2017 International Conference on Computer and Applications (ICCA)
Improving Database Security in Cloud Computing
by Fragmentation of Data
Amjad Alsirhani Peter Bodorik
Faculty of Computer Science Faculty of Computer Science
Dalhousie University Dalhousie University
amjada@cs.dal.ca bodorik@cs.dal.ca
Abstract—Cloud computing is a technology that facilitates
numerous configurable resources in which the data is stored and
managed in a decentralized manner. However, since the data is
out of the owner's control, concerns have arisen regarding data
confidentiality. Encryption techniques have previously been pro-
posed to provide users with confidentiality in terms of outsource
storage; however, many of these encryption algorithms are weak,
enabling data security to be breached simply by compromising an
algorithm. We propose a combination of encryption algorithms
and a distribution system to improve database confidentiality.
This scheme distributes the database across the clouds based
on the level of security that is provided by the encryption
algorithms utilized. We analyzed our scheme by designing and
conducting experiments and by comparing our scheme with
existing solutions. The results demonstrate that our scheme
offers a highly secure approach that provides users with data
confidentiality and provides acceptable overhead performance.
Index Terms—Cloud Computing, Encryption Algorithms, Se-
curity, Distributed System.
I. I NTRODUCTION
Cloud computing is defined by NIST [1] as “a model for
enabling ubiquitous, convenient, on-demand network access
to a shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications, and services) that can
be rapidly provisioned and released with minimal manage-
ment effort or service provider interaction”. Cloud computing
involves storing data using a third-party or non-central storage
mechanism and requires the ability to access this data from
anywhere at any time.
It offers a number of services and includes a variety of
models to meet users' needs at affordable prices. Scalability
is a cloud computing characteristic, whereby data is scaled
around the cloud provider's servers. The powerful devices
cloud providers rely on to operate the cloud give users high
performance processing, fast network speeds, and a huge
amount of storage space.
Despite the perceived benefits of cloud computing, there
are still major security concerns surrounding storing data to
the cloud. One of these concerns is adequately protecting
the confidentiality of sensitive data. This ongoing and very
important concern has motivated us to seek a way to improve
security in a cloud computing environment and to create a vi-
able real-life application. Cloud computing has many attractive
advantages that encourage potential users to consider moving
978-1-5386-2752-5/17/$31.00 2017 IEEE 43
Srinivas Sampalli
Faculty of Computer Science
Dalhousie University
srini@cs.dal.ca
to a modern style of computing. However, these advantages, as
Hacg et al. [2] claim, come at a high price, with users facing
greater privacy risks and increased vulnerabilities when they
move their, often private or sensitive, data to a cloud. More
importantly, this data is often not under the direct control of
the owner, so concerns arise regarding data confidentiality.
Consequently, providers are able to compromise and access
sensitive data, which constitutes an invasion of the database
owner's privacy. Finding trusted providers to store sensitive
data is not an easy task, as many cloud computing providers
may not even trust their own employees [3]. Additionally, in
some cases, providers also reserve the right to change their
terms and conditions, which means that data confidentiality
and privacy risks are even more critical to consider [4].
In light of these ongoing security-related issues, encryption
emerges as the simplest solution, as encrypting data before
sending it to the cloud can prevent providers from obtaining
sensitive information. Unfortunately, however, encrypted data
cannot be easily queried, making it difficult for users to access
their data. Some proposed solutions to this dilemma involve
using asymmetric cryptography, with the private key being
shared with the providers. However, the provider can still infer
sensitive information with this method when they perform the
decryption in response to the client's query.
Similarly, symmetric key cryptography involves decryption
on the provider's side, allowing providers to infer sensitive
information in this case as well. Hence, neither symmetric nor
asymmetric cryptography offer a suitable solution. Since there
is no single encryption algorithm that is able to support all
Structured Query Language (SQL) queries without decryption,
there is a need for a system that provides users with security
while also supporting a variety of query types. This leads
us to the following questions: How can we guarantee data
confidentiality while using untrusted cloud computing provider
resources, and what encryption algorithms can be utilized to
support a variety of queries?
II. R ELATED W ORK
Work regarding the confidentiality of data stored through
outsourcing is categorized into four groups: (a) fragmentation
schemes (a column-based partition), (b) hardware-software
solutions, (c) sensitive data VS. non-sensitive data, and (d)
a combination of encryption algorithms.
 2017 International Conference on Computer and Applications (ICCA)

