+ RngIdx are generated by our indexing mechanism and have the numerical type. The column colnm+ Enc for ciphertext also has the type String Insertion of Values into Tables After a table is created, the database application can put a new record into the table by using the following statement. insert into tblname (colnm,... ) values (v,...) 507

7 Assume the sensitivity of values in column colnm is sens, which is configured in the proxy. The proxy translates the above statement into the following one for execution. In the new statement, the value v is hashed, indexed and encrypted for storing into different columns. insert into Hash(k,tblname) (Hash(k,colnm+"EqIdx"), Hash(k,colnm+"RngIdx"), Hash(k,colnm+"Enc"),... ) values (Hash(k,v),Index(v,sens),Enc(k,v),...) Queries A query from the database application can take the following basic form. select colnm,... from tblname where cond If is used in the query (i.e., select * from...), the proxy can replace with all column names according to the table schema in its metadata. For the basic query statement, the proxy translates it into the following form, where the translation of cond into cond is discussed below. select Hash(k,colnm+"Enc"),... from Hash(k,tblname) where cond For the condition cond, it is defined over the primitive logical forms colnm <c, colnm = c, colnm >c, where c is a constant from the domain of the colnm column, by using the logical connectives (i.e, and, or). When translating the condition cond, we just need to replace each primitive logical expression with the translated one. The condition colnm <c is translated into Hash(k,colnm+ RngIdx ) < Index(c,0). Recall that Index(c, 0) is the minimum index of c. The condition colnm=c is simply translated into Hash(k,colnm+ EqIdx ) = Hash(k,c). Assume the sensitivity of values in the colnm column is sens. Then, c+sens is the next value of c, and colnm >cis equivalent to the new condition colnm c + sens, which is translated into Hash(k,colnm+ RngIdx ) Index(c+sens,0). Note that Index(c+sens,0) is the minimum index of c+sens. The keywords order by colnm and group by colnm are frequently used in queries. They are translated into order by Hash(k,colnm+ RngIdx ) and group by Hash(k,colnm+ EqIdx ), respectively. 5. Implementation and Experiment We implemented a prototype of our indexing scheme for querying encrypted database. In the implementation, we simulate a database service by wrapping up the Apache Derby database management system with a SOAP-based web service interface, which is accessed by the proxy to query over the encrypted database. The query proxy is also implemented as a web service, accepting SQL queries from Figure 5. A Fragment of Encrypted Database the webs server and returning back the decrypted query results. The database application is a web application, which includes the web server and browser. The web services and web server are deployed over the GlassFish 3.1 platform. The web application is designed to manage the staffs in a company and the projects they are involved in. The database in the application includes the following two tables. staff(id INTEGER, name VARCHAR(32), VARCHAR(255), level INTEGER) project(id INTEGER, project VARCHAR(32), deadline TIMESTAMP) In the database service, the schema is expanded, with the table name and column names hashed with the HMACSHA1 algorithm. For example, in the encrypted database, the staff table has the name 9EE14475FCE3725D60410AE3A9DDA94A1CBA766E and the id column has led to three columns and the idenc column has the name D97B7C1AB660AF A51C C4EF5. To test the application, we put 200 staff records and 300 project records into the encrypted database. A fragment of the database is shown in Figure 5, where the first row is the HMACSHA1 hashes of four column names (idenc, nameenc, enc and levelenc) and other rows are encrypted records. In the application, the AES algorithm is used for encryption, and the indexing programs used are different for different columns. As an example, for the id column, the following is the used indexing program, represented in XML. <indexing table="staff" col="id" sens="1"> <skstep><a>2</a><b>11</b></skstep> <ifstep><gt>50</gt> <skstep><a>5</a><b>17</b></skstep> <skstep><a>3</a><b>13</b></skstep> </ifstep> <rstep><a>7</a><b>19</b></rstep> </indexing> The query over the encrypted database is illustrated by the following example. Given a range query below, Figure 6 shows the query result returned by the database service and the decryption result generated by the proxy. select * from staff natural join project where "deadline"> 2012/6/9 and "deadline"< 2012/8/9 508

