CryptoDBaas-A Cryptographic Mechanism used for Efficiently Data Storage in Cloud

DOI : 10.17577/IJERTCONV3IS19192

Download Full-Text PDF Cite this Publication

Text Only Version

CryptoDBaas-A Cryptographic Mechanism used for Efficiently Data Storage in Cloud

Ashish Sharma


AMC Engineering College Bangalore,India

Mr. Doddegowda B J Associate Professor,Dept. Of CSE AMC Engineering College Bangalore,India

Abstract Theoretical the stockpiling of a cloud supplier ought to ensure security and accessibility for the basic information very still, in movement furthermore being used. A few options techniques exist for capacity administrations, however information privacy answers for the database as an administration standard are still extremely youthful. We propose a structural engineering that incorporates cloud database administrations with information privacy which gives probability of executing simultaneous operations on scrambled information. This is the first arrangement supporting geologically disseminated customers that associate straightforwardly to an encoded cloud database, executes simultaneous and free operations including those altering the database structure. The proposed construction modelling has the limit of wiping out moderate intermediaries that cut-off the versatility, accessibility, and adaptability properties. The proficiency of the proposed construction model is assessed through hypothetical investigation and broad trial results, which are taking into account a model usage subject to the TPC-C standard benchmark for diverse quantities of customers and system latencies.

Key Words Cloud, security, confidentiality, SecureDBaaS, database.


    Giving classified to the basic data set in the cloud setting is extremely discriminating and key. These prerequisite powers clear information administration decisions: Just the trusted gatherings must have the capacity to access unique information. Information must be encoded in any outsider setting. Fulfilling these conditions has diverse levels of unpredictability relying upon the kind of cloud administration. There are a few arrangements guaranteeing classified for the capacity as an administration ideal model while ensuring privacy in the database as an administration (DBaaS) standard is still an open exploration region. In this connection, we propose SecureDBaaS as the arrangement that permits cloud inhabitants to exploit DBaaS highlights, for example, accessibility, dependability, and flexible versatility, without uncovering decoded information to the cloud supplier.

    The structural planning configuration was inspired by a triple objective: to permit numerous, free, and

    topographically dispersed customers to execute simultaneous operations on scrambled information, including SQL articulations that alter the database structure; to safeguard information classified and consistent at the customer and cloud level; to dispose of any halfway server between the cloud customer and the cloud supplier. The likelihood of joining accessibility, flexibility, and versatility of a common cloud DBaaS with information secrecy is exhibited through a model of SecureDBaaS that backings the execution of simultaneous and free operations to the remote encoded database from numerous topographically disseminated customers as in any decoded DBaaS setup. To attain to these objectives, SecureDBaaS coordinates existing cryptographic plans, separation instruments, and novel procedures for administration of encoded metadata on the un-trusted cloud database. This paper contains a hypothetical discourse about answers for information consistency issues because of simultaneous and autonomous customer gets to encoded information. In this setting, homomorphic encryption plans can't be utilized without bounds in light of their extreme computational unpredictability. The SecureDBaaS construction modelling is suitable to cloud stages and does not present any go-between intermediary or agent server between the customer and the cloud supplier. Disposing of middle of the road server permits SecureDBaaS to attain to the same accessibility, unwavering quality, and versatility levels of a cloud DBaaS. Different plans in light of middle server(s) were viewed as impracticable for a cloud-based arrangement on the grounds that any intermediary speaks to a solitary purpose of disappointment and a framework bottleneck that restricts the primary advantages (e.g., adaptability, accessibility, and versatility) of a database administration sent on a cloud stage. Dissimilar to SecureDBaaS, architectures depending on a trusted moderate intermediary don't bolster the most average cloud situation where topographically scattered customers can simultaneously issue read/compose operations and information structure alterations to a cloud database. A vast arrangement of tests in light of genuine cloud stages exhibit that SecureDBaaS is promptly appropriate to any DBMS in

    light of the fact that it obliges no adjustment to the cloud database administrations. Different studies where the proposed building design is liable to the TPC-C standard benchmark for distinctive quantities of customers and system latencies demonstrate that the execution of simultaneous read and compose operations not changing the Secure DBaaS database structure is practically identical to that of decoded cloud database. Workloads including adjustments to the database structure are additionally upheld by Secure DBaaS, however at the cost of overheads that appear to be adequate to attain to the wanted level of information secrecy. The inspiration of these outcomes is that system latencies, which are average of cloud situations, have a tendency to veil the execution expenses of information encryption on reaction time. The general finishes of this paper are critical on the grounds that surprisingly they show the relevance of encryption to cloud database benefits as far as practicality and execution.