(a) Hacg and Li [5] have proposed a fragmentation scheme,

which is a column-based partition. On the server side, there
are only encrypted fragments (i.e., vertical fragmentation).
Each fragment has a unique ID used to support the query.
Queries are processed twice. In beginning, the whole fragment
is fetched to the client side, based on the fragment's ID. Once
the client obtains the fragment, it will be decrypted to apply
the query again on top of the fetched fragment. Finally, the
result will be returned after the second query is executed.
While this approach could be suitable for small data sets,
it requires a considerable amount of overhead to fetch the
whole database. In this approach, there is a case in which the
whole database has to be fetched to the client side, which
raises questions about the benefit of using cloud computing.
Additionally, processing the query twice slows overall perfor-
mance. Hence, this approach is not a suitable solution for this Fig. 1: The architecture of our scheme
problem because it eliminates cloud computing's main benefit
in terms of providing storage. It also requires a lot of overhead
time to execute the query. Other studies have considered this scalability of the system. Therefore, this approach cannot be
approach such as [6] [2] [7]. They mainly focus on the query used in practice. Other studies belonging to this category can
optimization technique as a means of trying to tackle the be found in [9]–[13]
limitation of [5], which concerns performance. d) Popa et al. [14] recently proposed a practical solution
b) Bouganim and Pucheral [8] have proposed a hardware- to improve the confidentiality level for outsourced data from
software solution for the database outsource confidentiality curious cloud providers. Their scheme consists of a number
issue, claiming that no software solution is guaranteed, given of components, including encryption algorithms, proxy, and
Internet security variability. Their idea is basically to install a user's application. This concept relies on the fact that no single
smartcard on the cloud side that will work as a mediator. The encryption algorithm can support all types of queries, so the
data is then encrypted by the smartcard before being inserted researchers investigated encryption algorithms that allow for
into the database, and then decrypted before being sent to the queries to be issued to encrypted data. They came up with
user. This method is premised on an assumption of secure six encryption algorithms that can be used to support the
communication between the user and the cloud. The smart fundamental query structure. Other studies belonging to this
card is fully controlled by the client, so the cloud is simply category can be found in [15]–[19]
used as encrypted data storage. This approach has limitations III. M ETHODOLOGY
in terms of processing power as well as memory capacity and
We propose a combination of encryption algorithms and
thus does not offer a practical solution for the outsourcing of
a fragmentation technique that together form a novel contri-
confidential data due to the weakness of the smartcard and
bution to this research. Figure 1 represents the architecture of
the difficulty of installing the card into the cloud provider 's
our scheme. The public clouds consist of a master cloud and a
server. The situation worsens if the database system needs to
number of slave clouds. The master cloud stores an encrypted
be distributed.
replica of the entire database while individual public clouds
c) Anciaux et al. [3] have proposed a different approach to
store extended columns.
ensure data confidentiality when data are stored with untrusted
cloud providers . They divide the database into private and A. Encryption Algorithms
public data. The private data is the sensitive data that needs The algorithms used in our scheme are the same as the
to be kept in a safe place, whereas the public data is the non- encryption algorithms used in [14] approach. These algo-
sensitive data that can be seen by the general public. They rithms include the Advanced Encryption Standard (AES),
encrypt and store the sensitive information on a smart USB Order-Preserving Encryption (OPE), Homomorphic Encryp-
key, which has to be on the client side. The insensitive data tion (HOM), Search, and Deterministic Encryption. In our
are stored on a public cloud server in plain text. The user scheme, the usage is slightly different due to differences in
cannot query the data unless the smart USB key is plugged the architecture between the two approaches. The usage and
into the user's device. When the smart USB key is plugged selection of these algorithms are based upon their ability to
in, the two partitions are joined using a distributed technique. suport users’ queries.
This approach could be a solution for one user, but is not
really feasible for widespread usage due to the difficulty of B. Fragmentation Technique
distributing the USB keys. Moreover, this approach limits the The fragmentation technique involves two aspects: a master
benefits of cloud computing by storing private data with the cloud and slave clouds (i.e., column-based fragmentation). In
client (using a smart USB key). Its key also eliminates the the initial configuration, the entire database is encrypted using

