Attribute based secure query processing in cloud with privacy homomorphism

Đăng ngày 4/2/2019 3:56:54 PM | Thể loại: | Lần tải: 0 | Lần xem: 2 | Page: 7 | FileSize: 0.58 M | File type: PDF
Attribute based secure query processing in cloud with privacy homomorphism. A Privacy Homomorphism (PH) Technique is being used in the system to provide prominent security features to client. Here, PH emphasise to resolve the security of query processing from client side, cloud, with the kNN on R-tree index query and distance re-coding algorithm. PH technique support to leverage performance parameter in cloud computing.
International Journal of Computer Networks and Communications Security
VOL. 3, NO. 7, JULY 2015, 291–297
Available online at: www.ijcncs.org
E-ISSN 2308-9830 (Online) / ISSN 2410-0595 (Print)
Attribute Based Secure Query Processing in Cloud with Privacy
Homomorphism
Ms. RUPALI S.KHACHANE1 and Dr. PRADEEP K.DESHMUKH2
1, 2 Dept. of Computer Engineering, RajarshiShahu College of Engineering, Tathawde, Pune, India
Affiliated To SavitribaiPhule Pune University
E-mail: 1rupali.khachane@gmail.com, 2pkdeshmukh9@gmail.com
ABSTRACT
Different types of business organizations are benefitted due to convenient as well as secure working of
Cloud Computing and Data Outsourcing. A cloud, data owner and client are intrinsic part of the system.
Hence, secure query of users with privacy of data owners received a worldwide importance in modern days
cloud computing and data management. A research had been carried out by many people in cloud
computing and its security to preserve query processing data, privacy of data owners and its clients. A
Privacy Homomorphism (PH) Technique is being used in the system to provide prominent security features
to client. Here, PH emphasise to resolve the security of query processing from client side, cloud, with the k-
NN on R-tree index query and distance re-coding algorithm. PH technique support to leverage performance
parameter in cloud computing.
Keywords: Privacy Homomorphism, Encrypted data, Decryption Data, K-Nearest Neighbour, Cipher Text,
Plaintext, Cloud Security.
1
INTRODUCTION
In cloud computing, data owner use data and
querying services for outsourcing on the cloud data.
During this process, data is the separate and private
asset
of
the
data
owner,
hence
that
must
be
protected against cloud and querying client. Query
which
is
fired
by
the
client
may
disclose
the
sensitive details information of the client. Hence
should be protected in cloud and from data owners.
Therefore, one of the major problem in cloud
computing is to protect both, data privacy and
Fig. 1. General Model for query processing in Cloud
query privacy amongst the data owner, client, and
cloud –refer Figure 1.
Social networking is one of the aspiring sectors
facing such type of privacy problem [2]. Cloud
Computing is new platform to deploy, manage and
provide solution to various types of storage-
platform-problems, using internet-based
infrastructure. The services such as Goggle Docs,
Amazon EC2,Microsoft Azure, and Online file
storage etc. are the examples of cloud computing
which used widely by number of users worldwide..
It is really sensitive issue to upload our personal
data on the cloud because data privacy is a major
concern and faces major security problem.
Sensitive information has to be encrypted before
outsourcing, hence this creates an effective data
utilization services, ultimately a big challenging
task. One of the techniques of retrieval called
Symmetric Searchable Encryption (SSE) of
encrypted data on the cloud but still there is leakage
of data privacy. Secure server side ranking, which
is based on the order-preserving Encryption (OPE),
292
R. S.Khachane and P. K.deshmukh / International Journal of Computer Networks and Communications Security, 3 (7), July 2015
also
includes
the
similarity
relevance
and
(SMC) based protocols to construct a secure index
robustness [3].
traversal framework is proposed and used.
The rest of the paper is organized as follows.
