Showing papers on "Database encryption published in 2014"

Querying encrypted data

Abstract: Data security is a serious concern when we migrate data to a cloud DBMS. Database encryption, where sensitive columns are encrypted before they are stored in the cloud, has been proposed as a mechanism to address such data security concerns. The intuitive expectation is that an adversary cannot "learn" anything about the encrypted columns, since she does not have access to the encryption key. However, query processing becomes a challenge since it needs to "look inside" the data. This tutorial explores the space of designs studied in prior work on processing queries over encrypted data. We cover approaches based on both classic client-server and involving the use of a trusted hardware module where data can be securely decrypted. We discuss the privacy challenges that arise in both approaches and how they may be addressed. Briefly, supporting the full complexity of a modern DBMS including complex queries, transactions and stored procedures leads to significant challenges that we survey and open problems which we highlight.

Scalable Architecture for Multi-User Encrypted SQL Operations on Cloud Database Services

Abstract: The success of the cloud database paradigm is strictly related to strong guarantees in terms of service availability, scalability and security, but also of data confidentiality Any cloud provider assures the security and availability of its platform, while the implementation of scalable solutions to guarantee confidentiality of the information stored in cloud databases is an open problem left to the tenant Existing solutions address some preliminary issues through SQL operations on encrypted data We propose the first complete architecture that combines data encryption, key management, authentication and authorization solutions, and that addresses the issues related to typical threat scenarios for cloud database services Formal models describe the proposed solutions for enforcing access control and for guaranteeing confidentiality of data and metadata Experimental evaluations based on standard benchmarks and real Internet scenarios show that the proposed architecture satisfies also scalability and performance requirements

Randomly Partitioned Encryption for Cloud Databases

Abstract: With the current advances in Cloud Computing, outsourcing data has never been so tempting. Along with outsourcing a database comes the privacy versus performance discussion. Order-Preserving Encryption OPE is one of the most attractive techniques for database encryption since it allows to execute range and rank queries efficiently without decrypting the data. On the other hand, people are reluctant to use OPE-based techniques in practice because of their vulnerability against adversaries with knowledge of the domain, its frequency distribution and query logs. This paper formally defines three real world driven attacks, called Domain Attack, Frequency Attack and Query Log Attack, typically launched by an honest-but-curious database or systems administrator. We also introduce measures to capture the probability distribution of the adversary's advantage under each attacker model. Most importantly, we present a novel technique called Randomly Partitioned Encryption RPE to minimize the adversary's advantage. Finally, we show that RPE not only withstands real world database adversaries, but also shows good performance that is close to state-of-art OPE schemes for both, read- and write-intensive workloads.

An anonymous voting system based on homomorphic encryption

Abstract: In this paper we present an electronic voting system based on Homomorphic encryption to ensure anonymity, privacy, and reliability in the voting. Homomorphic encryption is a subset of privacy homomorphism. It is capable of computing the encrypted data directly and also encrypting the result of the operation automatically. For this reason it has a wide range of applications including secure multi-party computation, database encryption, electronic voting, etc. In this paper, we make use of the homomorphic encryption mechanism to design and implement an electronic voting system that supports the separation of privileges among voters, tellers, and announcers. Our experimental results show the system not only ensures anonymity in voting but also presents cheating during the counting process.

A Two-Factor Authentication System with QR Codes for Web and Mobile Applications

Abstract: The use of QR code-based technologies and applications has become prevalent in recent years where QR codes are accepted to be a practical and intriguing data representation / processing mechanism amongst worldwide users. The aim of this study is to design and implement an alternative two-factor identity authentication system by using QR codes and to make the relevant mechanism and process that could be more user-friendly and practical than one-time password mechanisms used with similar purposes today. The proposed model in this project has been designed in order to enable the verification and validation steps with several security and networking options during the logon process. The model has been implemented by developing a two-factor identity verification system where the second factor is the user's smart / mobile phone device and a pseudo-randomly generated alphanumerical QR code which is used as the one-time password token sent to the user via e-mail or MMS. The proposed model has been developed using C#, asp.net and jQuery languages with symmetrical and asymmetrical cryptography standards for database encryption / hashing and network infrastructure and it has been tested as a prototype where promising results are observed regarding the efficiency, speed and security requirements for today's on-line financial services and similar e-commerce systems.

