International Journal of Scientific Research Engineering & Technology (IJSRET), ISSN 2278 0882

Volume 5, Issue 4, April 2016

AN APPROACH TO ACCESS ENCRYPTED CLOUD DATABASES

1

Bineesha T A, 2Deepa S Kumar

PG Scholar, Department of computer science, College of Engineering Munnar, India
2
Research Scholar, Karpagam University Coimbatore, India

ABSTRACT
Data confidentiality is the main issue while handling
critical data with the cloud provider. Also the data
should be available at rest, in motion and in use.So here
I propose architecture to provide security on cloud. Also
the possibility of executing concurrent operation on
encrypted data is analyzed. This is the solution for
supporting geographically distributed clients to connect
directly to an encrypted cloud data base.They can also
execute concurrent and independent operationincluding
modifying the database structure.The intermediate
proxies that limit the elasticity, availability and
scalability properties are eliminated in the proposed
architecture. Theoretical analysis and experimental
results based on a prototype implementation for different
numbers of clients are required to evaluate the efficiency
of the proposed architecture.
Key words: Cloud computing, Security, Confidentiality,
SecureDBaaS, Databases.

1. INTRODUCTION
Information is placed in third parties, ensuring data
confidentiality, in a cloud context. Plaintext data is
accessible only for trustedparties which do not include
cloud providers, intermediaries, and Internet .Data must
be encrypted in any untrusted context. Several solutions
are there for ensuring confidentiality for the storage as a
service model, while ensuring confidentiality in the
database as a service (DBaaS) model is an open research
area. So here, I propose SecureDBaaS as a solution that
allows cloud tenants to take full advantage of DBaaS
qualities such as availability, reliability, and elastic
scalability. This is achieved without exposing
unencrypted data to the cloud provider. The architecture
design was inspired by allow multiple, independent, and
geographically distributed clients to execute concurrent
operations over the encrypted data, including SQL
statements that modify the database structure to attain
data confidentiality and consistency at the client and
cloud level. SecureDBaaS integrates existing
cryptographic schemes and novel strategies for
management of encrypted metadata on the untrusted
cloud database. So here my intention is to suggest a
solution for data consistency issues due to concurrent
and independent client accesses to encrypted data.

Experiments based on real cloud platforms demonstrate

that SecureDBaaS is immediately applicable to any
DBMS because it requires no modification to the cloud
database services.
One of the major areas of research in cloud is
security. The researchers are focusing on efficient
algorithms and encryption techniques to enhance the
same. Cloud has lot of difficulties when it comes to
Security. Client should not face any problem such as
data loss or data theft. The cloud should be safe from all
the external threats and there must be a mutual
understanding between the client and the provider when
it comes to the security on Cloud. Enhanced choice,
flexibility, operational efficiency and cost savings for
businesses and consumers are offered inclient-pluscloud. Users must be given reliable assurances regarding
the privacy and security of their online data to take full
advantage of these benefits.

2. RELATED WORK
SecureDBaaS provides several features that differentiate
it from earlier work in the field of security for remote
database services.
It ensures data confidentiality by allowing a cloud
database server to execute concurrent SQL
operations,not only read/write, but also
modifications to the database structure, over
encrypted data.
It provides the same availability, elasticity, and
scalability of the original cloud DBaaS due to the
reason that it does not require any intermediate
server. Response times are affected by
cryptographic overheads that for most SQL
operations are masked by network latencies.
Multiple clients can access concurrently and
independently a cloud database service.
It is compatible with the most popular relational
database servers, and it is applicable to different
DBMS implementations.

3. METHODOLOGY
SecureDBaaS store just tenant data in the cloud
database, and save metadata in the client machine [10] or
split metadata between the cloud database and a trusted
proxy [11]. This can be shown with an example, for
metadata synchronization, and practicallyit is difficultto

www.ijsret.org

190

International Journal of Scientific Research Engineering & Technology (IJSRET), ISSN 2278 0882
Volume 5, Issue 4, April 2016

allow multiple clients to access cloud database services

independently. By using trusted proxy the solution is
much more feasible. SecureDBaaS clients can retrieve
the required metadata from the untrusted database
through SQL statements. So that multiple instances of
the SecureDBaaS client can access to the untrusted cloud
database independently with the surety of the same
availability and scalability properties of cloud DBaaS.
Encryption techniques for tenant data and solutions for
metadata management and storage are described in the
following sections.