    SecureDBaaS gives a few unique highlights that makes it not the same as past work. A cloud database server executes simultaneous SQL operations over encoded information, subsequently guarantees information classified. It doesn't oblige any transitional server subsequently it gives same accessibility, flexibility, and adaptability of the first cloud DBaaS

    Different customers who are geologically conveyed can get to cloud database administration. Occupant information and metadata put away in the cloud database are constantly trusted so they needn't bother with Trusted representative or a trusted intermediary. Cryptographic record frameworks and secure stockpiling arrangements are representation of soonest works in this field. Diverse methodologies ensure secrecy by dispersing information among distinctive suppliers and by exploiting mystery offering. In such a way, they keep one cloud supplier to peruse its partition of information, however data can be recreated by conspiring cloud suppliers. SecureDBaaS contrasts from these arrangements as it doesn't oblige the utilization of numerous cloud suppliers and makes utilization of SQL-mindful encryption calculations to backing the execution of most basic SQL operations on for securing information oversaw by un-trusted databases. Since, DBMS can just execute SQL operations over plaintext , the primary issue in such a case is, to the point that cryptographic systems can't be gullibly connected to standard DBaaS.

    Some DBMS motors offer the likelihood of scrambling information at the record framework level through Straightforward Information Encryption highlight. This highlight helps in building a trusted DBMS over un- trusted stockpiling. In any case, the DBMS is trusted and unscrambles information before their utilization. Subsequntly, this methodology is not material to the DBaaS

    connection considered by SecureDBaas, on the grounds that we expect that the cloud supplier is un-trusted. Different arrangements permit the execution of operations over scrambled information. These methodologies protect information in circumstances where the DBMS is deceitful; in any case, they oblige an altered DBMS motor and are not good with DBMS programming (both business and open source) utilized by cloud suppliers. Then again, Secure DBaaS is good with standard DBMS motors, and permits occupants to manufacture secure cloud databases by utilizing cloud DBaaS benefits officially accessible. Along these lines, Secure-DBaaS is more identified with [9] and [8] that save information in un-trusted DBMSs through encryption systems, permit the execution of SQL operations over scrambled information, and are good with normal DBMS motors. Notwithstanding, the structural engineering of these arrangements is in view of a moderate and trusted intermediary that intervenes any cooperation between every customer and the un-trusted DBMS server. The methodology proposed in [9] by the creators of the DBaaS model [6] meets expectations by scrambling squares of information rather than every information thing. At whatever point an information thing fitting in with square is obliged, the trusted intermediary needs to recover the entire piece to unscramble it and to channel out superfluous information that have a place with the same square. As an outcome, this configuration decision needs overwhelming alterations of the first SQL operations delivered by every customer, accordingly driving noteworthy overheads on both the DBMS server and the trusted intermediary. Different works [10],

    [11] present advancement and speculation that expand the subset of SQL administrators bolstered by [9], however they have the same intermediary based structural planning and its natural issues. Then again, SecureDBaaS permits the execution of operations over scrambled information through SQL-mindful encryption calculations. This system, at first proposed in CryptDB [8], makes it conceivable to execute operations over scrambled information that are like operations over plaintext information. By and large, the inquiry arrangement executed for encoded and plaintext information is same by the DBMS. The dependence on a trusted intermediary that describe [9] and [8] encourages the usage of a protected DBaaS, and is appropriate to multitier web applications, which are their primary core interest. On the other hand, it causes a few disadvantages. Since the intermediary is believed, its capacities can't be outsourced to an untrusted cloud supplier. Thus, cloud inhabitant actualizes and deals with the intermediary Accessibility, versatility, and flexibility of the entire secure DBaaS administration are then limited by accessibility, adaptability, and flexibility of the trusted intermediary that turns into a solitary purpose of disappointment and a framework bottleneck. Since high

    accessibility, versatility, and flexibility are among the preeminent reasons that prompt the appropriation of cloud administrations, this limit frustrates the material of [9] and [8] to the cloud database situation. Without the need of any middle segment and without presenting new bottlenecks and single purposes of disappointment customers interface straightforwardly to the cloud DBaaS. An intermediary based building design obliging that any customer operation ought to go through one transitional server is not suitable to cloud- based situations, in which different customers, ordinarily conveyed among distinctive areas, need simultaneous access to information put away in the same DBMS. Then again, Secure DBaaS backings disseminated customers issuing autonomous and simultaneous SQL operations to the same database and perhaps to the same information. Secure DBaaS expands our preparatory studies [19] demonstrating that information consistency can be ensured for a few operations by utilizing concurrency disconnection instruments executed in DBMS motors, and recognizing the base separation level needed for those announcements. Besides, we now consider hypothetically and tentatively a complete arrangement of SQL operations spoke to by the TPC-C standard benchmark [20], notwithstanding different customers and distinctive customer cloud system latencies that were never assessed in the writing.

