Distributed, Concurrent, and Independent Access to Encrypted Cloud Databases

(1)

International Journal of Electrical, Electronics and Computer Systems (IJEECS)

________________________________________________________________________________________________

ISSN (Online): 2347-2820, Volume -3, Issue-11 2015 101

Distributed, Concurrent, and Independent Access to Encrypted Cloud Databases

1H.M.Sasyasree, ²Radha Rani MRECW

Abstract: Placing critical data in the hands of a cloud provider should come with the guarantee of security and availability for data at rest, in motion, and in use. Several alternatives exist for storage services, while data confidentiality solutions for the database as a service paradigm are still immature. We propose a novel architecture that integrates cloud database services with data confidentiality and the possibility of executing concurrent operations on encrypted data. This is the first solution supporting geographically distributed clients to connect directly to an encrypted cloud database, and to execute concurrent and independent operations including those modifying the database structure. The proposed architecture has the further advantage of eliminating intermediate proxies that limit the elasticity, availability, and scalability properties that are intrinsic in cloud- based solutions. The efficacy of the proposed architecture is evaluated through theoreticalanalyses and extensive experimental results based on a prototype implementation subject to the TPC-C standard benchmark for different numbers of clients and network latencies.

EXISTING SYSTEM:

Original plain data must be accessible

only by trusted parties that do not include cloud providers, intermediaries, and Internet; in any untrusted context, data must be encrypted. Satisfying these goals has different levels of complexity depending on the type of cloud service. There are several solutions ensuring confidentiality for the storage as a service paradigm, while guaranteeing confidentiality in the database as a service (DBaaS) paradigm is still an open research area..

PROPOSED SYSTEM:

 We propose a novel architecture that integrates cloud database services with data confidentiality and the possibility of executing concurrent operations on encrypted data.

 This is the first solution supporting geographically distributed clients to connect directly to an encrypted cloud database, and to execute concurrent and independent operations including those modifying the database structure.

 The proposed architecture has the further advantage of eliminating intermediate proxies that limit

the elasticity, availability, and scalability properties that are intrinsic in cloud-based solutions.

 Secure DBaaS provides several original features that differentiate it from previous work in the field of security for remote database services.

ADVANTAGES OF PROPOSED SYSTEM:

 The proposed architecture does not require modifications to the cloud database, and it is immediately applicable to existing cloud DBaaS, such as the experimented PostgreSQL Plus Cloud Database, Windows Azure and Xeround .

 There are no theoretical and practical limits to extend our solution to other platforms and to include new encryption algorithm.

 It guarantees data confidentiality by allowing a cloud database server to execute concurrent SQL operations (not only read/write, but also modifications to the database structure) over encrypted data.

 It provides the same availability, elasticity, and scalability of the original cloud DBaaS because it does not require any intermediate server.

SYSTEM ARCHITECTURE:

RELATED WORK

We tested our method on two real world data sets – the backbone networks of Stanford University and

(2)

________________________________________________________________________________________________

Internet2,representing an enterprise network and a nationwide ISP. The results are encouraging: thanks to the structure of real world rule sets, the number of test packets needed is surprisingly small. For the Stanford network with over 757,000rules and more than 100 VLANs, we only need 4,000 packets to exercise all forwarding rules and ACLs. On Internet2,35,000 packets suffice to exercise all IPv4 forwarding rules.Put another way, we can check every rule in every router on the Stanford backbone ten times every second, by sending test packets that consume less than 1% of network bandwidth.