To
solve
private
processing
of
more
specific
Section
II
reviews
existing
work
on
privacy-
queries, different techniques have been implem-
preserving query processing on outsourced data.
ented, e.g. public data column and private data
Section III formulates the problem and section VI
column are implemented by hashing in. But join by
describe the challenges, Section V overviews the
hashing is unable to retrieve other specific as well
secure processing framework, and introduces ASM-
as relevant data columns. Some time before a paper
PH, the privacy homomorphism used in this paper
published by researcher, proposes kNN queries by
followed by detailed discussions on the protocols
processing
private
&
remotely
using
homomor-
with a focus on distance-based queries. Section IX
phism encryption [2]. Theoretical protocols using
is explained the algorithms.
homomorphic encryption have been proposed to
process
private
document
search
by
specific
2
RELATED WORK
keywords in a line of documents .These protocols
are still too costly to use practically. They perform
We will review existing data privacy-preserving
outsourcing techniques for the purpose of query
processing. In a common model, non-trusted out-
sourcing servers, stores and manages data on behalf
of the data owners, who afterwards invites trusted
users to put their query data. The first category of
only approximated search. Finally, we are not
concerned to private query processing on outsour-
ced encrypted data; although our data bucketization
is inspired by the data bucketization idea in a work
from that area [9].Our approach may also apply to
protect query privacy in outsourced scenarios.
techniques is based on the generalization principle
to minimize the disclosure of precise information.
3
PROBLEM FORMULATION
For the privacy of the user and client data, vari-
ous types of general solutions in recently research
papers are deposited to showcase study on the data
privacy. In recently done research papers, the most
acceptable general solution is ‘encryption’. Encryp-
tion means data deposited with service provider
must be encrypted to avoid information leakage on
the cloud. Agrawal et al [4], it is proposed one of
the solutions so as to order preserving encryption
scheme (OPES) by which, indexes can be built
directly on cipher text. The various SQL statements
such as MAX, MIN, COUNT, GROUP BY and
ORDER BY can then be re-written and processed
over the encrypted data. But OPES does not support
SUM or AVG statements. In case of SUM and
AVG, original data must be decrypted first. In
private Information retrieval (PIR) for hiding a user
query completely and to provide strong privacy and
confidentiality, a query anonymisation usually used
ask-Anonymity [5] and its variants to mix the
user’s query with other noisy query data.
In a cloud computing model, three parties’ forms
most important part, i.e. a data owner, querying
client, and the cloud service provider (or simply the
cloud). A data owner owns a huge data set D, and
outsources its query processing service to the cloud.
The data set contains some proprietary and
sensitive attributes like a salary, date of birth,
social security number which needs to be protected
from the cloud and the querying clients. While on
the other hand, the client fires queries on the same
sensitive attributes to retrieve the identifiers of
qualified objects in D (data set). After the query
processing, these identifiers can be used to retrieve
non-sensitive contents like name, sexuality of these
objects. The query q needs to be protected against
both the data owner and the cloud. Hence, the
summarized statement may be given here is that
problem is to process queries on sensitive
attributes.
In [6], [7], user privacy and data
considered together. Yonghong
privacy is
Yu and
4
CHALLENGES
WenyangBai discussed how to enforce data privacy
and user privacy over outsourced database service.
In [8], [9] proposed one of the solution based on
secure traversal framework and privacy homo-
morphism based encryption scheme and secure
protocols for processing k-nearest-neighbour
queries (kNN) on R-tree index is given. In the
authors following work [7], an integrated indexing
technique with secure multiparty computation
In conventional query processing, current
framework of the system has limitation such as
computational limitation and communication
limitation. In case of computational limitations, in
each node traversal, there is a local distance
computation on the client side and a decryption and
recoding on the server side. As far as
communication limitations are concerned, in each
node traversal, both sides send and receive a set of
293
R. S.Khachane and P. K.deshmukh / International Journal of Computer Networks and Communications Security, 3 (7), July 2015
distances
for
the
node
entries.
There
are
also
different entities are involved: data owner, data user
several challenges regarding security and efficiency
and a storage server.
in this framework which are also clarified in next
sessions.
1)
The
core
of
this
framework
is
distance
access
which
comprises
local
distance
computation, decryption and recoding, and
client scrambling.
2)
Since
each
node
traversal
and
distance
access
incurs
both
computational
and
communication
limitations,
optimization
techniques
will
be
designed
to
prune
unnecessary distance computation and node
traversal.
