Enabling Encrypted Rich Queries in Distributed Key Values Stores

Download Full-Text PDF Cite this Publication

Text Only Version

Enabling Encrypted Rich Queries in Distributed Key Values Stores

N. Aravinda


Department of C.S.E Svu College of CM & CS


Dr. E. Keshavulu Reddy Asst. Professor Department of C.S.E

SVU College of CM & CS Tirupathi

Abstract:- To accommodate large digital statistics, dispensed data shops have grown to be the main answer for cloud offerings. Among others, key-value shops are widely adopted because of their advanced performance. But with the rapid growth of cloud storage, there are growing worries approximately facts privacy. In this, we design and build EncKV, an encrypted and dispensed key-price save with wealthy question aid. First, EncKV partitions records information with secondary attributes into a fixed of encrypted key-cost pairs to cover members of the family among facts values. Second, EncKV uses the present day cryptographic strategies for searching on encrypted records, i.e., searchable symmetric encryption (SSE) and order- revealing encryption (ORE) to help comfortable actual-in shape and variety-healthy queries, respectively. It further employs a framework for encrypted and dispensed indexes supporting query processing in parallel. To deal with inference assaults on ORE, EncKV is ready with an enhanced ORE scheme with reduced leakage. For sensible concerns, EncKV additionally permits at ease machine scaling in a minimally intrusive manner. We entire the prototype implementation and deploy it on Amazon Cloud. Experimental effects affirm that EncKV preserves the performance and scalability of dispensed key-value shops.

Keywords: Encrypted Key-value Store, Searchable Encryption, and Order-revealing Encryption.


    So as to deal with the constantly developing measure of information, circulated key-esteem (KV) stores have become the foundation of numerous open cloud administrations. Their surely knew preferences incorporate superior, straight adaptability, ceaseless accessibility, and even extraordinary possibilities of significant level help on rich inquiries and various information models, as found in various proposition and usage of late KV stores. Be that as it may, with the developing information breaks, protection worries in information re-appropriating become significantly more squeezing than previously. Ongoing works from both cryptographic point of view, and database viewpoint, gave arrangements tradeoffs among security, proficiency, and question usefulness. However, the majority of them center on the setting of an incorporated or legitimately brought together server. They don't explicitly consider the highlights and the prerequisites in present day KV stores. As known, KV stores are most likely the least difficult information stockpiling framework, which stores sets of essential keys and information esteems, and permits

    to get to information esteems when an essential key is given. To profit an assortment of information driven applications, current KV stores give more elevated level highlights. As one promising component, numerous more extravagant information models, for example, segment arranged, archive and diagram information are upheld over one joined KV store. This component facilitates the operational multifaceted nature for applications that require more than one arrangement of information. For the other well-known component, numerous KV stores take into consideration the information get to from essential keys, yet in addition from different qualities of information by means of optional lists, to empower progressively effective information access and rich questions Although promising, building an encoded, circulated KV stores still face holes and experience difficulties, particularly for safeguarding the above notable highlights in a security saving way. One clear approach is to legitimately store encoded information alongside the (conceivably randomized) information identifier/mark. Be that as it may, it just permits constrained encoded information recovery by the identifier/mark, keeping from every conceivable inquiry by means of other auxiliary properties of information. Also, this methodology doesn't consider the help of numerous information models. Another apparently conceivable methodology is to treat KV stores as a discovery word reference, and to fabricate an encoded auxiliary record, similar to the one proposed by yet this immediate mix, however marginally improving the primary methodology by constraining the question backing to the scrambled list configuration, would unavoidably experience the ill effects of secure inquiries with long idleness. Since they treat the conveyed KV store as a black boxdictionary, the information region in the encoded question preparing can scarcely be protected. As such, the hub where the file is gotten to could be not the same as the hub where the coordinated information are put away.


    1. Dependable and secure storage in a cloud-of- clouds

      The expanding ubiquity of distributed storage administrations has lead organizations that handle basic information to consider utilizing these administrations for their stockpiling needs. Therapeutic record databases, control framework verifiable data and money related

      information are a few instances of basic information that could be moved to the cloud. In any case, the unwavering quality and security of information put away in the cloud still stay significant concerns. In this paper we present DEPSKY, a framework that improves the accessibility, trustworthiness and privacy of data put away in the cloud through the encryption, encoding and replication of the information on different mists that structure a haze of- mists. We sent our framework utilizing four business mists and utilized Planet Lab to run customers getting to the administration from various nations. We saw that our conventions improved the apparent accessibility and, much of the time, the entrance inertness when contrasted and cloud suppliers exclusively.

    2. Processing analytical queries over encrypted data MONOMI is a framework for safely executing systematic outstanding tasks at hand over delicate information on an untrusted database server. MONOMI works by encoding the whole database and running questions over the scrambled information. MONOMI presents split customer/server inquiry execution, which can execute discretionarily complex questions over scrambled information, just as a few systems that improve execution for such remaining burdens, including per-push precipitation, space-effective encryption, gathered homomorphism expansion, and pre-separating. Since these improvements are beneficial for certain inquiries yet not others, MONOMI presents an architect for picking a productive physical structure at the server for a given remaining task at hand, and an organizer to pick a proficient execution plan for a given inquiry at runtime.

