Escolar Documentos
Profissional Documentos
Cultura Documentos
Shu Gong
Xin Xin Huang
Department of Computer Science, Guangdong Department of Computer Science, Guangdong
University Science and Technology,
University Science and Technology,
Dongguan 523083, China
Dongguan 523083, China
e-mail: 43451678@qq.com
e-mail: 43451678@qq.com
Abstract-The combination of database and cloud environment modification. A large number of important traditional
prompted changes in the information industry and information industry business data stored in relational database, such as
service, while there exits any security issues. The database personal data of Mobile, Bank Corporation are stored in a
protection mechanisms proposed in this paper are based on relational database. How to protect these sensitive data? So
attribute decomposition and encrypted cloud environment, how to realize the urgency of the encryption protection of the
which not only the server to minimize the number of database sensitive data on the cloud platform is urgent.
encryption and decryption of the attribute field, but reduce the
Therefore, in the cloud environment, data privacy
amount of computation and effectively encrypt the data of
protection is a problem of the cloud storage service model
database as well.
which can not be avoided, and the confidentiality of stored
Keywords-cloud environment, attribute decomposition,
data is guaranteed by data encryption. Jung et al proposed an
candidate key, homomorphic encryption1
anonymous access control scheme.[4], the proposed scheme
implements anonymous cloud data access and fine-grained
access control. Sahai et al in 2005 [5], puts forward the
I. INTRODUCTION
concept of encryption based on attribute (ABE) and
Cloud computing is a representative of the new trend subsequently attracted more and more scholars to study of
which prompting information industry from providing the cipher system based on attribute. Literature [6] proposed
independent of hardware and software products to provide a hybrid privacy protection solutions, in which the privacy
socialization, intensive and professional information service information is encrypted based on the user attribute and
[I], the database and the cloud environment combination has cloud service types.
the following advantages: In this paper, a database protection mechanism based on
Mass data storage and easy to be extended, to realize attribute decomposition and encryption in cloud environment
database storage capacity to PB or EP level is proposed. According to the relational schema dependency
Anti fault, when some machine failure, the whole set, the minimal encryption attribute set is obtained for the
database system through the internal allocation attribute decomposition and expansion, and then the two
mechanism, still can ensure the user to use the normal layer encryption is performed on each attribute field and a
database service will not obviously affect the user to whole attribute set.
use II. DATA PROTECTION MODEL
High performance and fast response, which can
improve the performance and retrieval efficiency, A. Data Protection Constraint
increase the network throughput, reduce the response
The data tables in the database are represented by the
time
relational schema, that is, the data table can be represented
Save energy, database massive data storage in the data
ease
disease are related to personal privacy, which cannot in
plaintext form with ename together appear in the eid b disease
outsourced database, so (ename, job, rank),(ename,
1011 mary 24 M salesman 2 4000 net play normal
salary) and (ename, disease )belong to the constraint of
data protection 1012 bob 27 F artisan 2 4500 net play cancer
Case c: Even if it is not clear eno, but the combination 1013 jim 35 F manager 2 6000 read normal
of sex, age, job, rank, hobby may also be the only one 1014 lily 31 M artisan 5000 net play cancer
to detennine the higher probability of an employee's 1015 hery 43 F manager 1 7000 net chat cancer
identity. For example, it can identify the identity of the 1016 jack 33 F salesman 1 4500 swim HIV
staff combined with the company's web site published
by the department staff profile and other public 1017 john 46 F anager 1 730i[) read Eancer)
information, resulting in data leakage. So (sex, age, job, case f case d .case e
rank, hobby) can also be considered as a data
protection constraint. Figure 1. The original table.
Defmition 2:
(Data protection constraint set) given a relational In view of the above three kinds of circumstances, it is
needed to extend these attributes to the data protection
schema R (A1 A2
.