8 scheme to query encrypted databases by query translation. A prototype is implemented to demonstrate our system. References Figure 6. A Query Result and its Decryption 6. Related Works The most related works include the order-preserving encryption scheme [2], the order-preserving polynomials [1] and the order-preserving indexing scheme [8]. In addition to the differences discussed before, the programmability of indexing expressions is a unique feature of our scheme and can improve the robustness of our scheme by indexing different input values with different indexing expressions. The work [12] uses strictly increasing functions to implement order-preserving encryption. Their functions can be higher order and can be sequentially composed. However, all input values are encrypted by the same functions. These functions do not add noises into the encryption result, and hence the secret coefficients can be recovered when some pairs of plaintexts and ciphertexts are known by attackers. The order-preserving hash functions discussed in [6] map a set of input values into a set of hash values for fast information retrieval, with the hash values preserving the order of input values. These hash functions are not designed for protecting security. For example, there is no secret values (like encryption keys) that prevent the recovery of input values from hash values. The CryptDB [14] is a system supporting SQL queries over encrypted databases, where range queries rely on order-preserving encryption [3]. Our method can be incorporated into such systems to process range queries. 7. Conclusion In this paper, we proposed a method of generating orderpreserving indexes for facilitating range queries over encrypted databases. Our indexing is simple to use since it is based on linear expressions. The basic linear indexing expression is information-theoretically secure since each index is added with some random noise. We gave the way of controlling the amount of noises such that the randomized indexes are still order-preserving. Our scheme is programmable, meaning that the basic indexing expressions can be composed together to improve the robustness of the indexing programs and hide the distribution of input values from indexes. We introduced how to apply the indexing [1] D. Agrawal, A. E. Abbadi, F. Emekçi, and A. Metwally. Database management as a service: Challenges and opportunities. In Proceedings of the 25th International Conference on Data Engineering, pages , [2] R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. Order preserving encryption for numeric data. In Proceedings of the 2004 ACM SIGMOD international conference on Management of data, SIGMOD 04, pages , [3] A. Boldyreva, N. Chenette, Y. Lee, and A. O Neill. Orderpreserving symmetric encryption. In Proceedings of the 28th Annual International Conference on Advances in Cryptology, EUROCRYPT 09, pages , [4] Z. Brakerski and V. Vaikuntanathan. Fully homomorphic encryption from ring-lwe and security for key dependent messages. In Proceedings of the 31st annual conference on Advances in cryptology, CRYPTO 11, pages , [5] CircleID Reporter. Survey: Cloud computing no hype, but fear of security and control slowing adoption. cloud_computing_hype_security, Feb [6] E. A. Fox, Q. F. Chen, A. M. Daoud, and L. S. Heath. Orderpreserving minimal perfect hash functions and information retrieval. ACM Trans. Inf. Syst., 9: , July [7] A. Haeberlen. A case for the accountable cloud. SIGOPS Oper. Syst. Rev., 44:52 57, April [8] B. Hore, S. Mehrotra, and G. Tsudik. A privacy-preserving index for range queries. In Proceedings of the 30th international conference on Very large data bases, [9] A. C. König and G. Weikum. Combining histograms and parametric curve fitting for feedback-driven query resultsize estimation. In Proceedings of the 25th International Conference on Very Large Data Bases, [10] F. D. McSherry. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In Proceedings of the 35th SIGMOD international conference on Management of data, SIGMOD 09, pages 19 30, [11] D. Micciancio. A first glimpse of cryptography s holy grail. Commun. ACM, 53(3):96, [12] G. Ozsoyoglu, D. A. Singer, and S. S. Chung. Anti-tamper databases: Querying encrypted databases. In In Proc. of the 17th Annual IFIP WG 11.3 Working Conference on Database and Applications Security, pages 4 6, [13] P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. In Proceedings of the 17th international conference on Theory and application of cryptographic techniques, pages , [14] R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan. CryptDB: protecting confidentiality with encrypted query processing. In Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles, [15] N. Santos, K. P. Gummadi, and R. Rodrigues. Towards trusted cloud computing. In Proceedings of the 2009 conference on Hot topics in cloud computing, [16] A. Shamir. How to share a secret. Commun. ACM, 22: , November

Security Analysis for Order Preserving Encryption Schemes

Security Analysis for Order Preserving Encryption Schemes Security Analysis for Order Preserving Encryption Schemes Liangliang Xiao University of Texas at Dallas Email: xll052000@utdallas.edu Osbert Bastani Harvard University Email: obastani@fas.harvard.edu I-Ling

More information

Message Authentication Code

Message Authentication Code Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBC-MAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44

More information

3-6 Toward Realizing Privacy-Preserving IP-Traceback

3-6 Toward Realizing Privacy-Preserving IP-Traceback 3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems

More information

Associate Prof. Dr. Victor Onomza Waziri

Associate Prof. Dr. Victor Onomza Waziri BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,