Fig.1 SecureDBaaS architecture [1].

The above figure describes the overall architecture. The
architecture describes a tenant organization,which
acquires acloud database service from an untrusted
DBaaS provider. The tenant deploys one or more
machines and installs a SecureDBaaS client on each of
them. This allows a user to connect to the cloud DBaaS
to administer it, to read and write data, and even can
create and modify the database tables after creation. The
same security model that is commonly adopted by the
literature in this field is assumed, where tenant users are
trusted, the network is untrusted, and the cloud provider
is honest-but-curious, that is, cloud service operations
are executed correctly, but tenant information
confidentiality is at risk. Due to the above reasons,
tenant data, data structures, and metadata must be
encrypted before exiting from the client. The
information obtained by SecureDBaaS contains plaintext
data, encrypted data, metadata, and encrypted metadata.
Plaintext data contains information that a tenant wants to
store and process remotely in the cloud DBaaS. To limit
an untrusted cloud provider from deviating
confidentiality of tenant data stored in plain form,
SecureDBaaS adopts multiple cryptographic strategies to
convert plaintext data into encrypted tenant data and
encrypted tenant data structures because even the names
of the tables andof their columns should be encrypted.
SecureDBaaS save metadata in the client machine [12]
or split metadata between the cloud database and a
trusted proxy [13]. Solutions based on a trusted proxy
are more feasible, They introduced a system that reduces

availability, elasticity, and scalability of cloud database

services. SecureDBaaS suggests a different approach
where all data and metadata are saved in the cloud
database. SecureDBaaS clients can acquire the necessary
metadata from the untrusteddatabase through
SQLstatements, so that multiple instances of the
SecureDBaaS client can obtain to the untrusted cloud
database independently with the surety of the same
availability and scalability properties of typical cloud
DBaaS. Encryption strategies for tenant data and
solutions for metadata management and storage are
described in the following two sections.
3.1 Data Management
In the cloud database, encrypted tenant data are stored
through secure tables. To allow execution of SQL
queries, each plaintext table is transformed into a secure
table. The name of a secure table is generated
byencrypting the name of the equivalent plaintext table.
Same encryption algorithm and an encryption key can be
used for encrypting the table names and that is known to
all the SecureDBaaS clients. So, the encrypted name can
be computed from the plaintext name. Column names of
secure tables are generated randomly. Even if different
plaintext tables have columns with the same name, the
names of the columns of the corresponding secure tables
might be different. This choice of design improves
confidentiality by preventing an adversarial cloud
database from assuming relations among different secure
tables through the identification of columns having the
same encrypted name.
3.2 Metadata Management
Metadata generated by SecureDBaaS contain all the
information that is necessary to manage SQL statements.
Metadata management techniques represent an original
idea because SecureDBaaS is the first methodology for
storing all metadata in the untrusted cloud database
along with the encrypted tenant data. SecureDBaaS uses
two types of metadata, database metadata includes the
encryption keys that are used for the secure types having
the field confidentiality set to database. The possible
combinations of data type and encryption typeare
associated with all different encryption key.
SecureDBaaS uses two types of metadata.
Database metadata are related to the whole
database and for each database there is only one
instance of this metadata type.
Table metadata are associated with one secure
table and each table metadata contains all
information that is necessary to encrypt and
decrypt data of the secure table.

www.ijsret.org

191

International Journal of Scientific Research Engineering & Technology (IJSRET), ISSN 2278 0882
Volume 5, Issue 4, April 2016

3.3 Operations
There are mainly three types of operations.
Setup Phase, showshow to initialize a
SecureDBaaS architecture from a cloud
databaseservice acquired by a tenant from a
cloud provider.
Sequential SQL Operations deals with the SQL
operations in SecureDBaaS by considering
aninitial simple scenario in which I assume that
the cloud database is accessed by oneclient.
Concurrent SQL Operations deals with the
support to concurrent execution of SQL
statements issued by multiple independent
clients areone of the most important benefits of
SecureDBaaS.