Fig. 2. Scenario of search and retrieval over encrypted
data
3)
In case of security of data leakage, this
framework preserves both data and query
privacy, based on the security of ASM-PH.
Nonetheless, it admitted certain amount of
privacy loss in this framework, such as the
disclosure of index topology to the client.
The data owner has a collection of data files.
Data owners are encouraged to outsource their data
from local systems to global space for great
flexibility. For protecting data files, they are
encrypted before uploading into such global space.
Thus enabling search and retrieval over such
encrypted data is of paramount importance. The
5
OVERVIEW OF PRIVACY
HOMOMORPHISM: DESIGN
data owner has a collection of n files say, C = {f1,
f2 ,...fn } which may be of extension .txt, .doc and
.pdf. For protecting the file from the unauthorized
person we need to apply different types of privacy
In this section, processing distance-based over a
homomorphism algorithms [7].
multidimensional can be treated as traversal on the
tree nodes. It can be separated into two alternate
5.1 Secure Privacy Homomorphism (PH)
procedures: Node traversal and Distance access. In
the distance access which determines the next node
to traverse based on the distances. It is computed
form the current node and query point. To preserve
client query and cloud data privacy, both
procedures must remain secure in the outsourcing
model of three parties. i.e., during the query
PH is an encryption transformation which maps a
set of operations on plain text to another set of
operations on cipher text.
E (A)- E (B)=E(I)
E(I)= E-1 (I)
1. Encryption
processing neither data owner nor the cloud can
identify the traversed nodes or obtain any type of
information that can pinpoint the query point (such
as the exact distances to the query point). In that
time the client should not have an access to the
actual node contents during distance access and the
node traversal. Some of the algorithms to
implement above scenario are given below:
1) Privacy-Preserving Processing Framework
Converting plain text into a cipher text with using
public and private keys. Consider Z is a set of plain
text with using secret keys converted into cipher
text. In fig-2 as per the paper, Client sends query
requirement to Cloud then owner sends encrypted
key index to Client.
Z=queries
E (I) = encrypted index key
for Distance-based Queries
2.
Decryption
2)
Recode: Distance Recoding Scheme
Converting cipher text into a plain text with using
Scenario of search and retrieval over encrypted
data, Consider a data management system hosting
data service, as illustrated in Fig-2, in which three
public and private keys. In fig-2, data owner sends
the decryption index key E-1 (I) to the data cloud for
future distance decryption.
E-1 (I) = decrypted index key.
HƯỚNG DẪN DOWNLOAD TÀI LIỆU

Bước 1:Tại trang tài liệu slideshare.vn bạn muốn tải, click vào nút Download màu xanh lá cây ở phía trên.
Bước 2: Tại liên kết tải về, bạn chọn liên kết để tải File về máy tính. Tại đây sẽ có lựa chọn tải File được lưu trên slideshare.vn
Bước 3: Một thông báo xuất hiện ở phía cuối trình duyệt, hỏi bạn muốn lưu . - Nếu click vào Save, file sẽ được lưu về máy (Quá trình tải file nhanh hay chậm phụ thuộc vào đường truyền internet, dung lượng file bạn muốn tải)
Có nhiều phần mềm hỗ trợ việc download file về máy tính với tốc độ tải file nhanh như: Internet Download Manager (IDM), Free Download Manager, ... Tùy vào sở thích của từng người mà người dùng chọn lựa phần mềm hỗ trợ download cho máy tính của mình  
2 lần xem

Attribute based secure query processing in cloud with privacy homomorphism. A Privacy Homomorphism (PH) Technique is being used in the system to provide prominent security features to client. Here, PH emphasise to resolve the security of query processing from client side, cloud, with the kNN on R-tree index query and distance re-coding algorithm. PH technique support to leverage performance parameter in cloud computing..