More information

A Searchable Encryption Scheme for Outsourcing Cloud Storage

A Searchable Encryption Scheme for Outsourcing Cloud Storage A Searchable Encryption Scheme for Outsourcing Cloud Storage Jyun-Yao Huang Department of Computer Science and Engineering National Chung Hsing University Taichung 402, Taiwan allen501pc@gmail.com I-En

More information

Fully homomorphic encryption equating to cloud security: An approach

Fully homomorphic encryption equating to cloud security: An approach IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 9, Issue 2 (Jan. - Feb. 2013), PP 46-50 Fully homomorphic encryption equating to cloud security: An approach

More information

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads

Lecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs

More information

Survey on Efficient Information Retrieval for Ranked Query in Cost-Efficient Clouds

Survey on Efficient Information Retrieval for Ranked Query in Cost-Efficient Clouds Survey on Efficient Information Retrieval for Ranked Query in Cost-Efficient Clouds Ms. Jyotsna T. Kumbhar 1 ME Student, Department of Computer Engineering, TSSM S, P.V.P.I.T., Bavdhan, Pune University,

More information

Secure Computation Martin Beck

Secure Computation Martin Beck Institute of Systems Architecture, Chair of Privacy and Data Security Secure Computation Martin Beck Dresden, 05.02.2015 Index Homomorphic Encryption The Cloud problem (overview & example) System properties

More information

Computing Range Queries on Obfuscated Data

Computing Range Queries on Obfuscated Data Computing Range Queries on Obfuscated Data E. Damiani 1 S. De Capitani di Vimercati 1 S. Paraboschi 2 P. Samarati 1 (1) Dip. di Tecnologie dell Infomazione (2) Dip. di Ing. Gestionale e dell Informazione

More information

Analysis of Privacy-Preserving Element Reduction of Multiset

Analysis of Privacy-Preserving Element Reduction of Multiset Analysis of Privacy-Preserving Element Reduction of Multiset Jae Hong Seo 1, HyoJin Yoon 2, Seongan Lim 3, Jung Hee Cheon 4 and Dowon Hong 5 1,4 Department of Mathematical Sciences and ISaC-RIM, Seoul

More information

SECURITY EVALUATION OF EMAIL ENCRYPTION USING RANDOM NOISE GENERATED BY LCG

SECURITY EVALUATION OF EMAIL ENCRYPTION USING RANDOM NOISE GENERATED BY LCG SECURITY EVALUATION OF EMAIL ENCRYPTION USING RANDOM NOISE GENERATED BY LCG Chung-Chih Li, Hema Sagar R. Kandati, Bo Sun Dept. of Computer Science, Lamar University, Beaumont, Texas, USA 409-880-8748,

More information

Chapter 23. Database Security. Security Issues. Database Security

Chapter 23. Database Security. Security Issues. Database Security Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database

More information

Homomorphic encryption and emerging technologies COSC412

Homomorphic encryption and emerging technologies COSC412 Homomorphic encryption and emerging technologies COSC412 Learning objectives Describe useful work that can be done on encrypted data Appreciate the overall way in which an example homomorphic encryption

More information

Cyber Security Workshop Encryption Reference Manual

Cyber Security Workshop Encryption Reference Manual Cyber Security Workshop Encryption Reference Manual May 2015 Basic Concepts in Encoding and Encryption Binary Encoding Examples Encryption Cipher Examples 1 P a g e Encoding Concepts Binary Encoding Basics

More information

Performance and Cost Evaluation of Adaptive Architecture with dual Layer Encryption

Performance and Cost Evaluation of Adaptive Architecture with dual Layer Encryption ISSN (ONLINE): 2349-7084 GLOBAL IMPACT FACTOR 0.238 DIIF 0.876 Performance and Cost Evaluation of Adaptive Architecture with dual Layer Encryption 1 Barma Udayashanth Kumar, 2 N.Poorna Chandra Rao, 3 Dr.S.Prem

More information

Tackling The Challenges of Big Data. Tackling The Challenges of Big Data Big Data Systems. Security is a Negative Goal. Nickolai Zeldovich

Tackling The Challenges of Big Data. Tackling The Challenges of Big Data Big Data Systems. Security is a Negative Goal. Nickolai Zeldovich Introduction is a Negative Goal No way for adversary to violate security policy Difficult to achieve: many avenues of attack 1 Example: Confidential Database Application server Database server Approach:

More information

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE

SECURE AND EFFICIENT PRIVACY-PRESERVING PUBLIC AUDITING SCHEME FOR CLOUD STORAGE International Journal of Computer Network and Security(IJCNS) Vol 7. No.1 2015 Pp. 1-8 gopalax Journals, Singapore available at : www.ijcns.com ISSN: 0975-8283 ----------------------------------------------------------------------------------------------------------------------------------------------------------

More information

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?

