Professional Documents
Culture Documents
Exam No:
CERTIFICATE
This is to certify that the seminar report entitled
A Secure Client Access to Encrypted Cloud Databases
Submitted by
DATTATRAY B. PAWAR
is a bonafide work carried out by him under the supervision of Prof. V. S. Gaikwad and
it is approved for the partial fulfillment of the requirement of Savitribai Phule University,
Pune. for the award of the degree of Master of Engineering (Computer Engineering)
Prof. V. S. Gaikwad
Internal Guide
External Examinar
Place:
Date:
ACKNOWLEDGEMENT
I hereby take this opportunity to express my heartfelt gratitude towards the people
whose help was very useful to complete my seminar work on the topic of A Secure
Client Access to Encrypted Cloud Databases . It is my privilege to express sincerest regards to my Dissertation Guide Prof. V. S. Gaikwad for his valuable inputs,
valuable guidance, encouragement, whole-hearted cooperation and constructive criticism
throughout the duration of my dissertation work.
I deeply express my sincere thank to our HOD Dr. Mrs. S. B. Sonkamble for
encouraging and allowing us to present the dissertation at our department premises for
the partial fulfilment of the requirements leading to the award of M.E. degree.
I am also thankful to our Director Dr. D. M. Yadav and the management. I
would also like to thank all the faculties who have cleared all the major concepts that
were involved in the understanding of the techniques behind my dissertation report. The
Dissertation Report is based on research work in Distributed ,concurrent and independent access to encrypted cloud databases . I am very much thankful to Author for such
a precious work.
DATTATRAY B. PAWAR
M.E.(Computer Engineering)
List of Tables
ii
List of Figures
iii
ABBREVIATIONS
iv
ABSTRACT
Data security and confidentiality are crucial factors while considering cloud databases.
Data originality and reliability imposes extra attention towards cloud databases and its
service provisioning. Putting critical data in the hands of a cloud provider should come
with the guarantee of security and availability for data at rest, in motion, and in use.
Several alternatives exist for storage services, while data confidentiality solutions for the
database as a service paradigm are still immature. The efficacy of the proposed architecture is evaluated through theoretical analyses and extensive experimental results based
on a prototype implementation subject to the TPC-C standard benchmark for different
numbers of clients and network latencies.
This is the first solution supporting geographically distributed clients to connect directly to an encrypted cloud database, and to execute concurrent. We propose a novel
architecture that integrates cloud database services with data confidentiality and the
possibility of executing concurrent operations on encrypted data cannot apply fully homomorphic encryption schemes because of their excessive computational complexity.
Keywords:Cloud security, encryption, confidentiality, SecureDBaaS, database.
Contents
Introduction
1.1 Dissertation prerequisite . . . . .
1.1.1 Cloud service models . . .
1.1.2 Cloud Deployment Models
1.1.3 Cloud Security Issues . . .
1.2 Objective . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Problem statement
2
3
3
4
5
6
7
3 Motivation
4 Literature Survey
5 Methodology
5.1 Design of framework . . . . . . . .
5.1.1 Cloud Database server . . .
5.1.2 Communication mechanism
5.2 Algorithms of Existing System . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
11
11
11
11
12
13
14
8 Implementation
15
16
10 Conclusion
17
Chapter 1
INTRODUCTION
a cloud DBaaS. Other proposals (e.g., [6], [7], [8]) based on intermediate server(s) were
considered impracticable for a cloud-based solution because any proxy represents a single
point of failure and a system bottleneck that limits the main benefits (e.g., scalability,
availability, and elasticity) of a database service deployed on a cloud platform. Unlike
SecureDBaaS, architectures relying on a trusted intermediate proxy do not support the
most typical cloud scenario where geographically dispersed clients can concurrently issue
read/write operations and data structure modifications to a cloud database. A large set
of experiments based on real cloud platforms demonstrate that SecureDBaaS is immediately applicable to any DBMS because it requires no modification to the cloud database
services.