4. RESULTS
A simple database engine is created that provides all the
features such as availability, reliability and elastic
scalability without exposing uncrypted data to the cloud
provider. Original plaintext data should be accessible
only by trusted parties and do not include cloud
providers, intermediaries, and internet. The architecture
allow multiple, independent and geographically
distributed clients to execute concurrent operations on
encrypted data, including SQL queries that modify the
structure of the database and also create any client
application that accessing its service. The SecureDBaaS
architecture is created to cloud platforms and does not
introduce any intermediary proxy or broker server in
between the client and the cloud provider.

5. CONCLUTIONS
The proposed architecture is an innovative one that
ensures confidentiality of data stored in public cloud
databases. A large part of the research provides solutions
to support concurrent SQL queries containing statements
modifying the database structure. An encrypted data
issued by heterogeneous and possibly geographically
distributed clients. Modifications to the cloud database
does not require in the proposed architecture. This is
applicable to existing cloud DBaaS, like experimented
Postgre SQL plus Cloud Database, Windows Azure, and
Xeround.

[3] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R.

Katz, A. Konwinski, G. Lee,D. Patterson, A. Rabkin, I.
Stoicaet al., A view of cloud computing,
Communicationsof the ACM, vol. 53, no. 4, pp. 5058,
2010.
[4] G. Lewis, Basics about cloud computing, Software
Engineering Institute CarniegeMellon University,
Pittsburgh, 2010.
[5] W. Jansen, T. Granceet al., Guidelines on security
and privacy in public cloud computing, NIST special
publication, vol. 800, p. 144, 2011.
[6] A. Potdar, P. Patil, R. Bagla, and R. Pandey,
Security solutions for cloud computing,International
Journal of Computer Applications, vol. 128, no. 16,
2015.
[7] H. Tahir and P. Brezillon, Shared context for
improving collaboration in database administration,
International Journal of Database Management Systems
(IJDMS),vol. 5, no. 2, pp. 1328, 2013.
[8] E. Mykletun and G. Tsudik, Aggregation queries in
the
database-as-a-service
model,inData
and
Applications Security XX. Springer, 2006, pp. 89103.
[9] D. Agrawal, A. El Abbadi, F. Emekci, and A.
Metwally, Database management as aservice:
Challenges
and
opportunities,
in
Data
Engineering,2009. ICDE09.IEEE25th International
Conference on. IEEE, 2009, pp. 17091716.
[10] V. Ganapathy, D. Thomas, T. Feder, H. GarciaMolina, and R. Motwani, Distributing data for secure
database services, in Proceedings of the 4th
International Workshop onPrivacy and Anonymity in the
Information Society. ACM, 2011, p. 8.
[11] A. J. Feldman, W. P. Zeller, M. J. Freedman, and E.
W. Felten, Sporc: Group collaboration using untrusted
cloud resources. in OSDI, vol. 10, 2010, pp. 337350.
[12] R. A. Popa, C. Redfield, N. Zeldovich, and H.
Balakrishnan, Cryptdb: protecting confidentiality with
encrypted query processing, in Proceedings of the
Twenty-ThirdACM Symposium on Operating Systems
Principles. ACM, 2011, pp. 85100.
[13] J. Li, M. N. Krohn, D. Mazieres, and D. Shasha,
Secure untrusted data repository (sundr), in OSDI, vol.
4, 2004, pp. 99.

REFERENCES
[1] L. Ferretti, M. Colajanni, and M. Marchetti,
Distributed, concurrent,
andindependentaccess to
encrypted cloud databases, Parallel and Distributed
Systems, IEEE Transactions on, vol. 25, no. 2, pp. 437
446, 2014.
[2] H. D. Strowd and G. A. Lewis, T-check in systemof-systems technologies: Cloud computing, 2010.
www.ijsret.org

192