More information

A COMPARATIVE STUDY OF SECURE SEARCH PROTOCOLS IN PAY- AS-YOU-GO CLOUDS

A COMPARATIVE STUDY OF SECURE SEARCH PROTOCOLS IN PAY- AS-YOU-GO CLOUDS A COMPARATIVE STUDY OF SECURE SEARCH PROTOCOLS IN PAY- AS-YOU-GO CLOUDS V. Anand 1, Ahmed Abdul Moiz Qyser 2 1 Muffakham Jah College of Engineering and Technology, Hyderabad, India 2 Muffakham Jah College

More information

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA

NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA THE PUBLISHING HOUSE PROCEEDINGS OF THE ROMANIAN ACADEMY, Series A, OF THE ROMANIAN ACADEMY Volume 14, Number 1/2013, pp. 72 77 NEW CRYPTOGRAPHIC CHALLENGES IN CLOUD COMPUTING ERA Laurenţiu BURDUŞEL Politehnica

More information

VoteID 2011 Internet Voting System with Cast as Intended Verification

VoteID 2011 Internet Voting System with Cast as Intended Verification VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could

More information

1 Message Authentication

1 Message Authentication Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm

Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm Secure Collaborative Privacy In Cloud Data With Advanced Symmetric Key Block Algorithm Twinkle Graf.F 1, Mrs.Prema.P 2 1 (M.E- CSE, Dhanalakshmi College of Engineering, Chennai, India) 2 (Asst. Professor

More information

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD

SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD SECURITY ENHANCEMENT OF GROUP SHARING AND PUBLIC AUDITING FOR DATA STORAGE IN CLOUD S.REVATHI B.HASEENA M.NOORUL IZZATH PG Student PG Student PG Student II- ME CSE II- ME CSE II- ME CSE Al-Ameen Engineering

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA

A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA A NOVEL APPROACH FOR MULTI-KEYWORD SEARCH WITH ANONYMOUS ID ASSIGNMENT OVER ENCRYPTED CLOUD DATA U.Pandi Priya 1, R.Padma Priya 2 1 Research Scholar, Department of Computer Science and Information Technology,

More information

Homomorphic Encryption Method Applied to Cloud Computing

Homomorphic Encryption Method Applied to Cloud Computing International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 4, Number 15 (2014), pp. 1519-1530 International Research Publications House http://www. irphouse.com Homomorphic Encryption

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

Development of enhanced Third party Auditing Scheme for Secure Cloud Storage

Development of enhanced Third party Auditing Scheme for Secure Cloud Storage Development of enhanced Third party Auditing Scheme for Secure Cloud Storage Bhanu Prakash Chamakuri*1, D. Srikar*2, Dr. M.Suresh Babu*3 M.Tech Scholar, Dept of CSE, Grandhi Varalakshmi Institute Of Technology,

More information

Query Services in Cost Efficient Cloud Using Query Analysis

Query Services in Cost Efficient Cloud Using Query Analysis Query Services in Cost Efficient Cloud Using Query Analysis VanthanaPriya.J 1, ArunKumar.B 2 PG Scholar, Department of CSE, Karpagam University, Coimbatore, Tamil nadu, India 1 Assistant Professor, Department

More information

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm

Error oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Error oracle attacks and CBC encryption Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Agenda 1. Introduction 2. CBC mode 3. Error oracles 4. Example 1 5. Example 2 6. Example 3 7. Stream ciphers

More information

A comprehensive survey on various ETC techniques for secure Data transmission

A comprehensive survey on various ETC techniques for secure Data transmission A comprehensive survey on various ETC techniques for secure Data transmission Shaikh Nasreen 1, Prof. Suchita Wankhade 2 1, 2 Department of Computer Engineering 1, 2 Trinity College of Engineering and

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No. # 11 Block Cipher Standards (DES) (Refer Slide

More information

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013

International Journal of Information Technology, Modeling and Computing (IJITMC) Vol.1, No.3,August 2013 FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,