    3. A trusted hardware based database with privacy and data confidentiality

    Generally, when privacy turns into a worry, information are encoded before re-appropriating to a specialist organization. Any product based cryptographic builds at that point sent, for server-side question preparing on the scrambled information, intrinsically limit inquiry expressiveness. Here, we present TrustedDB, a redistributed database model that enables customers to execute SQL questions with security and under administrative consistence requirements by utilizing server- facilitated, carefully designed believed equipment in basic inquiry handling stages, along these lines evacuating any restrictions on the kind of upheld inquiries. Regardless of the cost overhead and execution confinements of confided in equipment, we show that the expenses per inquiry are requests of greatness lower than any (current or) potential future programming just systems. TrustedDB is assembled and runs on genuine equipment, and its exhibition and expenses are assessed here.


    The essential upgrades are abridged as pursues: Firstly, we improve our ORE scheme proposed in the gathering variant to additionally decrease the spillage in extend inquiries. Such improvement viably mitigates the existing attacks on ORE. Furthermore, we detail the convention for record addition, though just the sketch of this activity was

    appeared in the gathering form. Thirdly, we structure new conventions for secure framework scaling that fit inside the common sense domain. Fourth, we re-try every one of the trials, broaden the exhibition assessment, just as performing inquiry execution examination with the plaintext system and prior works.

    A. Proposed System

    Our system is built on top of a recently proposed encrypted KV store. This earlier work has two highlights. Initially, it gives an answer that safely parcels the encoded information and conveys them over different hubs to protect superior and direct versatility. Second, it devises a structure for scrambled and circulated files that help secure and proficient questions on optional properties of information records. By utilizing its structure theory, we cautiously coordinate EncKV's file plan with this system to help secure rich questions.


    In this, we present the structures of EncKV's scrambled lists for secure accurate match and range-coordinate inquiries, just as the comparing question conventions following the file developments. Highlights, for example, information movement, gradual updates, and group inquiries are likewise presented for down to earth and security contemplations.

    1. The Underlying Encrypted KV Store

      Our framework is based over an as of late proposed scrambled KV store. This earlier work has two highlights. To start with, it gives an answer that safely parcels the scrambled information and circulates them over numerous hubs to safeguard superior and direct versatility. Second, it devises a structure for scrambled and appropriated lists that help secure and productive questions on auxiliary qualities of information records. By utilizing its plan theory, we cautiously coordinate EncKV's file structure with this system to help secure rich inquiries. Outlines how a section situated informational collection is embedded into EncKV. Note that other information models, for example, records and diagrams are likewise upheld as shown in [16]. In particular, for every KV pair (l,

      1. with name l and worth v, EncKV ensures it as a pseudo- irregular mark and a scrambled value:hl, vi = hP(kl , C||R), E(kv, v)i, where P is a protected PRF, kl , kv are private keys, R is the record ID (essential key), C is a segment (auxiliary) trait, v is an incentive on C, and E is a symmetric encryption calculation. To protect the information territory during the inquiries, EncKV utilizes the interesting record ID R as the mark for parcel. This methodology permits the scrambled qualities for a given record are put away at a similar hub, while securing both the mapping and worth relations of each record. Note that the record IDs can be put away at either the customer or server hubs in cipher texts for framework scaling

    2. Range-match Index and Query Protocol

    In current writing, a solid possibility for secure range inquiry is organization uncovering encryption (ORE), which is first presented by ORE has two preferences while OPE doesn't have. Initial, an ORE plot

    enables an openly calculable capacity to look at two figure writings, which doesn't limit the structure of the figure content space. Second, assailants who can just access the ORE cipher text won't determine any helpful data because of its semantic security. As of late, proposed the main handy ORE conspire that accomplishes an equalization on security and proficiency. The center thought of their plan is to part a message into bit obstructs with equivalent length, and lead scrambled correlation from the principal squares of two messages. Be that as it may, their plan is conventional and uncovers the request relations of thought about figure writings. Moreover, the record of the principal bit obstruct that contrasts is uncovered between two figure writings. Late spillage misuse assaults show that the above data could be abused to recoup the fundamental estimations of the figure writings. Roused by the perceptions over, we will probably plan an ORE plot that acquaints less spillage contrasted and the current ones. To this end, our plan instinct lies in the accompanying two perspectives. To start with, we intend to shroud the request relations in questions and results. This property is accomplished in our gathering adaptation by tokenizing the requests in ORE figure writings. In particular, the messages are encoded into figure content squares, where each square implants its worth's trait, sub record esteems, and tokens of the request relations. Thus, the servers learn neither the request for fundamental ORE figure writings, nor whether two questions are directed in a similar request condition if the inquiry properties are unique. Second, we intend to shroud the list of the primary various squares of two ORE figure writings. Propelled with Conspire in, this can be accomplished by arbitrary change. In any case, their development is based on bilinear mapping, which is totally not the same as our present plan. Step by step instructions to use irregular stage on square figure writings presents two difficulties. The principal challenge is to save the rightness of the ORE examination. The first plan requires the correlation with be directed squares by squares, and essentially permuting those squares could cause crisscrosses. To take care of this issue, our perception is that there exists one and only one sub square coordinated during the examination. In this manner, we propose to implant the hash estimation of each square's whole prefix into the square cipher text. Note that the first plan installs the past square into the figure content. Because of the uniqueness of the prefix in each square, the token coordinating activity can in any case accurately be performed even squares are rearranged the subsequent test is to guarantee the security of the ORE examination. Note that direct applying secure change on the scrambled squares still uncovers the square uniformity in every examination. At that point the assailant can discover the record of the first contrasting square by tallying what number of coordinated squares share practically speaking. To lessen this spillage, we expel the fairness data in each square and supplant it with a spurious worth. In this way, the server can't coordinate the equivalent seem during the examination.