The link cover for Stanford is even smaller, around50 packets which allows proactive liveness testing every msecusing 1% of network bandwidth. The main contributions of our work are: (1) A survey of network operators revealing common network failures and their root cause (2) the test packet generation algorithm (Section 4.1), (3) A fault localization algorithm to analyze results and isolate the faulty device and rule (Section 4.2), (4) use cases of ATPG framework for functional and performance

LITERATURE SURVEY:

In the database world, the enterprise data management world, ―Big Data‖ problems arose when enterprises identified a need to create data warehouses to house their historical business data and to run large relational queries over that data for business analysis and reporting purposes. Storage and efficient analysis of such data on

―database machines‖ that could be dedicated to such purposes. Early database machine recommendations involved a mix of novel hardware architectures and designs for prehistoric parallel query processing techniques. Within a few years it became clear that neither brute force scan-based parallelism nor proprietary hardware would become sensible substitutes for good software data structures and algorithms. This realization led to the first generation of software-based parallel databases based on the architecture now commonly referred to as ―shared-nothing‖. The architecture of a sharednothing parallel database system, as the name implies, is based on the use of a networked cluster of Individual machines each with their own private processors, main memories, and disks. All inter- machine coordination and data communication is accomplished via message passing. These systems exploited the declarative, set-oriented nature of relational query languages and pioneered the use of divideand-conquer parallelism based on hashing in order to partition data for storage as well as relational operator execution for query processing. A distributed anonymization protocol that allows multiple data providers with horizontally partitioned databases to build a virtual anonymize database based on the integration (or union) of the data. As the output of the protocol, each database produces a local anonymize dataset and their union forms a virtual database that is guaranteed to be anonymous based on an anonymization guideline. The convention uses secure multi-party

computation protocols for sub-operations such that information disclosure between individual databases is minimal during the virtual database construction. Lsite- diversity, to ensure anonymity of data providers in addition to that of data subjects for anonymize data. We present heuristics and adapt existing anonymization algorithms for l − site – diversity so that anonymize data achieve better utility. There are some works focused on data anonymization of distributed databases. presented a two-party framework along with an application that generates kanonymous data from two vertically partitioned sources without disclosing data from one site to the other. Proposed provably private solutions for k- anonymization in the distributed scenario by maintaining end-to-end privacy from the original customer data to the final k-anonymous results.

designing SMC protocols for anonymization that builds virtual anonymize database and query processing that assembles question results. Our disseminated anonymization methodology uses existing secure SMC protocols for subroutines such as computing sum, the k- th element and set union. The protocol is carefully designed so that the intermediate information disclosure is minimal. Existing security management and information security life-cycle models significantly change when enterprises adopt distributed computing.

Specifically, imparted administration can get to be a significant issue if not legitimately tended to. Regardless of the potential advantages of utilizing clouds, it might mean less coordination among different communities of interest within client organizations. Dependence on external entities can also raise fears about timely responses to security incidents and implementing systematic business continuity and disaster recovery plans. Similarly, risk and cost-benefit issues will need to involve external parties. Customers consequently need to consider newer risks introduced by a perimeter-less environment, such as data leakage within multi-tenant clouds and resiliency issues such as their provider’s economic instability and local disasters. Similarly, the possibility of an insider threat is significantly extended when outsourcing data and processes to clouds. Within multitenant environments, one tenant could be a highly targeted attack victim, which could significantly affect the other tenants. Existing life-cycle models, risk analysis and management processes, penetration testing, and service attestation must be reevaluated to ensure that clients can enjoy the potential benefits of clouds. The information security area has faced significant problems in establishing appropriate security metrics for consistent and realistic measurements that help risk assessment. We must reevaluate best practices and develop standards to ensure the deployment and adoption of secure clouds. These issues necessitate a well-structured cyber insurance industry, but the global nature of cloud computing makes this prospect extremely complex. Data in the cloud typically resides in a shared environment, but the data owner should have full control over who has the right to use the data and what they are allowed to do with it once they gain

(3)

________________________________________________________________________________________________

access. To provide this data control in the cloud, a standard based heterogeneous data-centric security approach is an essential element that shifts data protection from systems and applications. In this approach, documents must be self-describing and defending regardless of their environments.

