searchable security scheme for cloud nosqlcs.ucf.edu/~ahmadian/pubs/proposal presentation.pdf ·...
Post on 29-May-2020
7 Views
Preview:
TRANSCRIPT
Searchable Security Scheme for Cloud NoSQL
Mohammad Ahmadianahmadian@knights.ucf.edu
Advisor: Professor Dan C. MarinescuUniversity of Central Florida
September 16, 2017
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 1 / 48
Goal
Research goal is to find an answer to:
Is it possible to delegate processing of a private data tothird-party without getting revealed?
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 2 / 48
Outline I
1 Introduction And MotivationCloud Relational DatabaseCloud Data Storage And Management ComponentsCloud NoSQLData Models For NoSQLCryptosystems For Outsourced Data Store
2 RELATED WORK
3 RESEARCH OBJECTIVES AND APPROACHResearch ObjectivesThreat ModelJSON And BSON
4 CURRENT WORK AND PRELIMINARY RESULTSSecureNoSQL
5 Research PlanWork In Progress And Tasks Time Table
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 3 / 48
Introduction And Motivation
Database as a Service (DBaaS)
Database as a Service (DBaaS) is a cloud-based approach to the storageand management of structured data. DBaaS delivers databasefunctionality similar to what is found in on-premise database managementsystems such as relational and non-relational database systems.
Cloud Relational Database
Searchable Security Scheme for RDBMS DatabasesCloud Data Storage And Management Components
Cloud NoSQL Databases
Data Models For NoSQL DatabasesSearchable Security Scheme For NoSQL Databases
Crypto-systems For Outsourced Data Store
Leakage Proof Data Processing In Public Cloud
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 4 / 48
Introduction And Motivation
Database as a Service (DBaaS)
Database as a Service (DBaaS) is a cloud-based approach to the storageand management of structured data. DBaaS delivers databasefunctionality similar to what is found in on-premise database managementsystems such as relational and non-relational database systems.
Cloud Relational Database
Searchable Security Scheme for RDBMS DatabasesCloud Data Storage And Management Components
Cloud NoSQL Databases
Data Models For NoSQL DatabasesSearchable Security Scheme For NoSQL Databases
Crypto-systems For Outsourced Data Store
Leakage Proof Data Processing In Public Cloud
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 4 / 48
Introduction And Motivation
Database as a Service (DBaaS)
Database as a Service (DBaaS) is a cloud-based approach to the storageand management of structured data. DBaaS delivers databasefunctionality similar to what is found in on-premise database managementsystems such as relational and non-relational database systems.
Cloud Relational Database
Searchable Security Scheme for RDBMS DatabasesCloud Data Storage And Management Components
Cloud NoSQL Databases
Data Models For NoSQL DatabasesSearchable Security Scheme For NoSQL Databases
Crypto-systems For Outsourced Data Store
Leakage Proof Data Processing In Public Cloud
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 4 / 48
Introduction And Motivation
Database as a Service (DBaaS)
Database as a Service (DBaaS) is a cloud-based approach to the storageand management of structured data. DBaaS delivers databasefunctionality similar to what is found in on-premise database managementsystems such as relational and non-relational database systems.
Cloud Relational Database
Searchable Security Scheme for RDBMS DatabasesCloud Data Storage And Management Components
Cloud NoSQL Databases
Data Models For NoSQL DatabasesSearchable Security Scheme For NoSQL Databases
Crypto-systems For Outsourced Data Store
Leakage Proof Data Processing In Public Cloud
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 4 / 48
Introduction And Motivation
Database as a Service (DBaaS)
Database as a Service (DBaaS) is a cloud-based approach to the storageand management of structured data. DBaaS delivers databasefunctionality similar to what is found in on-premise database managementsystems such as relational and non-relational database systems.
Cloud Relational Database
Searchable Security Scheme for RDBMS DatabasesCloud Data Storage And Management Components
Cloud NoSQL Databases
Data Models For NoSQL DatabasesSearchable Security Scheme For NoSQL Databases
Crypto-systems For Outsourced Data Store
Leakage Proof Data Processing In Public Cloud
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 4 / 48
Introduction And Motivation
Database as a Service (DBaaS)
Database as a Service (DBaaS) is a cloud-based approach to the storageand management of structured data. DBaaS delivers databasefunctionality similar to what is found in on-premise database managementsystems such as relational and non-relational database systems.