Other studies where the proposed architecture is subject to the TPC-C standard
benchmark for different numbers of clients and network latencies show that the performance of concurrent read and write operations not modifying the SecureDBaaS database
structure is comparable to that of unencrypted cloud database. Workloads including
modifications to the database structure are also supported by SecureDBaaS, but at the
price of overheads that seem acceptable to achieve the desired level of data confidentiality. The motivation of these results is that network latencies, which are typical of cloud
scenarios, tend to mask the performance costs of data encryption on response time. The
overall conclusions of this paper are important because for the first time they demonstrate the applicability of encryption to cloud database services in terms of feasibility and
performance.
1.1
1.1.1
Dissertation prerequisite
Cloud service models
Cloud service models achieved a major space in cloud computing area. The service model helps to dictates an organizations scope and control with its computational
resources, and characterizes a level service for its use.
SaaS
Software as a Service is a service delivery model providing applications and computational resources for use on demand by the service user. Purpose of this model is to reduce
the total development cost, including maintenance, and operations. Security is responsibility of cloud provider. The cloud consumer isnt involved in control and management of
cloud infrastructure or personal applications, except for priority selections and very less
administrative application settings.[3]
Paas
Platform as a Service is a service delivery model that provides the computing platform
and applications can be developed and deployed on it. Motivation behind this model is
to minimize cost, complexity of purchasing, hosting, and managing platform, including
programs and databases. The development culture is typically provided by cloud provider
and supplemented to the design and architecture of its platform[3].
IaaS
Infrastructure as a Service is a service delivery model services basic computing infrastructure including servers, software, and network equipment provided on-demand service.
Platform for developing and executing applications can be established on it. Main motto
is to avoid purchasing, and management of software and infrastructure components, and
instead get such resources as virtualized objects controllable via a service interface. The
cloud user has great freedom for the choice of operating system and development environment to be used. Security is sole responsibility of cloud consumer.[3]
DBaaS
Database as a Service (DBaaS) potentially will be the next big era in IT. It is a
service that is hosted by a cloud operator (public or private) and includes applications,
where the application team doesnt have any responsibility for old database administration. With a DBaaS, the application developers need not to be expertise in database,
and there is no need to hire a database administrator (DBA) to operate and maintain
the database.[6] The recent market analysis from 451 research projects shows stunning
86 percent. progressive annul growth rate, with revenues from DBaaS providers rising
from 150 million dollar in 2012 to 1.8 billion dollar by 2016.[1] DBaaS is gaining popularity because it eases businesses to setup new databases quickly with high security and
at very minimal cost . Database as a Service (DBaaS) offers organizations speed up
deployment, elasticity, fair consolidation efficiency, higher availability, and minimal cost
and complexity.[2],[4] Following facts shows why DBaaS will hit the upcoming IT market.
1.DBaaS reduces database straggle.
2.Supports ease provision.
3.Enhance high Security and minimal complexity
1.1.2
1.1.3
1.2
Objective
Chapter 2
PROBLEM STATEMENT
The throughput for increasing numbers of concurrent clients in contexts characterized by modifications of the database structure are supported, but at the price of high
computational costs. Existing encryption techniques imposes high time complexity over
the cloud which causes performance degradation.
Chapter 3
MOTIVATION
Chapter 4
LITERATURE SURVEY
Chapter 5
METHODOLOGY
5.1
Design of framework
This framework is the prime step towards achieving the goals of the cloud infrastructure.
In this section, the details of the proposed framework are highlighted and in the sections
below describe the components and their implementations.
Figure presents the architecture of the proposed framework. The service component
including the run-time server represents the application layer where services are deployed
using a Web Service container.
5.1.1
This section describes the database server component, which is located at the Cloud
infrastructure resource level. We first explain its design and later present the implementation details
5.1.2
Communication mechanism
11
5.2
Algorithm 1
Input: Request for cloud database.