EncKV is a practically rich key-esteem store that can deal with enormous volumes of scrambled information records with ensured information security. It use the most recent down to earth natives for looking over encoded information (i.e., SSE and ORE) and gives scrambled neighborhood files to help careful match and range- coordinate inquiries by means of optional properties of information records. EncKV's model is conveyed on a Redis group. The broad investigations for execution assessment affirm that it jelly points of interest in existing conveyed information stores, for example, high throughput and straight adaptability.


    1. G. Aggarwal, M. Bawa, P. Ganesan, H. Garcia-molina, K. Kenthapadi, R. Motwani, U. Srivastava, D. Thomas, and Y. Xu. Two can keep a secret: A distributed architecture for secure database services. In Proc. of CIDR, 2005.

    2. A. Bessani, M. Correia, B. Quaresma, F. Andr´e, and P. Sousa. Depsky: dependable and secure storage in a cloud-of-clouds. ACM TOS, 9(4):12, 2013.

    3. A. Boldyreva, N. Chenette, and A. ONeill. Order-preserving encryption revisited: Improved security analysis and alternative solutions. In Proc. of CRYPTO. Springer, 2011.

    4. D. Cash, P. Grubbs, J. Perry, and T. Ristenpart. Leakage-abuse attacks against searchable encryption. In Proc. of ACM CCS, 2015.

    5. D. Cash, J. Jaeger, S. Jarecki, C. Jutla, H. Krawczyk, M.-C. Rosu, and M. Steiner. Dynamic searchable encryption in very large databases: Data structures and implementation. In Proc. of NDSS, 2014.

    6. M. Chase and S. Kamara. Structured encryption and controlled disclosure. In Proc. of ASIACRYPT, 2010.

    7. S. Chow, J.-H. Lee, and L. Subramanian. Two-party computation model for privacy-preserving queries over distributed databases. In Proce. of NDSS, 2009.

    8. V. Ciriani, S. D. C. D. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, and P. Samarati. Combining fragmentation and encryption to protect privacy in data storage. ACM TISSEC, 13(3):22, 2010.

    9. B. F. Cooper, A. Silberstein, E. Tam, R. Ramakrishnan, and R. Sears. Benchmarking cloud serving systems with YCSB. In Proc. of the 1st ACM symposium on Cloud computing, 2010.

    10. R. Curtmola, J. A. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: Improved definitions and efficient constructions. Journal of Computer Security, 19(5):895 934, 2011.

    11. G. DeCandia, D. Hastorun, M. Jampani, G. Kakulapati, A. Lakshman, A. Pilchin, S. Sivasubramanian, P. Vosshall, and W. Vogels. Dynamo: amazons highly available key-value store. In Proc. of ACM SOSP, 2007.

    12. R. Escriva, B. Wong, and E. G. Sirer. Hyperdex: A distributed, searchable key-value store. In Proc. of ACM SIGCOMM, 2012.

    13. FoundationDB. Foundationdb: Data modeling. Online at http://www.odbms.org/wp-content/uploads/2013/ 11/data- modeling.pdf, 2013.

    14. FoundationDB. A rock-solid, high performance database that provides nosql and sql access. Online at https://foundationdb.com/, 2015.

    15. F. Hahn and F. Kerschbaum. Searchable encryption with secure and efficient updates. In Proc. of ACM CCS, 2014.

    16. HBase. The hadoop database, a distributed, scalable, big data store. Online at http://hbase.apache.org, 2010.

    17. InfoWorld. The rise of the multimodel database. Online at http://www.infoworld.com/article/2861579/ database/the-rise-of- the-multimodel-database.html, 2015. [18] M. Islam, M. Kuzu, and M. Kantarcioglu. Access pattern disclosure on searchable encryption: Ramification, attack and mitigation. In Proc. of NDSS, 2012.

Leave a Reply

Your email address will not be published. Required fields are marked *