Two layered protection for sensitive data in cloud

Abstract: Security and privacy are the biggest obstacles in Database as a service (DBaaS) of Cloud Computing. In DbaaS, cloud service providers provide services for storing customers data. As the data are managed by an un-trusted server, the service is not fully trustworthy. The data at the third party data center can be made secure by encrypting the database. But querying the encrypted database is not easy. The result can be obtained from the encrypted database either by decrypting the database for every query or the query itself is encrypted and encrypted query is executed over encrypted database. Another problem associated with most of the database encryption algorithms is that they do not support range query. The proposed framework performs database encryption, query encryption and also supports range query over encrypted databases. This framework is focused on securing database as well as storing sensitive information without any leaks. A double layered encryption is used for sensitive data and a single layer encryption is used for non-sensitive data. Order Preserving Encryption (OPE) is used for single layer encryption. OPE maintains the order in encrypted database and so range query can be performed over encrypted database using encrypted query. OPE has a drawback of revealing information and so for sensitive data, a double layered encryption using Format Preserving Encryption (FPE) followed by OPE symmetric key encryption algorithm is proposed. Symmetric key is used for both OPE and FPE but key is divided into two parts for double encryption.

A spatial transformation scheme supporting data privacy and query integrity for security of outsourced databases

Abstract: Outsourcing database to a third-party data provider is becoming a common practice for data owners to avoid the cost of managing and maintaining the database. Meanwhile, because of the popularity of location-based services, the need for spatial data is increasing dramatically. However, the most important challenge in database outsourcing is how to meet privacy requirements and guarantee the integrity of the query result as well. Unfortunately, most of the existing techniques support either data privacy or integrity on spatial databases. To carry on both privacy and integrity for outsourced spatial data, we propose a spatial transformation scheme that makes use of shearing transformation with rotation shifting. We describe attack models measuring the data privacy of our transformation scheme. Finally, our extensive experiments have demonstrated that our scheme has adequate strength for data privacy by showing outstanding performance against different kinds of attack models and efficiently handles the query integrity of the query result sets. Copyright © 2013 John Wiley & Sons, Ltd.

A New Randomized Order Preserving Encryption Scheme

Abstract: Order Preserving Encryption (OPE) schemes have been examined to a great extent in the cryptography literature because of their prospective application to database design. OPE is an appealing method for database encryption as it permits to execute sort and range queries in an efficient manner without decrypting the data. Databases such as CryptDB are beginning to employ encryption to guard sensitive data. No existing OPE schemes that were proposed in the literature achieved IND-OCPA security except mutable Order-Preserving Encoding (mOPE) scheme, the first OPE scheme that satisfies IND-OCPA with respect to OPE encodings. However, mOPE scheme uses DET (deterministic encryption) to encrypt the plaintext values which leads to leakage of distribution of plaintext domain. This paper proposes a scheme called as Randomized Order Preserving Encryption (ROPE), a novel OPE scheme that leaks nothing beyond the order. ROPE follows the mOPE scheme by contributing randomness to it, so as to accomplish INDOCPA security. The ROPE scheme implements insert, delete and query functions on an encrypted MySQL database. ROPE scheme permits various SQL queries to be employed instantly on encrypted data.The performance of ROPE scheme is compared with the existing DOPE scheme and observed that there is a query retrieval time overhead. Still, ROPE scheme renders more confidentiality and attains the IND-OCPA security for OPE when compared to the existing OPE schemes. General Terms Security, Algorithms

Sensitive Data Protection of DBaaS Using OPE and FPE

Abstract: DBaaS (Database as a Service) is a service provided and managed by the cloud provider and supports traditional database functionalities. The DBaaS use multi-tenant architecture to support multiple customers. The biggest problem concerned with DBaaS is the privacy and security of the data contained in the database stored in the cloud environment. The database is stored in a third party data center and it is assumed to be as untrusted. The database is therefore encrypted in order to prevent any data leaks on the third party data center. The result of any query to the database is decrypted at the service provider site before it is sent to the user. The above mentioned solution have two disadvantages. Firstly, the encryption and decryption are done at the server side and hence the cloud owner can extract information from the database. Secondly, the encryption of database does not support range queries on the database. The proposed framework focuses on securing database by supporting range queries and storing sensitive information with protection of memory leak. It performs database encryption, query encryption and also supports range query over encrypted databases. A double layered encryption mechanism is used for sensitive data and a single layer encryption is used for non-sensitive data. Order Preserving Encryption (OPE) is used for single layer encryption. OPE maintains the order in an encrypted database and so range query can be performed over encrypted database using an encrypted query. The drawback associated with OPE is the attacker can guess the value based on the ordering of data and so for sensitive attributes in the database, a double layered encryption using Format Preserving Encryption (FPE) followed by OPE symmetric key encryption algorithm is proposed.