Cryptographic approaches and usage policy rules must be considered. When someone wants to access data, the system should check its policy rules and reveal it only if the policies are satisfied. Existing cryptographic techniques can be utilized for data security, but privacy protection and outsourced computation need significant attention—both are relatively new research directions.Data provenance issues have just begun to be addressed in the literature. In some cases, information related to a particular hardware component (storage, processing, or communication) must be associated with a piece of data. Although security and privacy services in the cloud can be fine-tuned and managed by experienced groups that can potentially provide efficient security management and threat assessment services, the issues we’ve discussed here show that existing security and privacy solutions must be critically reevaluated with regard to their appropriateness for clouds. Many enhancements in existing solutions as well as more mature and newer solutions are urgently needed to ensure that cloud computing benefits are fully realized as its adoption accelerate.

ACKNOWLEDGEMENT:

Luca Ferretti, Michele Colajanni, and Mirco Marchetti,

―Distributed, Concurrent, and Independent Access to Encrypted Cloud Databases‖

REFERENCES:

[1] Homomorphic Encryption Using Ideal Lattices,‖

Proc. 41st Ann. ACM Symp. Theory of Computing, May 2009.

[2] R.A. Popa, C.M.S. Redfield, N. Zeldovich, and H. Balakrishnan, ―CryptDB: Protecting Confidentiality with Encrypted Query Processing,‖ Proc. 23rd ACM Symp. Operating Systems Principles, Oct. 2011.

[3] H. Hacigu¨mu¨ s¸, B. Iyer, C. Li, and S.

Mehrotra, ―Executing SQL over Encrypted Data in the Database-Service-Provider Model,‖ Proc.

ACM SIGMOD Int’l Conf. Management Data, June 2002.

[4] J. Li and E. Omiecinski, ―Efficiency and Security Trade-Off in Supporting Range Queries on Encrypted Databases,‖ Proc. 19th Ann. IFIP WG 11.3 Working Conf. Data and Applications Security, Aug. 2005.

[5] E. Mykletun and G. Tsudik, ―Aggregation Queries in the Database-as-a-Service Model,‖

Proc. 20th Ann. IFIP WG 11.3 Working Conf.

Data and Applications Security, July/Aug. 2006.

[6] D. Agrawal, A.E. Abbadi, F. Emekci, and A.

Metwally, ―Database Management as a Service:

Challenges and Opportunities,‖ Proc. 25th IEEE Int’l Conf. Data Eng., Mar.-Apr. 2009.

[7] V. Ganapathy, D. Thomas, T. Feder, H. Garcia- Molina, and R. Motwani, ―Distributing Data for Secure Database Services,‖ Proc. Fourth ACM Int’l Workshop Privacy and Anonymity in the Information Soc., Mar. 2011. FERRETTI ET AL.: DISTRIBUTED, CONCURRENT, AND INDEPENDENT ACCESS TO ENCRYPTED CLOUD DATABASES 445 Fig. 9. TPC-C performance (latency equal to 40 ms). Fig. 10.

TPC-C performance (latency equal to 80 ms).

[8] A. Shamir, ―How to Share a Secret,‖ Comm. of the ACM, vol. 22, no. 11, pp. 612-613, 1979.

[9] M. Hadavi, E. Damiani, R. Jalili, S. Cimato, and Z. Ganjei, ―AS5: A Secure Searchable Secret Sharing Scheme for Privacy Preserving Database Outsourcing,‖ Proc. Fifth Int’l Workshop Autonomous and Spontaneous Security, Sept.

2013.

[10] ―Oracle Advanced Security,‖ Oracle Corporation, http://www.

oracle.com/technetwork/database/options/advanc ed-security, Apr. 2013.

[11] G. Cattaneo, L. Catuogno, A.D. Sorbo, and P.

Persiano, ―The Design and Implementation of a Transparent Cryptographic File System For Unix,‖ Proc. FREENIX Track: 2001 USENIX Ann. Technical Conf., Apr. 2001.

[12] E. Damiani, S.D.C. Vimercati, S. Jajodia, S.