More information

Secure semantic based search over cloud

Secure semantic based search over cloud Volume: 2, Issue: 5, 162-167 May 2015 www.allsubjectjournal.com e-issn: 2349-4182 p-issn: 2349-5979 Impact Factor: 3.762 Sarulatha.M PG Scholar, Dept of CSE Sri Krishna College of Technology Coimbatore,

More information

Security Issues in Querying Encrypted Data

Security Issues in Querying Encrypted Data Security Issues in Querying Encrypted Data Murat Kantarcıoǧlu 1 and Chris Clifton 2 1 Department of Computer Science, The University of Texas at Dallas, Richardson, TX 75083 kanmurat@cs.purdue.edu, http://www.murat.kantarcioglu.net

More information

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6. 1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks

More information

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,

More information

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment

Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Secure Group Oriented Data Access Model with Keyword Search Property in Cloud Computing Environment Chih Hung Wang Computer Science and Information Engineering National Chiayi University Chiayi City 60004,

More information

Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage

Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage Efficient and Secure Dynamic Auditing Protocol for Integrity Verification In Cloud Storage Priyanga.R 1, Maheswari.B 2, Karthik.S 3 PG Scholar, Department of CSE, SNS College of technology, Coimbatore-35,

More information

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.

Cryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g. Cryptography: Motivation Many areas have sensitive information, e.g. Data Structures and Algorithms Cryptography Goodrich & Tamassia Sections 3.1.3 & 3.1.4 Introduction Simple Methods Asymmetric methods:

More information

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC

An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC An Efficient and Secure Key Management Scheme for Hierarchical Access Control Based on ECC Laxminath Tripathy 1 Nayan Ranjan Paul 2 1Department of Information technology, Eastern Academy of Science and

More information

Fuzzy Identity-Based Encryption

Fuzzy Identity-Based Encryption Fuzzy Identity-Based Encryption Janek Jochheim June 20th 2013 Overview Overview Motivation (Fuzzy) Identity-Based Encryption Formal definition Security Idea Ingredients Construction Security Extensions

More information

CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE RE-ENCRYPTION

CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE RE-ENCRYPTION CLOUD COMPUTING SECURITY IN UNRELIABLE CLOUDS USING RELIABLE RE-ENCRYPTION Chandrala DN 1, Kulkarni Varsha 2 1 Chandrala DN, M.tech IV sem,department of CS&E, SVCE, Bangalore 2 Kulkarni Varsha, Asst. Prof.

More information

Secure Mediation of Join Queries by Processing Ciphertexts

Secure Mediation of Join Queries by Processing Ciphertexts Secure Mediation of Join Queries by Processing Ciphertexts Joachim Biskup, Christian Tsatedem and Lena Wiese Germany SECOBAP 07 Marmara Hotel, Istanbul April 20, 2007 1/23 Overview Introduction and Problem

More information

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY

CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY CLOUD COMPUTING SECURITY ARCHITECTURE - IMPLEMENTING DES ALGORITHM IN CLOUD FOR DATA SECURITY Varun Gandhi 1 Department of Computer Science and Engineering, Dronacharya College of Engineering, Khentawas,

More information

Non-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak

Non-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak Non-Black-Box Techniques In Crytpography Introduction Thesis for the Ph.D degree Boaz Barak A computer program (or equivalently, an algorithm) is a list of symbols a finite string. When we interpret a

More information

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Module No. # 01 Lecture No. # 05 Classic Cryptosystems (Refer Slide Time: 00:42)

More information

Query Processing in Encrypted Cloud Databases

Query Processing in Encrypted Cloud Databases Query Processing in Encrypted Cloud Databases A Project Report Submitted in partial fulfilment of the requirements for the Degree of Master of Engineering in Computer Science and Engineering by Akshar

More information

Advanced Cryptography

Advanced Cryptography Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.

More information

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 12 Block Cipher Standards

More information

Security over Cloud Data through Encryption Standards

Security over Cloud Data through Encryption Standards Security over Cloud Data through Encryption Standards Santhi Baskaran 1, Surya A 2, Stephen Pius C 3, Sudesh Goud G 4 1 Professor, 2,3,4 Student, Department of Information Technology, Pondicherry Engineering

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Network Security (2) CPSC 441 Department of Computer Science University of Calgary Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate

More information

PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE

PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE PRIVACY-PRESERVING PUBLIC AUDITING FOR SECURE CLOUD STORAGE Abstract: Using Cloud Storage, users can remotely store their data and enjoy the on-demand high quality applications and services from a shared