, ,An), the set C = {cPc 2 , ...,c n } is a
constraint set.
data protection constraint set of relational schema R , Defmition 3:
when Vc i EC in)
(1 is a data protection constraint of (data protection constraint set extension) given a
VC"Cj EC(lin,ljn) there is a relation set of data protection constraint relation mode R, if
3A, E R distribution characteristics of case d and case e ,
ci cjand cj ci and easily lead to information leakage, and then extended
For the employees of the company infonnation
outsourcing database, the data protection constraint set of
{ Ai } to the relational schema R, the extension set
'
relational schema emp {(eno), (ename, job, rank), (name, {
c = c; , C , ,C,} is called data protection constraint
disease), (name, salary)}
extension set of C for relational schema R, if and only if
B. Data Protection Constraint set Extension '
Vc;,< E c (1 <= i,j <= t,i *' j), there is a
In order to prevent the information leakage for the illegal ! , , ,
users analysis the distribution of the data values stored in the relationshipc, c:L Cj /\ Cj c:L c,.
cloud environment in plain text fonnat,. In this paper, will
consider the following three kinds of data distribution lead to C. Minimum Encryption Attribute Decomposition
information leakage: In order to prevent the illegal user to obtain relevant
information can be decomposed relationship mode into two
259
parts by the attribute decomposition, and encrypted attribute record r is j , the block number of the field is t . The first i i
data values of any part, makes all the attributes of the data
protection constraint set are not simultaneously in the result field is represented as ri,) ,ri,) , the block is represented as
of not being encrypted. This not only simplified the
encryption operation, also reduce the time complexity.
ri,),S (1 <= s <= ti) so there is
Defmition 4: I,
(attribute decomposition) given a relationship mode L.. r ',j>,S (1 <= i <= m ,1 <= J' <= d) . The number
r,O,j> = '"'
R(AI,A2,...,An) and data protection constraint set s='
of data blocks is valued according to the size of the field. If
C = {c"c2,...,cn} , U is set the attributes of C , the field occupies a larger space, it is necessary to block
M=(MI ,M2) is the attribute set of relational schema storage t, >1.
The security level for user and the security level for each
R after decomposition (M, as an encrypted attribute, M 2
field in minimal attribute set of database relational tables is
as an non-encrypted attribute, and there the following independent of each other, the user's security level is only
relation: M, n M2 <l> /\ determined, the security level of the attribute fields in
relational tables each are not identical. When the user's
M, U M2 = R , (1 :::;, i:::;, n ) , ci M 2
\lei E C security level is higher than the security level of all the
According to the above cases, attributes decomposed into attribute fields in the table, the user can access the field data
M=(M"MJ correctly.
Assuming the minimal set of a relational table
M I ={eno,ename,job,sex} , M 2 =(age,rank,salary,disease),
is {r'k ,r2k ,...,rnk }, which 1 <=kpk2,...,kn <=d ,
The M 2 does not contain any of the data protection
, I , 2 , 11
The scheme not only aims to encryption protection value Step2: then encryption for the whole minimal set of
of the minimum attribute set of table records, at the same attributes of this record.
time, access control for user division level, in other words, to m m k{ Ii
ensure that the high level users can access the low level data (l)K = TIKi,k, = TITITI PlY,S
and low level user can not access high level data. i=' i=' v=' s='
Assume that a relational table R(A"A2,...,An) has the
minimum attribute set of total m field, d security level (1-
d to identify a security level, the highest security level of 1,
marking the lowest security level of d). Assume that the
security level of the first i field in minimum attribute of a
260
11/ [3] R.Rivest, L.Adleman and MDertousos, On Data Backs and Brivacy
Homomorphisms[C]. In Foundations of Secure Computation,
(2)C L ej,kjCj,kj mod K(l <= 1 <= m) 1978,21(2),169-I80
i=1
[4] T. Jung, x.Y. Li, Z. Wan, et ai. Privacy preserving cloud data
access with muitiauthorities [C]. INFOCOM, 2013 Proceedings
The process of decryption and encryption is precisely by IEEE, 2013: 2625-2633.
contraries. It is divided into two steps: [5] A. Sahai, B. Waters. Fuzzy identity-based encryption [M].