Nội dung

International Journal of Computer Networks and Communications Security VOL. 3, NO. 7, JULY 2015, 291–297 Available online at: www.ijcncs.org E-ISSN 2308-9830 (Online) / ISSN 2410-0595 (Print) Attribute Based Secure Query Processing in Cloud with Privacy Homomorphism Ms. RUPALI S.KHACHANE1 and Dr. PRADEEP K.DESHMUKH2 1, 2 Dept. of Computer Engineering, RajarshiShahu College of Engineering, Tathawde, Pune, India Affiliated To SavitribaiPhule Pune University E-mail: 1rupali.khachane@gmail.com, 2pkdeshmukh9@gmail.com ABSTRACT Different types of business organizations are benefitted due to convenient as well as secure working of Cloud Computing and Data Outsourcing. A cloud, data owner and client are intrinsic part of the system. Hence, secure query of users with privacy of data owners received a worldwide importance in modern days cloud computing and data management. A research had been carried out by many people in cloud computing and its security to preserve query processing data, privacy of data owners and its clients. A Privacy Homomorphism (PH) Technique is being used in the system to provide prominent security features to client. Here, PH emphasise to resolve the security of query processing from client side, cloud, with the k-NN on R-tree index query and distance re-coding algorithm. PH technique support to leverage performance parameter in cloud computing. Keywords: Privacy Homomorphism, Encrypted data, Decryption Data, K-Nearest Neighbour, Cipher Text, Plaintext, Cloud Security. 1 INTRODUCTION In cloud computing, data owner use data and querying services for outsourcing on the cloud data. During this process, data is the separate and private asset of the data owner, hence that must be protected against cloud and querying client. Query which is fired by the client may disclose the sensitive details information of the client. Hence should be protected in cloud and from data owners. Therefore, one of the major problem in cloud computing is to protect both, data privacy and query privacy amongst the data owner, client, and cloud –refer Figure 1. Social networking is one of the aspiring sectors facing such type of privacy problem [2]. Cloud Computing is new platform to deploy, manage and provide solution to various types of storage-platform-problems, using internet-based infrastructure. The services such as Goggle Docs, Amazon EC2,Microsoft Azure, and Online file storage etc. are the examples of cloud computing which used widely by number of users worldwide.. Fig. 1. General Model for query processing in Cloud It is really sensitive issue to upload our personal data on the cloud because data privacy is a major concern and faces major security problem. Sensitive information has to be encrypted before outsourcing, hence this creates an effective data utilization services, ultimately a big challenging task. One of the techniques of retrieval called Symmetric Searchable Encryption (SSE) of encrypted data on the cloud but still there is leakage of data privacy. Secure server side ranking, which is based on the order-preserving Encryption (OPE), 292 R. S.Khachane and P. K.deshmukh / International Journal of Computer Networks and Communications Security, 3 (7), July 2015 also includes the similarity relevance and robustness [3]. The rest of the paper is organized as follows. Section II reviews existing work on privacy-preserving query processing on outsourced data. Section III formulates the problem and section VI describe the challenges, Section V overviews the secure processing framework, and introduces ASM-PH, the privacy homomorphism used in this paper followed by detailed discussions on the protocols with a focus on distance-based queries. Section IX is explained the algorithms. 2 RELATED WORK We will review existing data privacy-preserving outsourcing techniques for the purpose of query processing. In a common model, non-trusted out-sourcing servers, stores and manages data on behalf of the data owners, who afterwards invites trusted users to put their query data. The first category of techniques is based on the generalization principle to minimize the disclosure of precise information. For the privacy of the user and client data, vari-ous types of general solutions in recently research papers are deposited to showcase study on the data privacy. In recently done research papers, the most acceptable general solution is ‘encryption’. Encryp-tion means data deposited with service provider must be encrypted to avoid information leakage on the cloud. Agrawal et al [4], it is proposed one of the solutions so as to order preserving encryption scheme (OPES) by which, indexes can be built directly on cipher text. The various SQL statements such as MAX, MIN, COUNT, GROUP BY and ORDER BY can then be re-written and processed over the encrypted data. But OPES does not support SUM or AVG statements. In case of SUM and AVG, original data must be decrypted first. In private Information retrieval (PIR) for hiding a user query completely and to provide strong privacy and confidentiality, a query anonymisation usually used ask-Anonymity [5] and its variants to mix the user’s query with other noisy query data. In [6], [7], user privacy and data privacy is considered