More information

15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM

15-2394-3696 RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM RIGOROUS PUBLIC AUDITING SUPPORT ON SHARED DATA STORED IN THE CLOUD BY PRIVACY-PRESERVING MECHANISM Dhanashri Bamane Vinayak Pottigar Subhash Pingale Department of Computer Science and Engineering SKN

More information

Breaking An Identity-Based Encryption Scheme based on DHIES

Breaking An Identity-Based Encryption Scheme based on DHIES Breaking An Identity-Based Encryption Scheme based on DHIES Martin R. Albrecht 1 Kenneth G. Paterson 2 1 SALSA Project - INRIA, UPMC, Univ Paris 06 2 Information Security Group, Royal Holloway, University

More information

Optimized And Secure Data Backup Solution For Cloud Using Data Deduplication

Optimized And Secure Data Backup Solution For Cloud Using Data Deduplication RESEARCH ARTICLE OPEN ACCESS Optimized And Secure Data Backup Solution For Cloud Using Data Deduplication Siva Ramakrishnan S( M.Tech ) 1,Vinoth Kumar P (M.E) 2 1 ( Department Of Computer Science Engineering,

More information

The Misuse of RC4 in Microsoft Word and Excel

The Misuse of RC4 in Microsoft Word and Excel The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft

More information

1 Construction of CCA-secure encryption

1 Construction of CCA-secure encryption CSCI 5440: Cryptography Lecture 5 The Chinese University of Hong Kong 10 October 2012 1 Construction of -secure encryption We now show how the MAC can be applied to obtain a -secure encryption scheme.

More information

INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY

INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY Asst.Prof. S.N.Wandre Computer Engg. Dept. SIT,Lonavala University of Pune, snw.sit@sinhgad.edu Gitanjali Dabhade Monika Ghodake Gayatri

More information

Provable-Security Analysis of Authenticated Encryption in Kerberos

Provable-Security Analysis of Authenticated Encryption in Kerberos Provable-Security Analysis of Authenticated Encryption in Kerberos Alexandra Boldyreva Virendra Kumar Georgia Institute of Technology, School of Computer Science 266 Ferst Drive, Atlanta, GA 30332-0765

More information

An Efficient data storage security algorithm using RSA Algorithm

An Efficient data storage security algorithm using RSA Algorithm An Efficient data storage security algorithm using RSA Algorithm Amandeep Kaur 1, Sarpreet Singh 2 1 Research fellow, Department of Computer Science and Engineering, Sri Guru Granth Sahib World University,

More information

Introduction. Digital Signature

Introduction. Digital Signature Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology

More information

Computing on Encrypted Data

Computing on Encrypted Data Computing on Encrypted Data Secure Internet of Things Seminar David Wu January, 2015 Smart Homes New Applications in the Internet of Things aggregation + analytics usage statistics and reports report energy

More information

EFFECTIVE DATA RECOVERY FOR CONSTRUCTIVE CLOUD PLATFORM

EFFECTIVE DATA RECOVERY FOR CONSTRUCTIVE CLOUD PLATFORM INTERNATIONAL JOURNAL OF REVIEWS ON RECENT ELECTRONICS AND COMPUTER SCIENCE EFFECTIVE DATA RECOVERY FOR CONSTRUCTIVE CLOUD PLATFORM Macha Arun 1, B.Ravi Kumar 2 1 M.Tech Student, Dept of CSE, Holy Mary

More information

A SECURE DECISION SUPPORT ESTIMATION USING GAUSSIAN BAYES CLASSIFICATION IN HEALTH CARE SERVICES

A SECURE DECISION SUPPORT ESTIMATION USING GAUSSIAN BAYES CLASSIFICATION IN HEALTH CARE SERVICES A SECURE DECISION SUPPORT ESTIMATION USING GAUSSIAN BAYES CLASSIFICATION IN HEALTH CARE SERVICES K.M.Ruba Malini #1 and R.Lakshmi *2 # P.G.Scholar, Computer Science and Engineering, K. L. N College Of

More information

SECURITY FOR ENCRYPTED CLOUD DATA BY USING TOP-KEY TREE TECHNOLOGIES

SECURITY FOR ENCRYPTED CLOUD DATA BY USING TOP-KEY TREE TECHNOLOGIES SECURITY FOR ENCRYPTED CLOUD DATA BY USING TOP-KEY TREE TECHNOLOGIES 1 MANJOORULLASHA SHAIK, 2 SYED.ABDULHAQ, 3 P.BABU 1 PG SCHOLAR, CSE (CN), QCET, NELLORE 2,3 ASSOCIATE PROFESSOR, CSE, QCET, NELLORE

