• DocumentCode
    3571142
  • Title

    Sensitive Data Protection of DBaaS Using OPE and FPE

  • Author

    Hingwe, Kamlesh Kumar ; Bhanu, S. Mary Saira

  • Author_Institution
    Dept. of Comput. Sci. & Eng., Nat. Inst. of Technol., Tiruchirappalli, India
  • fYear
    2014
  • Firstpage
    320
  • Lastpage
    327
  • Abstract
    DBaaS (Database as a Service) is a service provided and managed by the cloud provider and supports traditional database functionalities. The DBaaS use multi-tenant architecture to support multiple customers. The biggest problem concerned with DBaaS is the privacy and security of the data contained in the database stored in the cloud environment. The database is stored in a third party data center and it is assumed to be as untrusted. The database is therefore encrypted in order to prevent any data leaks on the third party data center. The result of any query to the database is decrypted at the service provider site before it is sent to the user. The above mentioned solution have two disadvantages. Firstly, the encryption and decryption are done at the server side and hence the cloud owner can extract information from the database. Secondly, the encryption of database does not support range queries on the database. The proposed framework focuses on securing database by supporting range queries and storing sensitive information with protection of memory leak. It performs database encryption, query encryption and also supports range query over encrypted databases. A double layered encryption mechanism is used for sensitive data and a single layer encryption is used for non-sensitive data. Order Preserving Encryption (OPE) is used for single layer encryption. OPE maintains the order in an encrypted database and so range query can be performed over encrypted database using an encrypted query. The drawback associated with OPE is the attacker can guess the value based on the ordering of data and so for sensitive attributes in the database, a double layered encryption using Format Preserving Encryption (FPE) followed by OPE symmetric key encryption algorithm is proposed.
  • Keywords
    cloud computing; cryptography; data privacy; database management systems; query processing; DBaaS; FPE; OPE; cloud provider; data privacy; data security; database encryption; database functionality; database-as-a-service; decryption; format preserving encryption; information extraction; order preserving encryption; query encryption; range query; sensitive data protection; third party data center; Cloud computing; Databases; Encryption; Servers; Virtual machining; Database as a Service; FPE; OPE; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Emerging Applications of Information Technology (EAIT), 2014 Fourth International Conference of
  • Type

    conf

  • DOI
    10.1109/EAIT.2014.22
  • Filename
    7052066