together. Yonghong Yu and WenyangBai discussed how to enforce data privacy and user privacy over outsourced database service. In [8], [9] proposed one of the solution based on secure traversal framework and privacy homo-morphism based encryption scheme and secure protocols for processing k-nearest-neighbour queries (kNN) on R-tree index is given. In the authors following work [7], an integrated indexing technique with secure multiparty computation (SMC) based protocols to construct a secure index traversal framework is proposed and used. To solve private processing of more specific queries, different techniques have been implem-ented, e.g. public data column and private data column are implemented by hashing in. But join by hashing is unable to retrieve other specific as well as relevant data columns. Some time before a paper published by researcher, proposes kNN queries by processing private & remotely using homomor-phism encryption [2]. Theoretical protocols using homomorphic encryption have been proposed to process private document search by specific keywords in a line of documents .These protocols are still too costly to use practically. They perform only approximated search. Finally, we are not concerned to private query processing on outsour-ced encrypted data; although our data bucketization is inspired by the data bucketization idea in a work from that area [9].Our approach may also apply to protect query privacy in outsourced scenarios. 3 PROBLEM FORMULATION In a cloud computing model, three parties’ forms most important part, i.e. a data owner, querying client, and the cloud service provider (or simply the cloud). A data owner owns a huge data set D, and outsources its query processing service to the cloud. The data set contains some proprietary and sensitive attributes  like a salary, date of birth, social security number which needs to be protected from the cloud and the querying clients. While on the other hand, the client fires queries on the same sensitive attributes  to retrieve the identifiers of qualified objects in D (data set). After the query processing, these identifiers can be used to retrieve non-sensitive contents like name, sexuality of these objects. The query q needs to be protected against both the data owner and the cloud. Hence, the summarized statement may be given here is that problem is to process queries on sensitive attributes. 4 CHALLENGES In conventional query processing, current framework of the system has limitation such as computational limitation and communication limitation. In case of computational limitations, in each node traversal, there is a local distance computation on the client side and a decryption and recoding on the server side. As far as communication limitations are concerned, in each node traversal, both sides send and receive a set of 293 R. S.Khachane and P. K.deshmukh / International Journal of Computer Networks and Communications Security, 3 (7), July 2015 distances for the node entries. There are also several challenges regarding security and efficiency in this framework which are also clarified in next sessions. different entities are involved: data owner, data user and a storage server. 1) The core of this framework is distance access which comprises local distance computation, decryption and recoding, and client scrambling. 2) Since each node traversal and distance access incurs both computational and communication limitations, optimization techniques will be designed to prune unnecessary distance computation and node traversal. 3) In case of security of data leakage, this framework preserves both data and query privacy, based on the security of ASM-PH. Nonetheless, it admitted certain amount of privacy loss in this framework, such as the disclosure of index topology to the client. 5 OVERVIEW OF PRIVACY HOMOMORPHISM: DESIGN In this section, processing distance-based over a multidimensional can be treated as traversal on the tree nodes. It can be separated into two alternate procedures: Node traversal and Distance access. In the distance access which determines the next node to traverse based on the distances. It is computed form the current node and query point. To preserve client query and cloud data privacy, both procedures must remain secure in the outsourcing model of three parties. i.e., during the query processing neither data owner nor the cloud can identify the traversed nodes or obtain any type of information that can pinpoint the query point (such as the exact distances to the query point). In that time the client should not have an access to the actual node contents during distance access and the node traversal. Some of the algorithms to implement above scenario are given below: 1) Privacy-Preserving Processing Framework Fig. 2. Scenario of search and retrieval over encrypted data The data owner has a collection of data files. Data owners are encouraged to outsource their data from local systems to global space for great flexibility. For protecting data files, they are encrypted before uploading into such global space. Thus enabling search and retrieval over such encrypted data is of paramount importance. The data owner has a collection of n files say, C = {f1, f2 ,...fn } which may be of extension .txt, .doc and .pdf. For protecting the file from the unauthorized person we need to apply different types of privacy homomorphism algorithms [7]. 