Cloud Relational Database
Searchable Security Scheme for RDBMS DatabasesCloud Data Storage And Management Components
Cloud NoSQL Databases
Data Models For NoSQL DatabasesSearchable Security Scheme For NoSQL Databases
Crypto-systems For Outsourced Data Store
Leakage Proof Data Processing In Public Cloud
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 4 / 48
Introduction And Motivation
Database as a Service (DBaaS)
Database as a Service (DBaaS) is a cloud-based approach to the storageand management of structured data. DBaaS delivers databasefunctionality similar to what is found in on-premise database managementsystems such as relational and non-relational database systems.
Cloud Relational Database
Searchable Security Scheme for RDBMS DatabasesCloud Data Storage And Management Components
Cloud NoSQL Databases
Data Models For NoSQL DatabasesSearchable Security Scheme For NoSQL Databases
Crypto-systems For Outsourced Data Store
Leakage Proof Data Processing In Public Cloud
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 4 / 48
Introduction And Motivation
Database as a Service (DBaaS)
Database as a Service (DBaaS) is a cloud-based approach to the storageand management of structured data. DBaaS delivers databasefunctionality similar to what is found in on-premise database managementsystems such as relational and non-relational database systems.
Cloud Relational Database
Searchable Security Scheme for RDBMS DatabasesCloud Data Storage And Management Components
Cloud NoSQL Databases
Data Models For NoSQL DatabasesSearchable Security Scheme For NoSQL Databases
Crypto-systems For Outsourced Data Store
Leakage Proof Data Processing In Public Cloud
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 4 / 48
Introduction- Cloud Relational Database
Cloud storage is cost-effective, but it poses significant security andprivacy risks.
The owner of the data has no longer control on where it is stored andhow it is protected against unauthorized access.
For instance, AWS offers an array of flexible and affordable datamanagement services including Simple Storage Service (S3), SimpleDB,RDS1, Elastic Compute Cloud (EC2) and DynamoDB.
1Amazon Relational Database ServiceMohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 5 / 48
Introduction- Cloud Data Storage And ManagementComponents
Amazon Simple Storage Service (AWS S3)AWS S3 uses a simple data model:
Objects: like files, contain data and metadata but, objects are notorganized in a hierarchy and every object exists at the same level.Buckets: a logical unit of storage used to store objects
Only authenticated user have access to Amazon S3.Access control does not provide protection for S3 data againstmalicious insider. Encryption can be applied for the stored data toprotect from the cloud internal.
Amazon Elastic Compute Cloud (EC2)EC2 uses the public key part of the key pair associated with the AWSaccount to secure login, so that only someone with the correspondingprivate key can access to the EC2 instance. In addition, by usingconcept of security group that are basically collections of rules thetraffic of EC2 instance is manageable.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 6 / 48
Introduction- Cloud Data Storage And ManagementComponents
Amazon Simple Storage Service (AWS S3)AWS S3 uses a simple data model:
Objects: like files, contain data and metadata but, objects are notorganized in a hierarchy and every object exists at the same level.Buckets: a logical unit of storage used to store objects
Only authenticated user have access to Amazon S3.Access control does not provide protection for S3 data againstmalicious insider. Encryption can be applied for the stored data toprotect from the cloud internal.
Amazon Elastic Compute Cloud (EC2)EC2 uses the public key part of the key pair associated with the AWSaccount to secure login, so that only someone with the correspondingprivate key can access to the EC2 instance. In addition, by usingconcept of security group that are basically collections of rules thetraffic of EC2 instance is manageable.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 6 / 48
Introduction- Cloud Data Storage And ManagementComponents
Amazon Simple Storage Service (AWS S3)AWS S3 uses a simple data model:
Objects: like files, contain data and metadata but, objects are notorganized in a hierarchy and every object exists at the same level.Buckets: a logical unit of storage used to store objects
Only authenticated user have access to Amazon S3.Access control does not provide protection for S3 data againstmalicious insider. Encryption can be applied for the stored data toprotect from the cloud internal.
Amazon Elastic Compute Cloud (EC2)EC2 uses the public key part of the key pair associated with the AWSaccount to secure login, so that only someone with the correspondingprivate key can access to the EC2 instance. In addition, by usingconcept of security group that are basically collections of rules thetraffic of EC2 instance is manageable.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 6 / 48
Introduction- Cloud Data Storage And ManagementComponents
Amazon Simple Storage Service (AWS S3)AWS S3 uses a simple data model:
Objects: like files, contain data and metadata but, objects are notorganized in a hierarchy and every object exists at the same level.Buckets: a logical unit of storage used to store objects
Only authenticated user have access to Amazon S3.Access control does not provide protection for S3 data againstmalicious insider. Encryption can be applied for the stored data toprotect from the cloud internal.