    Fig1: System Architecture


    In this paper , SecureDBaaS is intended to permit various and autonomous customers to interface straightforwardly to the un-trusted cloud DBaaS with no moderate server. Fig. 1 depicts the general building design. We expect that an occupant association gets a cloud database administration from an un-trusted DBaaS supplier. The inhabitant then sends one or more machines (Customer 1 through N) and introduces a SecureDBaaS customer on each of them. Client can be joined with the cloud DBaaS to regulate it, to peruse and compose information .Client can even make and adjust the database tables after creation. We expect the same security demonstrate that is generally embraced by the writing in this field (e.g., [8], [9]), where inhabitant clients are trusted, and the system is un-trusted, and the cloud

    supplier is fair yet inquisitive, that is, cloud administration operations are executed effectively, however occupant data privacy is at danger. Consequently, occupant information, information structures, and metadata must be scrambled before leaving from the customer. Secure DBaaS can oversee plaintext information, scrambled information, metadata, and encoded metadata. Plaintext information comprise of data that an inhabitant needs to store and process remotely in the cloud DBaaS. To keep an un-trusted cloud supplier from damaging secrecy of occupant information put away in plain structure, Secure DBaaS embraces various cryptographic procedures to change plaintext information into scrambled inhabitant information and encoded inhabitant information structures in light of the fact that even the names of the tables and of their segments must be scrambled. Secure DBaaS customers deliver likewise an arrangement of metadata comprising of data needed to encode and decode information and in addition other organization data. Indeed metadata are scrambled and put away in the cloud DBaaS.

    1. Data Management

      We accept that occupant information are spared in a social database. The table and segment names may yield data about spared information so we have to save the classified of the put away information. We recognize the methods for encoding the database structures and the inhabitant information. Scrambled occupant information are put away through secure tables into the cloud database. To permit straightforward execution of SQL explanations, every plaintext table is changed into a protected table in light of the fact that the cloud database is un-trusted. The name of a protected table is produced by encoding the name of the comparing plaintext table. Table names are encoded by method for the same encryption calculation and an encryption key that is known to all the SecureDBaaS customers. Subsequently, plaintext name can be utilized to register the encoded name. Then again, SecureDBaas arbitrarily produces segment names of secure tables. Consequently, regardless of the possibility that diverse plaintext tables have sections with the same name, the names of the segments of the comparing secure tables are distinctive. This configuration decision enhances privacy by keeping an antagonistic cloud database from speculating relations among distinctive secure tables through the ID of sections having the same scrambled name. Secure DBaaS permits inhabitants to influence the computational force of un-trusted cloud databases by making it conceivable to execute SQL articulations remotely and over encoded occupant information, albeit remote preparing of scrambled information is conceivable to the degree permitted by the encryption arrangement. To this reason, Secure DBaaS augments the idea of information sort that is connected with every section of a customary database by presenting the protected sort. By picking a protected sort for every section of a safe table, an occupant can characterize fine-grained encryption arrangements, subsequently coming to the wanted exchange off between information privacy and remote transforming capacity. A protected sort is made out of three

      fields: information sort, encryption sort, and field classified. The blend of the encryption sort and of the field privacy parameters characterizes the encryption strategy of the related segment.

      This mechanism has the benefit of allowing clients to access each metadata independently, which is an important feature in concurrent environments. In addition, Secure DBaaS clients can use caching policies to reduce the bandwidth overhead.

      B . Metadata Management

      SecureDBaaS generates Metadata that contain all the information that is necessary to manage SQL statements over the encrypted database in a way transparent to the user. Metadata management strategies represent an original idea because Secure DBaaS is the first architecture storing all metadata in the untrusted cloud database together with the encrypted tenant data.

      This mechanism has the benefit of allowing clients to access each metadata independently, which is an important feature in concurrent environments. In addition, SecureDBaaS clients can use caching policies to reduce the bandwidth overhead.


    In the proposed system we introduce a key scheme. In this a key will be generated at the time of user registration. The key will be divided into two parts. One part of the key will be at admin side and other part will be at owner side. For each user key will be distributed. When a user login he has to enter his half key. It will be then sent to admin. Now admin will verify half key with the key provided by owner. Then this key will be send to data owner. Now by using two parts of the key, owner will generate the whole key. By using the whole key owner will get to know which key is used to encrypt which row of the table and also table name, row name and column name.

      1. ALGORITHMS Matrix algorithm

        Input: Random key, mesg

        Output: Cypher text

        Step1: create a 2D array whose length of the array will be key size and 13.