5.1 Secure Privacy Homomorphism (PH) PH is an encryption transformation which maps a set of operations on plain text to another set of operations on cipher text. E (A)- E (B)=E(I) E(I)= E-1 (I) 1. Encryption Converting plain text into a cipher text with using public and private keys. Consider Z is a set of plain text with using secret keys converted into cipher text. In fig-2 as per the paper, Client sends query requirement to Cloud then owner sends encrypted key index to Client. Z=queries E (I) = encrypted index key for Distance-based Queries 2. Decryption 2) Recode: Distance Recoding Scheme Scenario of search and retrieval over encrypted data, Consider a data management system hosting data service, as illustrated in Fig-2, in which three Converting cipher text into a plain text with using public and private keys. In fig-2, data owner sends the decryption index key E-1 (I) to the data cloud for future distance decryption. E-1 (I) = decrypted index key. 294 R. S.Khachane and P. K.deshmukh / International Journal of Computer Networks and Communications Security, 3 (7), July 2015 6 SYSETM ARCHITECTURE 6.1 Privacy-Preserving Query Processing Framework When processing distance-based queries, a multidimensional index can be treated as traversal on the tree nodes. Very clearly, this may be divided into two alternate processes i.e. node traversal and distance access. The distance access determines the next node to traverse which is depending upon the distances computed from the current node and query point. To safeguard query and data privacy, both procedures must remain secure in the outsourcing model of three parties i.e. when query is being processing not only data owner but the cloud can identify the traversed nodes also or may obtain any information that may point out the query point as the exact distances to the query point. Till time, the client should have no access to the actual node contents during distance access and node traversal. Here, in fig-3, showing the framework of secure query processing. Whereas, other part is to protect data privacy, the client has only access to an encrypted version of the index, and must go ahead to process their query together with the cloud, which will decrypt the distances it, computes locally. The distance access is a collective procedure of the client and data cloud, in which not a single party has access to the actual distances [2]. The detailed process flow of this framework is as follows. needs to forward their public key to the client who then recollects and decrypts the index from cloud. 6. In the course of PH , each time the client is required to go for index node which results node E(I) that computes the indexes , and are sent to the data cloud which decrypts and re-codes them for the client 7. It ensures that, only client can receive an encrypted version of the actual indexes that are acceptable and tolerable for any query processing. Whereas additionally to prevent the cloud from accessing the actual indexes after decryption, the client requires Private Key , prior to forwarding them to the cloud from accessing the actual indexes after decryption. 8. Text decryption scheme is already sent by the data owner to cloud and the decrypted indexes are encrypted by the text encryption scheme having at client end . 9. And finally entering the private key ,client will get the specified output for requested query. 1. Sending query requests to cloud by client Data owner only allowed the authenticated user. 2. During this process data owner sends an encrypted variant of index E (I) to client , and shadow index E- 1 (I) to cloud. In each index node, the key entry e.g. e1, e2, e3 is encrypted by encryption scheme E(·), 3. Although the pointers e.g., p1, p2, p3 are not encrypted. It means that, the index has common topology as the basic index but each key value is encrypted. The index is to be saved at the client side for future connections. 4. Simultaneously the data owner sends decryption scheme E- 1 (.) to the data cloud for future distance decryption. It does not require that data owner should get involved in initial stage and can further reduce their involvement by handing over the task of decrypted indexing to the cloud. 5. Index in the cloud should again be encrypted by the owner’s private key through any public key cryptography. During initialization, owner Fig. 3. Privacy-Preserving Query Processing Framework 7 PRIVACY-PRESERVING QUERY PROCESSING ALGORITHMS USED A. pH Encryption algorithm 1) Start. 2) Take any number & multiply by 13 and store that answer. 3) Convert that answer into data type String and store into string variable fs. 4) Initialize integer array ak[ ] of size 10. 295 R. S.Khachane and P. K.deshmukh / International Journal of Computer Networks and Communications Security, 3 (7), July 2015 5) Initialize index counter variable to zero.int ak_ind=0; 8 SYSTEM MODEL FOR KNN ON R-TREE 6) For int i=0 to i0)) ak[ak_ind-1]=ak[ak_ind-1]+1; ak[ak_ind]=0; Increment ak_ind by 1; Else ak[ak_ind]=k; Increment ak_ind by 1; End IF End For 7) For int j=0 to j

Tài liệu liên quan