The Research on Cloud Platform Considered Privacy Household Load Data Processing

Abstract: To solve the problems such as randomness user behavior, effective privacy protection and massive data processing shortage, this paper has proposed a household load data processing method with privacy protection, combined data mining and cloud computing. First, it gave the platform architecture and individual protection model. Then, it proposed Mask-k_means database encryption method, algorithm parallelization was implemented by MapReduce. Finally, this paper varied the method was and implemented household load data processing based on statistics and real-measured data respectively. One conclusion is that feasibility of cluster analysis for multi-user was low, while single-user load analysis is high. The other is that this method is simple and practical. This can provide a new way to household load big data under smart electricity consuming.

Towards an augmented authenticator in the Cloud

Abstract: Many times in the past, critical infrastructures like e-health and e-government services have become a target of cyber-attacks resulting to manipulation of sensitive information. Meanwhile, there are several approaches applying security and privacy protection measures on cloud-based databases. Simultaneously, many steganographic algorithms have been proposed for achieving security on Cloud Infrastructures. This paper proposes a practical method for applying steganography in an one-time authenticator tool for Cloud-based databases in a healthcare scenario. The proposed method takes into account the architecture of the database server in the cloud and employs an authenticator tool that encrypts the database encryption key and embeds it into the stego-cover. We have tested our approach on a cloud-based database in order to evaluate the overhead introduced and facilitate a threat scenario for testing the security level. Results have revealed that the use of various text and WAV files did not introduce significant overhead. Depending on the file size the introduced delay was between 1 to 3 seconds.

Secure banking using qr code

Abstract: It describes implementation details of online banking identity structure. Security is an important concern for online banking application which can be implemented by various internet technologies. While executing online banking perturb, reliable data transfer need can be fulfilled by using https data transfer and database encryption techniques for secure storage of sensitive information. To eliminate threat of phishing and to confirm user identity we are going to use concept of QR-code with android feature. QR-code which would be inspect by user ambulatory tool which overcome the weakness of traditional password based system. We improve more security by using one time password (OTP) which hides inside QRcode.

Apparatus and method for database encryption

Abstract: Disclosed are an apparatus and a method for encoding a DB through data manipulation language (DML) encoding and decoding of a DB network protocol. The apparatus includes: a memory where at least one program is loaded; and at least one processor. The at least one processor processes the steps of: extracting a DML part from a network protocol between a client server and a database management server (DBMS) under the control of the program; and encoding or decoding the DML part according to a type of the DML part.

Design of Campus Network Database Access Based on Encryption

Abstract: Database is the core part of university digital campus platform. Database encryption is an effective method to guarantee the security of data. The paper analyze the structure design of database security model, and study the design of mode function, key features and further implementation model. The system is suitable for security protection for network database management, and has a certain degree of universality, portability and security.

Querying Encrypted Data (Tutorial)

Abstract: Data security is a serious concern when we migrate data to a cloud DBMS. Database encryption, where sensitive columns are encrypted before they are stored in the cloud, has been proposed as a mechanism to address such data security concerns. The intuitive expectation is that an adversary cannot “learn” anything about the encrypted columns, since she does not have access to the encryption key. However, query processing becomes a challenge since it needs to “look inside” the data. This tutorial explores the space of designs studied in prior work on processing queries over encrypted data. We cover approaches based on both classic client-server and involving the use of a trusted hardware module where data can be securely decrypted. We discuss the security challenges that arise in both approaches and how they may be addressed. Briefly, supporting the full complexity of a modern DBMS including complex queries, transactions and stored procedures leads to significant challenges that we survey.