Amazon Elastic Compute Cloud (EC2)EC2 uses the public key part of the key pair associated with the AWSaccount to secure login, so that only someone with the correspondingprivate key can access to the EC2 instance. In addition, by usingconcept of security group that are basically collections of rules thetraffic of EC2 instance is manageable.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 6 / 48
Introduction- Cloud Data Storage And ManagementComponents
Amazon Simple Storage Service (AWS S3)AWS S3 uses a simple data model:
Objects: like files, contain data and metadata but, objects are notorganized in a hierarchy and every object exists at the same level.Buckets: a logical unit of storage used to store objects
Only authenticated user have access to Amazon S3.Access control does not provide protection for S3 data againstmalicious insider. Encryption can be applied for the stored data toprotect from the cloud internal.
Amazon Elastic Compute Cloud (EC2)EC2 uses the public key part of the key pair associated with the AWSaccount to secure login, so that only someone with the correspondingprivate key can access to the EC2 instance. In addition, by usingconcept of security group that are basically collections of rules thetraffic of EC2 instance is manageable.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 6 / 48
Introduction- Cloud Data Storage And ManagementComponents
Amazon Simple Storage Service (AWS S3)AWS S3 uses a simple data model:
Objects: like files, contain data and metadata but, objects are notorganized in a hierarchy and every object exists at the same level.Buckets: a logical unit of storage used to store objects
Only authenticated user have access to Amazon S3.Access control does not provide protection for S3 data againstmalicious insider. Encryption can be applied for the stored data toprotect from the cloud internal.
Amazon Elastic Compute Cloud (EC2)EC2 uses the public key part of the key pair associated with the AWSaccount to secure login, so that only someone with the correspondingprivate key can access to the EC2 instance. In addition, by usingconcept of security group that are basically collections of rules thetraffic of EC2 instance is manageable.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 6 / 48
Introduction-Cloud NoSQL
Cloud NoSQL:Cloud NoSQL is a fast and flexible database service for all applications thatneed consistent, single-digit millisecond latency at any scale. It is a fullymanaged cloud database and supports both document and key-value storemodels. Its flexible data model and reliable performance make it a great fitfor mobile, web, gaming, ad tech, IoT, and many other applications.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 7 / 48
Introduction- Data Models For NoSQL
Data Models For NoSQL Databases:1 Key-value stores: A dictionary DS where a key uniquely identifies
the value.
2 Column-family stores: Data are stored in rows and each row has aunique key and set of columns.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 8 / 48
Introduction- Data Models For NoSQL
Data Models For NoSQL Databases:1 Key-value stores: A dictionary DS where a key uniquely identifies
the value.
2 Column-family stores: Data are stored in rows and each row has aunique key and set of columns.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 8 / 48
Introduction- Data Models For NoSQL
3 Document stores: Data are stored in internal structure (Document)to offer higher level of granularity. Each document has a unique keyto identify.
4 Graph Databases: This model is based on graph and can used torepresent complex structures and highly connected data.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 9 / 48
Introduction- Data Models For NoSQL
3 Document stores: Data are stored in internal structure (Document)to offer higher level of granularity. Each document has a unique keyto identify.
4 Graph Databases: This model is based on graph and can used torepresent complex structures and highly connected data.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 9 / 48
Introduction- Cryptosystems For Outsourced Data Store
Data in the cloud can be in one of three states:1 Store: Encryption of data before uploading to the Cloud.
2 Transit: Communication channels can be secured by using thestandard HTTP over Secure Socket Layer (SSL). In addition, theendpoint authentication feature of the SSL protocol makes it possibleto ensure clients are communicating with an authentic cloud server.
3 Process: Data owner should disclose decryption key to the server inorder to decrypt the data before performing any required operation.The problem is when the decryption key is compromised, the dataconfidentiality would be affected. Therefore, in the cloud computingmodel, new set of cryptosystems is required.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 10 / 48
Introduction- Cryptosystems For Outsourced Data Store
Data in the cloud can be in one of three states:1 Store: Encryption of data before uploading to the Cloud.
2 Transit: Communication channels can be secured by using thestandard HTTP over Secure Socket Layer (SSL). In addition, theendpoint authentication feature of the SSL protocol makes it possibleto ensure clients are communicating with an authentic cloud server.
3 Process: Data owner should disclose decryption key to the server inorder to decrypt the data before performing any required operation.The problem is when the decryption key is compromised, the dataconfidentiality would be affected. Therefore, in the cloud computingmodel, new set of cryptosystems is required.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 10 / 48
Introduction- Cryptosystems For Outsourced Data Store
Data in the cloud can be in one of three states:1 Store: Encryption of data before uploading to the Cloud.