44
 2017 International Conference on Computer and Applications (ICCA)
a highly secure encryption algorithm and stored in the master
cloud while not disclosing the encryption key to the master
cloud provider. In fact, none of the keys are disclosed to any
of the cloud providers. Furthermore, when the relation for the
master cloud is created, we ensure that the relation has one
column that is used as an index to the tuples of the relation.
Thus, in addition to the primary key of the original relation,
we create another attribute (table column) containing a unique
index to the tuples of the relation.
The master cloud is the core part of our scheme, as it
maintains the entire relation in one place. Hence, the en-
cryption algorithm to be used in the master cloud has to be
secure enough to hold sensitive data. A number of studies
have shown that AES-CBC is a secure and reliable algorithm
for the outsourced storage of sensitive data [20] [21] and,
consequently, several studies have used AES-CBC to store
sensitive data [22] [23] [24]. Therefore, in our scheme, we
also use the AES-CBC encryption algorithm to encrypt the
master cloud relation. The index column is the only column
kept in plain text, so that the user can only query the relation
through that index to fetch the desired tuple/s
The index serves as a candidate key to the relation and
is replicated in each fragment, which contains an extended
column of the relation. The idea of storing an entire relation
in the master cloud (and not in the client cloud) is to obtain the
greatest benefit from cloud computing by preventing any kind
of data storage on the client side. In most cases, the query
has to travel to the master cloud to obtain encrypted data;
however, this is not always the case. Furthermore, only two
kinds of queries can be submitted to the master cloud database
because any data encrypted by the AES-CBC algorithm cannot
be queried directly without decryption.
The configuration continues with the vertical fragmentation
to create a variable number of replicas of the columns that are
stored in the slave clouds. Furthermore, before a column is
stored in a slave cloud it is encrypted while not disclosing
the encryption key to the cloud provider. Whether a table
column is replicated and which encryption algorithm is used
is determined by the observed or anticipated access pattern to
the relation. We shall simply state that if the access pattern to
the relation R is such that column A is frequently used by the
queries with a predicate (R.AΘk), where Θ is an arithmetic
relational operator and k is a constant, then the column is
replicated and encrypted using an algorithm applicable for
querying using Θ. Furthermore, each encrypted column is
also augmented with an index column to create an extended
column. Each replicated and encrypted column is stored in a
slave cloud.
If a column of the relation is accessed by distinct queries
with different predicates, a column of the relation may appear
more than once in a fragment, but is encrypted using a different
encryption algorithm. For instance if a column is accessed by
two different queries with two respective predicates (R.A =
k1) and (R.A > k2), then the column R.A would appear in
a fragment more than once, once encrypted using the DET
algorithm and once encrypted using the OPE algorithm.
45
C. Proxy's Functionality
The proxy is an important part of our scheme, as it per-
forms most of the processing. Processes performed by the
proxy server include creation, insertion, encryption, decryp-
tion, query parsing and the retrieval of results. The proxy
server has to be inside the private cloud and has to communi-
cate with the outside world through a highly secure channel,
such as SSL.
When a proxy receives a client query, it parses it and trans-
forms it into a set of sub-queries on extended columns stored
in the slave clouds. Only the master cloud storing the whole
encrypted relation is accessed. Each slave returns to the proxy
a set of indices forming the answer of the sub-query it has
received. When the proxy receives the results of sub-queries
it performs either the union or intersection algorithm on the
indexes if there is more than one where condition/predicate in
the query’s where clause. If these conditions are separated by
OR, the union algorithm is used; otherwise, the intersection
algorithm is used. Once the indices of the final result are
formed, the proxy issues a query to the master relation to
fetch the tuples that match them. The proxy performs all of
the encryption and decryption. In the encryption process, the
proxy encrypts any inserted values that come from the user
before storing them at the clouds. The selection query value
also has to be encrypted by the proxy before querying any
slave clouds.
IV. I MPLEMENTATION AND E VALUATION
A. Cloud Computing Tools and Configuration
As a first step in proving our concept, we created a public
cloud computing account at Rackspace, which offers open
source cloud computing. We then created a number of servers
equal to the number of fragments that we need, plus one more
for the master cloud. These servers have the following features:
Linux OS, XAMPP Server, CPU: 2 vCPUs, RAM: 4 GB,
System Disk: 160 GB, and Network: 400 Mb/s. The proxy,
on the other hand, is running the OS X. It is also running
with the Tomcat server. OS X, Tomcat server 7.0.53, CPU:
2.4 GHz Intel Core i5, RAM: 10 GB RAM, System Disk:
500 GB, Network: 150 Mbps.
B. Evaluation Method
We evaluate our method by determining the total delay using
an analytical model and through modeling. In the evaluation,
we concentrate on the total delay (in ms) per user SQL request.
As the user will receive the whole query result in one response,
the total delay in our experiments is also latency. Our method
is compared to two base methods:
(a) The first is an unsecured method in which the DB
is stored in one cloud and there are no efforts to provide
confidentiality. Thus, data is stored and communicated in plain
text. We refer to this method as the Unsecured approach.
(b) The second method is that of [14] approach, in which
the data is encrypted and stored in one cloud. In that cloud,
each column is encrypted using the encryption algorithms that
supports the desired operation(s). We refer to this approach as
 2017 International Conference on Computer and Applications (ICCA)