        Step2: Add possible alphabets inside the array. Size of array a[key lenght][13].

        Step 3: Start a for loop start for message first later to the last later.

        Step 4: now match the mesg with the matrix value. If( The character matches with the matrix value) (x,y)= fetch the column and row for the characters

        Step 5: After that fetch the corresponding key character Step 6: concatenate the key and (x,y) value

        Step 7: return to step 3 until end of the mesg.

      2. Diffie Hellman Algorithm

    Step 1: Select prime number q

    Step 2: Select a primitive root of prime number a such that a<q

    Step 3: Select private key of user A , XA such that XA <q

    XA=Ag mod p Step 4: Calculate public key YA

    Step 5: Select private key of user B, XB such that XB <q

    XB=Bg mod p Step 6: Calculate public key YB

    Step7: Generate secret key of A and B and match both the keys.


    Providing more security to the database by introducing a new feature of key distribution between owner and the user so that admin also not able to find out the content and the information of the database.

    Fig. 5: Encrypted database

    Fig. 6 Encrypted Table

    Fig. 7: CryptoDB Performance comparison between existing system and proposed system


      In this paper an imaginative building design is proposed which ensures classified of information put away in broad daylight cloud. The arrangement does not depend on a middle of the road intermediary which is the purpose of disappointment and a bottleneck restricting accessibility and versatility of ordinary cloud database administrations. The proposed structural engineering does not oblige alterations to the cloud database, and it is promptly material to existing cloud DBaaS. The key plan will give security to the information put away in the cloud


      The author would like to thank Mr. Doddegowda B J Associate Professor of the VTU at Bangalore for his constructive comments on preliminary versions of this paper.


      [1]. M. Armbrust et al., A View of Cloud Computing, Comm. of the ACM, vol. 53, no. 4, pp. 50-58, 2010.

      [2]. W. Jansen and T. Grance, Guidelines on Security and Privacy in Public Cloud Computing, Technical Report Special Publication 800- 144, NIST, 2011.

      [3]. A.J. Feldman, W.P. Zeller, M.J. Freedman, and E.W. Felten, SPORC: Group Collaboration Using Untrusted Cloud Resources, Proc. Ninth USENIX Conf. Operating Systems Design and Implementation, Oct. 2010.

      [4]. J. Li, M. Krohn, D. Mazie`res, and D. Shasha, Secure Untrusted Data Repository (SUNDR), Proc. Sixth USENIX Conf. Opearting Systems Design and Implementation, Oct. 2004.

      [5]. P. Mahajan, S. Setty, S. Lee, A. Clement, L. Alvisi, M. Dahlin, and M. Walfish, Depot: Cloud Storage with Minimal Trust, ACM Trans. Computer Systems, vol. 29, no. 4, article 12, 2011.

      [6]. H. Hacigu¨mu¨ s¸, B. Iyer, and S. Mehrotra, Providing Database as a Service, Proc. 18th IEEE Intl Conf. Data Eng., Feb. 2002.

      [7]. C. Gentry, Fully Homomorphic Encryption Using Ideal Lattices, Proc. 41st Ann. ACM Symp. Theory of Computing, May 2009.

      [8]. R.A. Popa, C.M.S. Redfield, N. Zeldovich, and H. Balakrishnan, CryptDB: Protecting Confidentiality with Encrypted Query Processing, Proc. 23rd ACM Symp. Operating Systems Principles, Oct. 2011.

      [9]. H. Hacigu¨mu¨ s¸, B. Iyer, C. Li, and S. Mehrotra, Executing SQL over Encrypted Data in the Database-Service-Provider Model, Proc. ACM SIGMOD Intl Conf. Management Data, June 2002.

      [10]. J. Li and E. Omiecinski, Efficiency and Security Trade-Off in Supporting Range Queries on Encrypted Databases, Proc. 19th Ann. IFIP WG 11.3 Working Conf. Data and Applications Security, Aug. 2005.

      [11]. E. Mykletun and G. Tsudik, Aggregation Queries in the Database-as- a-Service Model, Proc. 20th Ann. IFIP WG 11.3Working Conf. Data and Applications Security, July/Aug. 2006.

      [12]. D. Agrawal, A.E. Abbadi, F. Emekci, and A. Metwally, Database Management as a Service: Challenges and Opportunities, Proc. 25th IEEE Intl Conf. Data Eng., Mar.-Apr. 2009.

    2. Ganapathy, D. Thomas, T. Feder, H. Garcia-Molina, and

R. Motwani, Distributing Data for Secure Database Services, Proc. Fourth ACM Intl Workshop Privacy and Anonymity in the Information Soc., Mar. 2011.

Leave a Reply