2 Transit: Communication channels can be secured by using thestandard HTTP over Secure Socket Layer (SSL). In addition, theendpoint authentication feature of the SSL protocol makes it possibleto ensure clients are communicating with an authentic cloud server.
3 Process: Data owner should disclose decryption key to the server inorder to decrypt the data before performing any required operation.The problem is when the decryption key is compromised, the dataconfidentiality would be affected. Therefore, in the cloud computingmodel, new set of cryptosystems is required.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 10 / 48
Cryptosystems-Deterministic (DET)
DET scheme always produces the same ciphertext for an identical pair of givenplaintext and key.2 DET leaks information about ciphertext of same plaintext.DET enables server to process pipeline aggregation stages such as group, count,
retrieving distinct values and equality match 3 on the fields within an embeddeddocument. The embedded document can maintain the link with the primarydocument through application of DET encryption. See Equation 1.
Deterministic Encryption
for j = 1 . . . n; Cj = Ek(Pj); Pj = Dk(Cj) (1)
2Block ciphers in Electronic Code Book (ECB) mode with a constant IV are DET.3Equality matches over common fields in an embedded document will select
documents in the collection containing fields with specified values.Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 11 / 48
Cryptosystems-Random (RND)
RND scheme (probabilistic) encryption, the same message with the same keyyields different ciphertext.This randomness provides the highest level of security
and different encryption algorithms provide RND property. 4 RND type schemesare semantically secure against chosen plaintext attacks and hides all kind ofinformation about ciphertext. RND scheme does not allow any efficientcomputation on the ciphertext.5
Random Encryption
C1 = Ek(P1 ⊕ IV ), P1 = IV ⊕ Dk(C1)
for j = 2 . . . n; Cj = Ek(Pj ⊕ Cj−1), Pj = Cj−1 ⊕ Dk(Cj)(2)
4AES in Cipher Block Chaining (CBC) mode is used for RND. AES with a key size of128,192 or 256 bits and with a block size of 128 bits.
5Where: Ek is the Enc., Dk is the Dec., k is secret key P is plaintext and C isciphertext.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 12 / 48
Cryptosystems-Order-Preserving Encryption (OPE)
OPE projects the order relation between plaintext data elements to theirciphertext values. OPE leaks the order of ciphertext, so it supports a lower degreeof security.
Order-Preserving Encryption
∀x , y |x , y ∈ Data Domain
x < y =⇒ OPEk(x) < OPEk(y)(3)
An efficient inequality comparisons on the encrypted data elements can beperformed by applying OPE which supports range queries, comparison, Min(),Max() on the ciphertext.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 13 / 48
Cryptosystems-Additive Homomorphic Encryption(AHOM)
AHOM allows the server to conduct computations on ciphertext with the finalresult that get decrypted at the proxy. In spite of sustained research efforts of theFully Homomorphic Encryption (FHE), there is no efficient FHE, except forlimited operations. We applied Paillier [1] scheme that supports additiveoperations. It should be noted that m1,m2 are messages to be encrypted wherem1,m2 ∈ Zn. r1, r2 ∈ Z∗
n are randomly selected.