TABLE I: The total delays in milliseconds of the four schemes for

the Secured centralized approach. Our method will be referred
query 1
to as the Secure Distributed Approach (SDA).
Secure distributed Secure distributed
Experiments report delays due to communication, crypto S.F.
Unsecure centralized Secure centralized
serial parallel
processing(encryption/decryption), query processing, and the

Query pro.

Query pro.

Query pro.

Query pro.
Comm.
Comm.

Comm.

Comm.
Crypto

Crypto

Crypto
Proxy

Proxy
total delay. We use analytical evaluation as well as emulation.
134 339 445 445
When emulation is used, each experiment is repeated a number 0.2
84 50 144 50 144 211 77 144 2 211 77 144 2

of times, and we report the average delay and variance. 0.4

160 569 674 674

1) Set of queries: 104

186
56 224 56
798
288 282 82
904
288 2 282 82
904
288 2

0.6
1) Select statements in which the Where clause contains 124 62 304 62 432 378 88 432 3 378 88 432 3

one simple predicate. 0.8

211 1028 1134 1134
144 67 384 67 576 461 94 576 4 461 94 576 4
2) Select statements in which the Where clause contains 237 1258 1363 1422
a conjunction of two predicates (connected by the AND 1
164 73 464 73 720 928 99 720 4 928 99 720 4
Boolean operator).
3) Select statements in which the Where clause contains TABLE II: The total delays in milliseconds of the four schemes for
a conjunction of three predicates (connected by the AND query 2
Boolean operator).
Unsecure Secure Secure Secure

C. Delays Derived Using the Analytical Model S.F. centralized centralized distributed serial distributed parallel

Query pro.

Query pro.

Query pro.

Query pro.
Comm.
Comm.

Comm.

Comm.
Crypto

Crypto

Crypto
Proxy

Proxy
Based on the analytical model, we compare four approaches:
Unsecured centralized, Secure centralized, Secure distributed 0.2
134 338 536 469
84 50 144 50 144 288 103 144 1 220 103 144 2
serial, and Secure distributed parallel. We calculate the total 160 568 845 740
0.4
delays of each of these approaches. We calculate the delays 104 56 224 56 288 445 109 288 3 302 109 288 3
186 798 1008 931
using the analytical model while varying the selectivity to 0.6
124 62 304 62 432 457 114 432 5 381 114 432 4

vary the number of retrieved tuples and also the number 0.8
211 1027 1244 1163
144 67 384 67 576 541 120 576 7 462 120 576 5
of predicates. Table I shows the delays in milliseconds for 237 1257 1479 1396
1
query 1, which has a Where clause with one predicate. The 164 73 464 73 720 624 126 720 9 544 126 720 6