More information

Simple Encryption/Decryption Application

Simple Encryption/Decryption Application Simple Encryption/Decryption Application Majdi Al-qdah Faculty of Information Technology Multimedia University Cyberjaya, 63100, Malaysia majdi.qdah@mmu.edu.my Lin Yi Hui Faculty of Information Technology

More information

Network Security Technology Network Management

Network Security Technology Network Management COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission

More information

Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve

Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve Secure and Efficient Data Retrieval Process based on Hilbert Space Filling Curve N.S. Jeya karthikka PG Scholar Sri Ramakrishna Engg Collg S.Bhaggiaraj Assistant Professor Sri Ramakrishna Engg Collg V.Sumathy

More information

An Efficient Multi-Keyword Ranked Secure Search On Crypto Drive With Privacy Retaining

An Efficient Multi-Keyword Ranked Secure Search On Crypto Drive With Privacy Retaining An Efficient Multi-Keyword Ranked Secure Search On Crypto Drive With Privacy Retaining 1 B.Sahaya Emelda and 2 Mrs. P. Maria Jesi M.E.,Ph.D., 1 PG Student and 2 Associate Professor, Department of Computer

More information

A generalized Framework of Privacy Preservation in Distributed Data mining for Unstructured Data Environment

A generalized Framework of Privacy Preservation in Distributed Data mining for Unstructured Data Environment www.ijcsi.org 434 A generalized Framework of Privacy Preservation in Distributed Data mining for Unstructured Data Environment V.THAVAVEL and S.SIVAKUMAR* Department of Computer Applications, Karunya University,

More information

Mitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security

Mitigating Server Breaches with Secure Computation. Yehuda Lindell Bar-Ilan University and Dyadic Security Mitigating Server Breaches with Secure Computation Yehuda Lindell Bar-Ilan University and Dyadic Security The Problem Network and server breaches have become ubiquitous Financially-motivated and state-sponsored

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption.

Index Terms: Cloud Computing, Third Party Auditor, Threats In Cloud Computing, Dynamic Encryption. Secure Privacy-Preserving Cloud Services. Abhaya Ghatkar, Reena Jadhav, Renju Georgekutty, Avriel William, Amita Jajoo DYPCOE, Akurdi, Pune ghatkar.abhaya@gmail.com, jadhavreena70@yahoo.com, renjug03@gmail.com,

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1 Data Encryption Standard

More information

CHAPTER 5. Obfuscation is a process of converting original data into unintelligible data. It

CHAPTER 5. Obfuscation is a process of converting original data into unintelligible data. It CHAPTER 5 5.1. Introduction Obfuscation is a process of converting original data into unintelligible data. It is similar to encryption but it uses mathematical calculations or programming logics. Encryption

More information

A Proposal for Authenticated Key Recovery System 1

A Proposal for Authenticated Key Recovery System 1 A Proposal for Authenticated Key Recovery System 1 Tsuyoshi Nishioka a, Kanta Matsuura a, Yuliang Zheng b,c, and Hideki Imai b a Information & Communication Business Div. ADVANCE Co., Ltd. 5-7 Nihombashi

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

Encryption for Cloud Services Security: Problem or Panacea? @Zulfikar_Ramzan / CTO / www.elastica.net

Encryption for Cloud Services Security: Problem or Panacea? @Zulfikar_Ramzan / CTO / www.elastica.net Encryption for Cloud Services Security: Problem or Panacea? @Zulfikar_Ramzan / CTO / www.elastica.net Tectonic Shift in the Market SaaS On-Premise Many pieces to Buy, Assemble & Operate No visibility /

More information

Authentication Protocols Using Hoover-Kausik s Software Token *

Authentication Protocols Using Hoover-Kausik s Software Token * JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691-699 (2006) Short Paper Authentication Protocols Using Hoover-Kausik s Software Token * WEI-CHI KU AND HUI-LUNG LEE + Department of Computer Science

More information

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential

More information

Homomorphic Encryption Schema for Privacy Preserving Mining of Association Rules

Homomorphic Encryption Schema for Privacy Preserving Mining of Association Rules Homomorphic Encryption Schema for Privacy Preserving Mining of Association Rules M.Sangeetha 1, P. Anishprabu 2, S. Shanmathi 3 Department of Computer Science and Engineering SriGuru Institute of Technology