First, decryption for the entire minimal set of records Advances in Cryptology EUROCRYPT 2005. Springer Berlin
Heidelberg, 2005: 457-473.
attributes of this record, and then decryption for each
member of the minimal set of relational table. The [6] Y. Ji, J.Tan, H. Liu, et ai. A privacy protection method based on CP
ABE and KP-ABE for cloud computing [J]. Journal of Software,
decryption process is done by a user with a security level of 2014, 9(6): 1367-1375.
I (l<=ki). [7] Kruitz R L,Vines R D,Cloud security:a comprehensive guide to
secure cloud computing[M], Indianapolis,IN,Wiley
Publishing,20 10,358
IV. CONCLUSIONS
[8] [EB/OL ].http://www.searchcIoudcomputing.com.cn/shwcontent_644
According to the characteristics of the cloud environment I 8.h-tm,20 I2
database, this paper combines the attribute decomposition [9] Wang Qian,Zhu Zhi-xiang,Shi Chen-Yu,et aI.Encryption and
and homomorphic encryption of the storage , which can decryption engine system applying to database security and
guarantee that, any privacy implications data is not in the detection[J].Computer Technology and Development,2014,24(1):143-
form of plain text which in the database stored under the 146
cloud environment, at the same time using the minimal [10] Carlo Curino,Evan RC,Jones,Raluca Ada Popa,Nirmesh
Malviya.Relational Cloud:A Database-as-a-Service for the
attribute decomposition, which not only consider to reduce Cloud[R].CIDR2011,201I.
the privacy issues which the data distribution lead to, but
[11] Boneh D,Boyen X.Efficient selective Identity-Based encryption
also can minimized the number of encrypt and decrypt without random oracIes[J]. J.Cryptology,2011,24(4),659-693
attribute fields, and reducing the amount of computation for [I2] Boldyreva A,Chenette N,Lee Y,et aI.Order-preserving symmetric
encryption and decryption, and then use the two layer encryption [C]//Proc of the 28th Annual International Conference on
homomorphic encryption such as the field value of the the Theory and Applications of Cryptographic
minimum attribute set homomorphic encryption and the Techniques(EUROCRYPT).2009:224-24I.
whole attribute set homomorphic encryption .Through the [13] X. Liu, H. Zhu, J. Ma, et ai. Key-policy weighted attribute based
above method which Can effectively prevent unauthorized encryption for fine-grained access control [C]. Communications
Workshops (ICC), 2014 IEEE International Conference on, IEEE,
users and attackers to do unauthorized access for database 2014: 694-699.
under the cloud environment, so as to protecting the privacy [14] R. Zhang, P. S. Chen. A dynamic cryptographic access control
data. scheme in cloud storage services [J]. Journal of Information
Acknowledgment Processing and Management, 2013, 4(1): 104-111.
Scientific research project of Guangdong University of [15] Z. Lv, M. Zhang, D. Feng. Cryptographic access control scheme
Science & Technology, number: GKY-2015KYYB-20 for cloud storage [J]. Jisuanji Kexue yu Tansuo, 201I, 5(9): 835-844.
[I6] Pengxu Tan, Yue Chen, Chaoling Li et ai. Stream Regeneration with
REFERENCES Regnerating Codes for the Fault-Tolerant of Cloud StoragefA].
Porceedings of the 2th International Conference on Business
[I] Zhu Qin,Yu Shou-jian,Le Jia-jin, Research on Security Mechanisms
Computing and Global Informatization[C]. Shanghai, China, 2012:
of Outsourced Databasep].Computer Science,2007,34(2):152-156(in
735-738.
Chinse)
[I7] M. Nabeel, N. Shang, E. Bertino. Privacy preserving policy
[2] Toosi A N,Calheiros R N,Rajkumar B,lnterconnected cloud
based content sharing in public clouds Pl. Knowledge and Data
computing environments;challenges,taxonomy,and surveyU],ACM
Engineering, IEEE Transactions on, 2013, 25(11): 2602-2614.
Computing Surveys,2014,47(1),1-47
261