Secure distributed serial and parallel have the same delay

since, in this query, there is no parallelized process. The
delays for the Secure Centralized method are less than for the
Secure Distributed (serial and parallel) methods because in the
centralized case only the master cloud is accessed while the
distributed methods, in addition to accessing the master cloud,
also access one slave cloud.
Table I shows the delays of the communication and the
query processing for the unsecured centralized approach. In
this approach, there are two components that have an impact
on the total delay, which are the communication and the query
processing. The communication delay is higher than the query
processing delay.
Table II shows the total delays in milliseconds across
the approaches. In general,the communication delays on the
Secure distributed parallel are less in comparison to the com-
munication delays on the secure distributed serial approach
because the slave clouds are queried in parallel. However,
crypto delays are the same in both approaches.
Table III shows the delays in milliseconds for the four ap-
proaches for query 3, which has three predicates. The delays
are increased in our scheme because one slave cloud is
accessed for each of the predicates. The communication delays
have the highest delays across the selectivity factors except the
selectivity factor of one, in which the communication and the
crypto delays are the same.
D. Delays Derived Using the Emulation
We measure the total delays while varying the selectivity
factor and the number of predicates in the Where clause. We
start the experiments with a query that has a Where clause with
one predicate and then we increase the number of predicates
by one up to three predicates. We submit the queries a hundred
times and report the averages. The experiments are applied for
the Unsecured Centralized, Secured Centralized, and Secured
Distributed methods.
Table IV shows the total delays in milliseconds of the three
approaches for query 1. The query has only one predicate. The
results show the impact of the communication delays of the ex-
tra round trip in the Secure Distributed method in comparison
to the Secure Centralized method. Of course, the Unsecured
method has much fewer delays not only because there is no
decryption process after the result is retrieved but also the
information is stored in clear text, which means that the tuples
are smaller in size, resulting in faster communication.
Table V shows the total delays in milliseconds for query 2.
In this query, the number of predicates is increased to two,
meaning that the number of clouds is increased to three, one
master and two slaves. The effect of the communication is
now increased much more.
Table VI shows the total delays in milliseconds for query
3. In this query, the number of predicates is increased to
three, meaning that the number of clouds is increased to
four, i.e. three slave clouds and the master cloud. Clearly, the
communication delay is increased the most.
E. Results Analysis and Discussion
In the previous section, we reported the delays of the
components for each approach. In this section, however, we
are comparing the delays of each component of the analytical

46
 2017 International Conference on Computer and Applications (ICCA)

TABLE III: The total delays in milliseconds of the four schemes for TABLE V: The total delays in milliseconds of the three schemes for
query 3 query 2
Unsecure Secure Secure Secure Secure
S.F. Unsecure centralized Secure centralized
centralized centralized distributed serial distributed parallel S.F. distributed serial
Query pro.

Query pro.

Query pro.

Query pro.

Query pro.

Query pro.

Query pro.
Comm.
Comm.

Comm.

Comm.
Crypto

Crypto

Crypto

Comm.
Proxy

Proxy

Comm.

Comm.
Crypto

Crypto

Proxy
134 339 634 497
0.2
84 50 144 50 144 357 130 144 3 220 130 144 3 153 493 976
0.2
160 569 879 729 128 25 283 42 168 733 79 163 1
0.4
104 56 224 56 288 452 135 288 4 302 135 288 4 160 710 1459
0.4
186 798 1108 960 107 35 396 93 221 1162 104 191 2
0.6
124 62 304 62 432 429 141 432 6 381 141 432 6
185 884 1707
211 1028 1350 1111 0.6
0.8 143 42 536 109 239 1347 139 219 2
144 67 384 67 576 620 147 576 7 463 147 576 7
200 972 2165
237 1258 1585 1425 0.8
1 149 51 549 113 310 1694 179 290 2
164 73 464 73 720 704 152 720 9 544 152 720 9
210 1582 2223
1
151 59 1036 139 407 1687 187 346 3
TABLE IV: The total delays in milliseconds of the three schemes
for query 1
TABLE VI: The total delays in milliseconds of the three schemes
Secure for query 3
Unsecure centralized Secure centralized
S.F. distributed serial
Secure
Query pro.

Query pro.

Query pro.
Comm.
Comm.

Comm.
Crypto

Unsecure centralized Secure centralized

Crypto

Proxy
S.F. distributed serial

Query pro.

Query pro.

Query pro.
Comm.
Comm.