More information

Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud

Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud Sheltered Multi-Owner Data distribution For vibrant Groups in the Cloud I.sriram murthy 1 N.Jagajeevan 2 II M-Tech student Assistant.Professor Department of computer science & Engineering Department of

More information

Chapter 23. Database Security. Security Issues. Database Security

Chapter 23. Database Security. Security Issues. Database Security Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database

More information

A Comprehensive Data Forwarding Technique under Cloud with Dynamic Notification

A Comprehensive Data Forwarding Technique under Cloud with Dynamic Notification Research Journal of Applied Sciences, Engineering and Technology 7(14): 2946-2953, 2014 ISSN: 2040-7459; e-issn: 2040-7467 Maxwell Scientific Organization, 2014 Submitted: July 7, 2013 Accepted: August

More information

Secure Way of Storing Data in Cloud Using Third Party Auditor

Secure Way of Storing Data in Cloud Using Third Party Auditor IOSR Journal of Computer Engineering (IOSR-JCE) e-issn: 2278-0661, p- ISSN: 2278-8727Volume 12, Issue 4 (Jul. - Aug. 2013), PP 69-74 Secure Way of Storing Data in Cloud Using Third Party Auditor 1 Miss.

More information

Cloud Security and Algorithms: A Review Divya saraswat 1, Dr. Pooja Tripathi 2 1

Cloud Security and Algorithms: A Review Divya saraswat 1, Dr. Pooja Tripathi 2 1 Cloud Security and Algorithms: A Review Divya saraswat 1, Dr. Pooja Tripathi 2 1 M.Tech Dept. of Computer Science, IPEC, Ghaziabad, U.P. 2 Professor, Dept. of Computer science, IPEC, Ghaziabad, U.P. Abstract:

More information

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption Partitioning Data and Domain Integrity Checking for Storage - Improving Cloud Storage Security Using Data Partitioning Technique Santosh Jogade *, Ravi Sharma, Prof. Rajani Kadam Department Of Computer

More information

To Provide Security & Integrity for Storage Services in Cloud Computing

To Provide Security & Integrity for Storage Services in Cloud Computing To Provide Security & Integrity for Storage Services in Cloud Computing 1 vinothlakshmi.s Assistant Professor, Dept of IT, Bharath Unversity, Chennai, TamilNadu, India ABSTRACT: we propose in this paper

More information

2695 P a g e. IV Semester M.Tech (DCN) SJCIT Chickballapur Karnataka India

2695 P a g e. IV Semester M.Tech (DCN) SJCIT Chickballapur Karnataka India Integrity Preservation and Privacy Protection for Digital Medical Images M.Krishna Rani Dr.S.Bhargavi IV Semester M.Tech (DCN) SJCIT Chickballapur Karnataka India Abstract- In medical treatments, the integrity

More information

Implementation of Privacy-Preserving Public Auditing and Secure Searchable Data Cloud Storage

Implementation of Privacy-Preserving Public Auditing and Secure Searchable Data Cloud Storage Implementation of Privacy-Preserving Public Auditing and Secure Searchable Data Cloud Storage 1 A. MsVaishali Patil, 2 B. Prof. Archana Lomte Dept of Computer,BSIOTR, Pune ABSTRACT Cloud computing is speculated

More information

Single Sign-On Secure Authentication Password Mechanism

Single Sign-On Secure Authentication Password Mechanism Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,

More information

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination

More information

Keywords Cloud Computing, CRC, RC4, RSA, Windows Microsoft Azure

Keywords Cloud Computing, CRC, RC4, RSA, Windows Microsoft Azure Volume 3, Issue 11, November 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Cloud Computing

More information

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC

MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC MESSAGE AUTHENTICATION IN AN IDENTITY-BASED ENCRYPTION SCHEME: 1-KEY-ENCRYPT-THEN-MAC by Brittanney Jaclyn Amento A Thesis Submitted to the Faculty of The Charles E. Schmidt College of Science in Partial

More information

ZQL. a cryptographic compiler for processing private data. George Danezis. Joint work with Cédric Fournet, Markulf Kohlweiss, Zhengqin Luo

ZQL. a cryptographic compiler for processing private data. George Danezis. Joint work with Cédric Fournet, Markulf Kohlweiss, Zhengqin Luo ZQL Work in progress a cryptographic compiler for processing private data George Danezis Joint work with Cédric Fournet, Markulf Kohlweiss, Zhengqin Luo Microsoft Research and Joint INRIA-MSR Centre Data

More information