Topic : A Comprehensive Framework for Secure Query

Processing on Relational Data in the Cloud

Abstract. Data security in the cloud is a big concern that blocks the widespread use of the cloud for relational data management.
First, to ensure data security, data confidentiality needs to be provided when data resides in storage as well as when data is
dynamically accessed by queries.

Introduction :Data security in the cloud is a big concern that blocks the widespread use of the cloud for relational data
management. First, to ensure data security, data confidentiality needs to be provided when data resides in storage as well as when
data is dynamically accessed by queries.

What is database …….?

• Collection of

– interrelated data and

– set of programs to access the data

• Convenient and efficient processing of data

What is database security……?

• A set of established procedure, standard, policies and tools that is used to protect data from
theft, misuse and unwanted intrusion, activities and attacks.

• It deals with the permission and access to the data structure and the data contained within it.

Basic Security Concepts

The objectives of data security can be divided into:

• Confidentiality or Secrecy of data

• Integrity of data

• Availability of data

• Confidentiality or Secrecy of data: Need to ensure that confidential data is only available to
correct people. Need to ensure that entire database is secured from external and internal
system breaches

Need to provide for reporting on who has accessed what data and what they have done with it.

Protected through the use of authentication and access control.

 • Integrity of data: refers to the prevention of unauthorized and improper data modification.

Refers to the reliability, accuracy and consistency of the data stored within and retrieve from
the database.

Protected by preventing both unauthorized and authorized modifications whether accidental or

deliberate, that might cause the database storage or retrieval to be unreliable and inconsistent.

Availability of data: Data needs to be available at all necessary times

Data needs to be available to only the appropriate users

Need to be able to track who has access to and who has accessed what data

• Common potential threats:

• Hardware failure

• Software failure

• Disaster

• Intrusion etc.

Cloud computing has been gaining interests in the commercial arena due to its desirable features of scalability,
elasticity, fault-tolerance, self-management and pay-per-use. However, the security of sensitive data stored in the
cloud remains a big concern, and even a road block to the widespread usage of the cloud for relational data
management and query processing. The shared environment of the cloud renders access control policies and
authentication vulnerable Many enterprises therefore question whether adequate security and functionality can be
ensured for performing their regular data storing and query processing tasks in the cloud. Data confidentiality is one
of the most important security concerns and challenges. It should be adequately provided to safeguard against
attackers’ analysis and inferences. In addition, data confidentiality has to be balanced with query processing
functions and performance.

Private Information Retrieval (PIR)

Private Information Retrieval (PIR) is a protocol that allows a client to retrieve an element of a database without the
owner of that database being able to determine which element was selected. While this problem admits a trivial
solution - sending the entire database to the client allows the client to query with perfect privacy - there are
techniques to reduce the communication complexity of this problem, which can be critical for large databases.
Additionally, Strong Private Information Retrieval (SPIR) is private information retrieval with the additional
requirement that the client only learn about the elements he is querying for, and nothing else. This requirement
captures the typical privacy needs of a database owner.
This library is the first publically available implementation of the best known protocols for PIR/SPIR and related
problems.
Data Access Model.
We assume that the cloud is heavily loaded with many clients issuing many queries continuously. This is typical of
modern cloud systems. We support exact, range queries and tuple updates given index keys as
Predicates, as well as tuple insertion and deletion.

Attacker Model
Attacker and Prior Knowledge Assumptions. We consider attackers are external entities or the servers where data is
stored. We do not deal with insider attacks, such as from malicious partners. We assume client machines are safe,
thus any confidential information on the client such as the secret key C is not
known to attackers. Attackers do not know clients’ queries. However, attackers could know the clients’ data
distribution and even some exact values and their occurrence frequencies. We assume attackers’ computations are
bounded by polynomial size circuits. Attacks.

We consider two types of attacks: (1) attacks that target to compromise data confidentiality without compromising
data availability or integrity; (2) attacks that target to compromise data integrity or availability, e.g. modifying the
encoded tuples or index keys, or Denial-of-Service (DoS) attacks. We
say servers are faulty in (2). In (1), attackers can compromise any number of servers. They can analyze the encoded
data, monitor index and data accesses, and perform inference or linking attacks [6], in which they try to infer the
correspondence between the positions of encoded data in storage and plain-text
values in the data domain, and even try to infer the secret key C. 4 Data Encryption and Dispersal by
“Salted” IDA Information Dispersal Algorithm (IDA) [12] ensures secure and reliable storage. It is widely used
in emerging cloud storages [16, 14, 22]. We use IDA as the basis for providing data confidentiality and availability,
and propose an easy-to-use data encoding and dispersal scheme called salted IDA.

Data Encryption

Data encryption translates data into another form, or code, so that only people with access to a
secret key (formally called a decryption key) or password can read it. Encrypted data
is commonly referred to as ciphertext, while unencrypted data is called plaintext. Currently,
encryption is one of the most popular and effective data security methods used by organizations.
Two main types of data encryption exist - asymmetric encryption, also known as public-key
encryption, and symmetric encryption.

Information Dispersal Algorithm( IDA)

Information dispersal algorithms are used to separate data packets into slices so that they are
unrecognizable as they sit in storage arrays or traverse the network. Data can be reassembled at
the receiving device.

Our goal in this paper is to provide a comprehensive secure query processing framework that addresses the issues of
data confidentiality, availability and integrity, and supports practical processing of various types of queries on
relational data in the cloud. We aim at a practical solution with balanced security and functions. We achieve
confidentiality for data residing in storage using a variant of IDA, called “salted” IDA Salted IDA relies on pseudo-
randomness to improve the data confidentiality of the original IDA scheme against computationally bounded
adversaries and relies on the original IDA scheme to provide data availability.

Query Processing

Query processing includes translation of high-level queries into low-level expressions that can be used
at the physical level of the file system, query optimization and actual execution of the query to get the
result.

Our framework supports exact, range queries, as well as updates, inserts and deletes. These common queries form
the basis for general purpose relational data processing.

A range query is a common database operation that retrieves all records where some value is between
an upper and lower boundary. For example, list all employees with 3 to 5 years experience.

Tuple Update. Update to a tuple without changing its index key can be done by performing an exact query on
the key to get the target tuple column and then storing the updated tuple column.

Experimental Evaluation

Our evaluation focuses on the following: (1) the efficiency of our framework for processing different types of
queries; (2) the overhead introduced by security when compared with the baseline query processing with no security
provided, and with the basic encrypted index approach [6] of insufficient data confidentiality and no data
availability; (3) the overhead breakdown in terms of client processing time, server processing time and network
latency as well as the communication sizes for index and tuples; (4) the effects of data size, query selectivity and
index caching on query performance.

Conclusion
To solve the security concern for widespread use of relational data management in the cloud, this paper has
proposed a comprehensive framework for practical secure query processing on relational data in the cloud. Our work
is distinguished from previous works in that data confidentiality is ensured in both storage and at access time, and
different queries and data updates are supported. Data confidentiality in storage is ensured using the “salted” IDA
scheme to encode and disperse the data. Data confidentiality in query accesses is ensured by only allowing proxied
single operations called column-access-via-proxy between clients and servers.