Comm.
Crypto

Crypto

Proxy
130 451 777
0.2
106.2 23.8 253 30.5 168 566 41 169 1
155 504 1196
115 585 1147 0.2
0.4 129 26 277 62 165 939 91 165 1
84.8 30.2 314 49 222 881 74 191 1
175 660 1729
143 804 1492 0.4
0.6 138 37 336 101 223 1417 122 188 2
102.9 40.1 495 62.8 247 1168 103 221 2
207 775 1950
152 983 1757 0.6
0.8 164 43 429 109 237 1580 159 209 2
102.9 49.1 593 83 307 1328 142 285 2
273 1194 2291
171 1287 2073 0.8
1 220 53 777 115 302 1805 203 281 2
115.2 55.8 790 98.7 390 1580 148 343 2
220 1441 2763
1
159 61 933 137 371 2196 213 350 4

model with the corresponding delays of the emulation model-

ing across all queries for every approach.
1) Communication delay: Fig. 3 shows the communication
delays for all queries in both models for the Secure Distributed
approach. In the previous approaches, the communication de-
lays are increased mostly due to the increases of the selectivity
factors. The differences in delays between the analytical model
and the emulation model are higher in query 3 than in queries
1 & 2.
2) Query processing delay: Fig. 4 shows the query pro-
cessing delays for all queries in both models for the Secure
Distributed approach. It can be observed that for small selectiv-

Fig. 3: Communication delays for the Secure Distributed approach

ity, delays through analytical modeling are higher than those

obtained through emulation. However, for higher selectivity,
delays obtained via emulation are much higher than those
obtained by analytical modeling.
3) Crypto delay: Fig. 5 shows the Crypto processing delays
for all queries in both models for the Secure Distributed
approach. The crypto delays are proportionally affected by
the message size. Recall that we only decrypt the final
result retrieved from the master cloud so that the size of
the decryption work depends on the selectivity factor. Thus,
Fig. 2: Communication delays for the Secure Distributed approach delays obtained by the analytical model are the same for both