Privacy Issues and Protection in Secure Data Outsourcing

Abstract: Utilizing database encryption to safeguard data in several conditions where access control is not sufficient is unavoidable. Database encryption offers an extra layer of security to traditional access control methods. It stops users that are unauthorized, such as hackers breaking into a system, and observing private data. Consequently, data is safe even when the database is stolen or attacked. Nevertheless, the process of data decryption and encryption causes degradation in the database performance. In conditions where the entire information is kept in an encrypted format, it is not possible to choose the database content any longer. The data must be first decrypted, and as such, the unwilling and forced tradeoff occurs between the function and the security. The suitable methods to improve the function are techniques that directly deal with the data that is encrypted without having to decrypt them first. In this study, we determined privacy protection and issues that each organization should consider when it decides to outsource own data.

A Proposed Algorithm for Database Encryption and Decryption

Abstract: As the Computer System becomes popular for storing personal and precious data, need of data security goes its peak. For transmitting confidential information over the network, security is required so that it could not be accessed by illegitimate user. The database contains large amount of data that need to be secure. Cryptographic algorithms provide a way to secure data against the unauthorized access. Encryption is the process of encoding data so that its meaning is not obvious, decryption is reverse process that transform an encrypted massage back into original form. Encryption in database system is an important aspect for research, as efficient and secure algorithms are needed that provide the ability to query over encrypted database and allow optimized encryption and decryption of data. In this paper we observe an algorithm which encrypt and decrypt database over query fire quickly. This proposed algorithm will be simple and fast enough for most application which limits to the time and cost of encryption and decryption.

Database Encryption Using Fuzzy Chaotic

Abstract: Database encryption is a fundamental technique in the security mechanisms of database that is characterized by both the fast speed of the conventional encryption and the convenience of key distribution of public key encryption. There are two problems with traditional database encryption schemes. They show tradeoff between efficiency and security. Furthermore, these schemes can't solve the problem of storing multi-level encrypted elements into database besides having no ability for effective key management. In this paper, a new paradigm for database encryption is proposed in which database encryption can be provided as a service to applications with seamless access to encrypted database. The proposed system utilizes a chaotic encryption method based on cellular automata to realize higher complexity of crypt-analytical attacks. Cellular Automata rules are defined based on chaos mapping to generate a symmetric key. Furthermore, a fuzzy observer based scheme for synchronizing chaotic keys of encrypted signal is employed to enhance key distribution. The suggested system have some advantages such as confusion, diffusion, very large number of passwords helped in building of symmetric private key, key-dependent mapping and increasing system complexity with the impact of indefinite rules and chaos mapping. Simulation results obtained from some database demonstrate the strong performance of the proposed encryption system.

An Efficient-keyword-searching Technique over Encrypted data on Smartphone Database

Abstract: We are using our smartphone for our business as well as ours li ves. Thus, user’s privacy data and a company secret are stored at smartphone. By the way, the saved data on smartphone database can be exposed to a malicous attacker when a malicous app is installed in the smartphone or a user lose his/her smartphone because all data are stored as form of plaintext in the database. To prevent this disclosure of personal information, we need a database encryption method. However, if a database is encrypted, it causes of declining the performance. For example, when we search specific data in condition with encrypted database, we should decrypt all data stored in the da tabase or search sequentially the data we want with accompanying overhead[1].In this paper, we propose an efficient and searchable encryptio n method using variable length bloom filter under limited resource circumstances(e.g., a smartphone). We compare with exi sting searchable symmetric encryption. Also, we implemented the proposed method in android smartphone and evaluated the per formance the proposed method. As a result through the implementation, We can confirm that our method has over a 50% i mprovement in the search speed compared to the simple search method about encrypted database and has over a 70% space saving compared to the method of fixed length bloom filter with the same false positive rate.Keywords: Searchable Encryption, Bloom filter, Smartphone

Using bitmaps for executing range queries in encrypted databases

Abstract: Privacy of data stored at un-trusted servers is an important problem of today. A solution to this problem can be achieved by encrypting the outsourced data, but simple encryption does not allow efficient query processing. In this paper we propose a novel scheme for encrypting relational databases so that range queries can be efficiently executed on the encrypted data. We formally define the syntax and security of the problem and specify a scheme called ESRQ1. ESRQ1 uses a deterministic encryption scheme along with bitmap indices to encrypt a relational database. We provide details of the functionality of ESRQ1 and prove its security in the specified model.