Output: Secure cloud database access to user.
Begin
1. Tenant wants to store and process remotely.
2. Tenant sends request to CSP
3. Authenticates tenant
4. If(n=1)
5. Access to database
6. Else
7. Response with no access
8. CSP sends cloud decrypted data and metadata and encrypted tables.
9. Tenant operates on remote data.
10. Metadata updated before tenant exit the system.
End
Chapter 6
EXISTING SYSTEM WITH MATHEMATICAL
MODEL
13
Chapter 7
PROPOSED SYSTEM WITH MATHEMATICAL
MODEL
14
Chapter 8
IMPLEMENTATION
15
Chapter 9
DATA TABLE AND DISCUSSION
16
Chapter 10
CONCLUSION
17
Bibliography
[1] Cheng-Kang Chu, Sherman S. M. Chow, Wen-Guey Tzeng, Jianying Zhou, and
Robert H. Deng Key-Aggregate Cryptosystem for Scalable Data Sharing in Cloud
Storage IEEE Transactions on Parallel and Distributed Systems. Volume: 25, Issue:
2. Year :2014
[2] S. G. Akl and P. D. Taylor, Cryptographic Solution to a Problem of Access Control
in a Hierarchy, ACM Transactions on Computer Systems (TOCS), vol. 1, no. 3, pp.
239248, 1983.
[3] G. C. Chick and S. E. Tavares, Flexible Access Control with Master Keys, in Proceedings of Advances in Cryptology CRYPTO 89, ser. LNCS, vol. 435. Springer,
1989, pp. 316322.
[4] W.-G. Tzeng, A Time-Bound Cryptographic Key Assignment Scheme for Access
Control in a Hierarchy, IEEE Transactions on Knowledge and Data Engineering
(TKDE), vol. 14, no. 1, pp. 182188, 2002.
[5] G. Ateniese, A. D. Santis, A. L. Ferrara, and B. Masucci, Provably-Secure TimeBound Hierarchical Key Assignment Schemes, J. Cryptology, vol. 25, no. 2, pp.
243270, 2012.
[6] R. S. Sandhu, Cryptographic Implementation of a Tree Hierarchy for Access Control,
Information Processing Letters, vol. 27, no. 2, pp. 9598, 1988.
[7] Y. Sun and K. J. R. Liu, Scalable Hierarchical Access Control in Secure Group Communications, in Proceedings of the 23th IEEE International Conference on Computer
Communications (INFOCOM04). IEEE, 2004.
[8] Q. Zhang and Y. Wang, A Centralized Key Management Scheme for Hierarchical Access Control, in Proceedings of IEEE Global Telecommunications Conference
(GLOBECOM 04). IEEE, 2004, pp. 20672071
[9] G. 9. M. J. Atallah, M. Blanton, N. Fazio, and K. B. Frikken, Dynamic and Efficient
Key Management for Access Hierarchies, ACM Transactions on Information and
System Security (TISSEC), vol. 12,no. 3, 2009.
[10] 10. J. Benaloh, M. Chase, E. Horvitz, and K. Lauter, Patient Controlled Encryption:
Ensuring Privacy of Electronic Medical Records, in Proceedings of ACM Workshop
on Cloud Computing Security (CCSW 09). ACM, 2009, pp. 103114.
18
[11] 11. F. Guo, Y. Mu, and Z. Chen, Identity-Based Encryption: How to Decrypt Multiple Ciphertexts Using a Single Decryption Key, in Proceedings of Pairing-Based
Cryptography (Pairing 07), ser. LNCS, vol. 4575. Springer, 2007, pp. 392406.
[12] 12. V. Goyal, O. Pandey, A. Sahai, and B. Waters, Attribute-Based Encryption for
Fine-Grained Access Control of Encrypted data,in Proceedings of the 13th ACM
Conference on Computer and Communications Security (CCS 06). ACM, 2006, pp.
8998.