47
 2017 International Conference on Computer and Applications (ICCA)
Fig. 4: Query processing delays for the Secure Distributed approach
Fig. 5: Crypto delays for the Secure Distributed approach
Fig. 6: Proxy delays for the Secure Distributed approach
the Secure Centralized and Secure Distributed approaches.The
same applies for delays derived through emulation.
4) Proxy delay: Fig. 6 shows the proxy processing delays
for all queries in both models for the Secure Distributed
approach. Recall that the proxy delays include delays to
perform the intersection of results returned from slave clouds
and overhead associated in transforming the user query to
queries on clouds and also processing results received from the
clouds. In general, the proxy delays in both models are much
less than the delays of the other components. The differences
in the delays between analytical and emulation models are
much fewer than the differences in the other components.
48
F. Discussion
We observe that the delays derived through analytical mod-
eling, with the exception of crypto delays, are fewer than
those derived through emulation. In the analytical model, we
determine the component delays individually. Thus, the total
delay of the analytical model is the sum of the component
delays. The analytical model is driven by first calibrating
the models’ parameters through measurements of average
delays in communication, query processing, and decryption,
and then using such parameters in analytically predicting the
delays of the methods under consideration. When making the
measurements, we use communication over the Internet and
also measure decryption and query processing delays that are
performed on infrastructure provided by the cloud.
Delays due to emulation are also obtained by using the Inter-
net for communication and cloud infrastructure for decryption
and query processing, and thus, we can expect much variability
in both the analytical and emulation approaches as both depend
on when measurements are done. We all accept and experience
much variability in delays when communicating over the
Internet.
Delays in cloud infrastructure are also variable as they
depend on the load, resources allocated by the cloud provider,
and also the cloud's quality of software that is used to measure
the load and balances the allocation of resources to handle
the load. Thus, although analytical modeling does not predict
the actual delays with accuracy in comparison to the actual
delays observed in emulation, it does provide guidelines on
the general trend when variables, such as selectivity or type
of issued queries, are varied.
V. C ONCLUSION
Cloud computing technology is attractive for storing and
managing data. However, concerns over confidentiality with
regard to storing sensitive data prevents many public and
commercial organizations from moving to the cloud. A number
of researchers have attempted to provide solutions to the
security concerns associated with outsourcing storage. The
aim of this research was to prevent untrustworthy providers
from obtaining sensitive data. We proposed a combination of
approaches by using the encryption algorithms in [14] and
obfuscation by distributing data amongst different clouds. The
encryption algorithms provide the user with confidentiality and
also support the query processing of encrypted data, while the
distributed technique provides greater security and prevents
cloud providers from procuring meaningful information. The
prototype of the proposal was implemented, with the results
showing that our scheme provides greater security with ac-
ceptable delays.
We used two modeling techniques to determine the delays
of our proposed method and also of the methods used for
comparison. One method was based on an analytical model
while the other method used emulation using a prototype. We
calibrated our analytical models’ parameters by measurements.
When we compared delays derived through analytical mod-
eling to those derived through emulation, we observed that
 2017 International Conference on Computer and Applications (ICCA)
in most cases the analytical model underestimated the delays.
Thus, the analytical model can be used to analyze the behavior
of the system in terms of the trends on delays but it cannot be
used to accurately predict the delays. Of course, the same can
be applied for any method that is predicting delays when the
load on the system is not taken into account - the load in our
case is a load that affects delays due to communication over the
Internet or due to processing delays on a cloud infrastructure.
ACKNOWLEDGEMENTS
This work is partially supported by Aljouf University repre-
sented by the Saudi Arabian Cultural Bureau in Canada. The
authors would like to thank the anonymous reviewers for their
constructive comments.
R EFERENCES
[1] P. Mell, T. Grance, and T. Grance, “The NIST Definition of Cloud
Computing Recommendations of the National Institute of Standards and
Technology,” 2011.
[2] H. Hacg, “Query Optimization in Encrypted Database,” pp. 43–55, 2005.
[3] N. Anciaux, M. Benzine, L. Bouganim, P. Pucheral, D. Shasha, and
I. Rocquencourt, “GhostDB : Querying Visible and Hidden Data Without
Leaks,” 2007.
[4] A. Hudic, S. Islam, P. Kieseberg, S. Rennert, and E. R. Weippl, “Data
confidentiality using fragmentation in cloud computing,” International
Journal of Pervasive Computing and Communications, vol. 9, no. 1,
pp. 37–51, 2013. [Online]. Available: http://www.scopus.com/inward/
record.url?eid=2-s2.0-84878829696{\&}partnerID=tZOtx3y1
[5] H. Hacg and C. Li, “Executing SQL over Encrypted Data in the
Database-Service-Provider Model,” vol. 7, 2002.
[6] B. Hore, S. Mehrotra, M. Canim, and M. Kantarcioglu, “Secure
multidimensional range queries over outsourced data,” The VLDB
Journal, vol. 21, no. 3, pp. 333–358, aug 2011. [Online]. Available:
http://link.springer.com/10.1007/s00778-011-0245-7
[7] B. Hore, S. Mehrotra, and G. Tsudik, “A privacy-preserving index
for range queries,” pp. 720–731, aug 2004. [Online]. Available:
http://dl.acm.org/citation.cfm?id=1316689.1316752
[8] L. Bouganim and P. Pucheral, “Chip-Secured Data Access : Confidential
Data on Untrusted Servers,” 2002.
[9] S. Y. Ko and K. Jeon, “The HybrEx Model for Confidentiality and
Privacy in Cloud Computing,” 2011.
[10] K. Zhang, X. Zhou, Y. Chen, and X. Wang, “Sedic : Privacy-Aware
Data Intensive Computing on Hybrid Clouds Categories and Subject
Descriptors,” pp. 515–525, 2011.
[11] Z. Zhou, H. Zhang, X. Du, P. Li, and X. Yu, “Prometheus : Privacy-
Aware Data Retrieval on Hybrid Cloud,” pp. 2643–2651, 2013.
[12] C. Zhang, E.-c. Chang, and R. H. C. Yap, “Tagged-MapReduce : A
General Framework for Secure Computing with Mixed-Sensitivity Data
on Hybrid Clouds,” pp. 31–40, 2014.
[13] K. Y. Oktay and S. Mehrotra, “SEMROD : Secure and Efficient
MapReduce Over HybriD Clouds The Univesity of Texas at Dallas,”
pp. 153–166, 2015.
[14] R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan,
“CryptDB : Protecting Confidentiality with Encrypted Query Process-
ing,” pp. 85–100, 2012.
[15] E.-O. Blass, G. Noubir, and T. D. Vo-Huu, “Epic: Efficient privacy-
preserving counting for mapreduce,” Cryptology ePrint Archive, Report
2012/452, 2012, http://eprint.iacr.org/2012/452.
[16] J. J. Stephen, S. Savvides, R. Seidel, and P. Eugster, “Practical
confidentiality preserving big data analysis,” in 6th USENIX
Workshop on Hot Topics in Cloud Computing (HotCloud
14). Philadelphia, PA: USENIX Association, Jun. 2014.
[Online]. Available: https://www.usenix.org/conference/hotcloud14/
workshop-program/presentation/stephen
[17] T. Mayberry, E.-o. Blass, and A. H. Chan, “PIRMAP : Efficient Private
Information Retrieval for MapReduce,” pp. 371–385, 2013.
[18] E.-o. Blass, R. D. Pietro, R. Molva, and M. Onen, “PRISM Privacy-
Preserving Search in MapReduce,” pp. 180–200, 2012.
49
[19] S. D. Tetali and T. Millstein, “MrCrypt : Static Analysis for Secure
Cloud Computations,” pp. 271–286, 2013.
[20] J. Daemen, The design of Rijndael : AES - the advanced encryption
standard with 17 tables. Berlin [u.a.]: Springer, 2002.
[21] J. Blomer, “Fault Based Cryptanalysis of the Advanced Encryption
Standard (AES),” Lecture notes in computer science., no. 2742, pp. 162
– 181, 2003.
[22] E. M. Mohamed, “Enhanced Data Security Model for Cloud Comput-
ing,” pp. 12–17, 2012.
[23] A. Arasu, S. Blanas, K. Eguro, M. Joglekar, R. Kaushik, D. Kossmann,
R. Ramamurthy, P. Upadhyaya, and R. Venkatesan, “Secure database-
as-a-service with Cipherbase,” Proceedings of the 2013 international
conference on Management of data - SIGMOD ’13, p. 1033,
2013. [Online]. Available: http://dl.acm.org/citation.cfm?doid=2463676.
2467797
[24] G. Nalinipriya and R. Aswin Kumar, “Extensive medical data
storage with prominent symmetric algorithms on cloud - A protected
framework,” International Conference on Smart Structures and Systems
- Icsss’13, pp. 171–177, Mar. 2013. [Online]. Available: http:
//ieeexplore.ieee.org/lpdocs/epic03/wrapper.htm?arnumber=6623021
Amjad Alsirhani is a PhD student in the faculty
of Computer Science, Dalhousie University, Halifax,
Canada. He received his MS degree in Computer
Science from Dalhousie University in 2014. His
research interests include security and privacy of
cloud computing, mobile cloud computing, Dis-
tributed computing system, and network security.
Peter Bodorik is a Professor at the Faculty of
Computer Science, Dalhousie University where he
has held various positions, such as Director of
Master of Electronic Commerce, Associate Dean
Academic, and Associate Dean Research (Acting).
He has published over seventy refereed papers in
conference and journal venues with concentration
on managing data in distributed systems (transaction
management and querying); electronic commerce (e-
commerce models and bench marking); and privacy
and security with concentration on models and tools
to support privacy on the client and server sides. He has received and
participated in many grants and awards from NSERC, CFI, and industry. Over
seventy graduate students have successfully completed their studies under Dr.
Bodoriks (co)supervision at both the masters and PhD levels.
Srinivas Sampalli is a Professor and 3M National
Teaching Fellow in the Faculty of Computer Sci-
ence, Dalhousie University, Halifax, Nova Scotia,
and brings with him more than 20 years of teaching
and research experience. His interests are in the areas
of security, reliability and applications of emerging
wireless technologies. Specifically, his research work
spans three areas: Emerging wireless technologies
and mobile cloud computing Security and privacy
in wireless networks Smartphone and near field
communication (NFC) apps for healthcare and the
social media. Dr. Sampalli holds a B.Eng. degree from Bangalore University
and a Ph.D. degree from the Indian Institute of Science (IISc.), Bangalore,
India. He also completed a post doctoral fellowship at Concordia University,
Montreal, Canada before taking on a faculty position at Dalhousie University.