Additive Homomorphic Encryption
Dk
(Ek(m1, r1)× Ek(m2, r2)modn2
)= m1 + m2(mod n) (4)
In other words, the product of two ciphertexts decrypt to the sum of theircorresponding plaintexts.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 14 / 48
RELATED WORK
The first SQL-aware query processing over encrypted database wasCryptDB [2]. CryptDB satisfies data confidentiality for the relationaldatabase. However, CryptDB cannot perform queries over dataencrypted with different keys. Other problem that CryptDB has isinformation leakage from encrypted data.A practical searchable security scheme known as Oblivious Cross Tags(OXT) is introduced by Cash et al. [3] which can search on encrypteddata sets in sub-linear time complexity by using different types ofindices, however it is not practical on NoSQL data sets which aredesigned to scale to millions of users doing updates simultaneously.Extended OXT introduced by Faber et al. adds a set of new featuressuch as multi-keyword, substring, wild-cards and substring searchingto the basic OXT approach. The main downsides of thisSecureNoSQL is a system which acts as a proxy to secure thecommunication between the NoSQL database server, and theapplications server. Advantages: Using original expressive querylanguage. Benefits from secondary indexes of database system.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 15 / 48
RELATED WORK
The first SQL-aware query processing over encrypted database wasCryptDB [2]. CryptDB satisfies data confidentiality for the relationaldatabase. However, CryptDB cannot perform queries over dataencrypted with different keys. Other problem that CryptDB has isinformation leakage from encrypted data.A practical searchable security scheme known as Oblivious Cross Tags(OXT) is introduced by Cash et al. [3] which can search on encrypteddata sets in sub-linear time complexity by using different types ofindices, however it is not practical on NoSQL data sets which aredesigned to scale to millions of users doing updates simultaneously.Extended OXT introduced by Faber et al. adds a set of new featuressuch as multi-keyword, substring, wild-cards and substring searchingto the basic OXT approach. The main downsides of thisSecureNoSQL is a system which acts as a proxy to secure thecommunication between the NoSQL database server, and theapplications server. Advantages: Using original expressive querylanguage. Benefits from secondary indexes of database system.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 15 / 48
RELATED WORK
The first SQL-aware query processing over encrypted database wasCryptDB [2]. CryptDB satisfies data confidentiality for the relationaldatabase. However, CryptDB cannot perform queries over dataencrypted with different keys. Other problem that CryptDB has isinformation leakage from encrypted data.A practical searchable security scheme known as Oblivious Cross Tags(OXT) is introduced by Cash et al. [3] which can search on encrypteddata sets in sub-linear time complexity by using different types ofindices, however it is not practical on NoSQL data sets which aredesigned to scale to millions of users doing updates simultaneously.Extended OXT introduced by Faber et al. adds a set of new featuressuch as multi-keyword, substring, wild-cards and substring searchingto the basic OXT approach. The main downsides of thisSecureNoSQL is a system which acts as a proxy to secure thecommunication between the NoSQL database server, and theapplications server. Advantages: Using original expressive querylanguage. Benefits from secondary indexes of database system.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 15 / 48
RELATED WORK
The first SQL-aware query processing over encrypted database wasCryptDB [2]. CryptDB satisfies data confidentiality for the relationaldatabase. However, CryptDB cannot perform queries over dataencrypted with different keys. Other problem that CryptDB has isinformation leakage from encrypted data.A practical searchable security scheme known as Oblivious Cross Tags(OXT) is introduced by Cash et al. [3] which can search on encrypteddata sets in sub-linear time complexity by using different types ofindices, however it is not practical on NoSQL data sets which aredesigned to scale to millions of users doing updates simultaneously.Extended OXT introduced by Faber et al. adds a set of new featuressuch as multi-keyword, substring, wild-cards and substring searchingto the basic OXT approach. The main downsides of thisSecureNoSQL is a system which acts as a proxy to secure thecommunication between the NoSQL database server, and theapplications server. Advantages: Using original expressive querylanguage. Benefits from secondary indexes of database system.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 15 / 48
RELATED WORK-Summary
Comparison with related work
Table 1: Information leakage management methods comparison
Method Description Context Advantage Downside Reference
Oblivious Cross-Tags (OXT)
Searchable sym-metric encryption
Searches for a setof keywords
Practical (1)Multiple inter-actions; (2)Pre-Processing
Cash et al. [4]
Extended-OXT Searchable sym-metric encryption
Searches for a setof keywords
Extends OXT to:(1)Substring;(2)Wildcards, Phrase& Substring
(1)Multipleinterac-tions;(2)Preprocessing
Faber et al. [5]
CryptDB Secure query pro-cessing
SQL awaredatabase
Efficient Leakage from en-crypted data
Popa et al. [2]
SecureNoSQL Leakage resilientquery processingover encrypteddatabase
NoSQL database Covers: (1)searchover encryptedNoSQL databases;(2)Leakage preven-tion
Requires extrahardware resourcesfor Proxy
Current work *
* The paper related to this work is currently under review.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 16 / 48
Drawbacks of CryptDb
A team of Microsoft researchers led by Seny Kamara claims to have beensuccessful at recovering a substantial amount of data from health recordsstored in CryptDB (PDF), a database technology that uses layers ofencryption to allow users to search through encrypted data withoutexposing its contents.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 17 / 48
RESEARCH OBJECTIVES AND APPROACH
Research Objectives: The goal of this research is to design securityschemes that enable cloud users to securely receive the productivityand computational benefits of the cloud DBaaS withoutcompromising security and privacy.
Motivation: A 70% annual growth rate in DBaaS, and consideringthe cloud threat model an efficient security scheme is required forhigh volume data stored and processed in the cloud.
Threat Model: A threat model describes the threats against cloudDBaaS.
JSON And BSON: JSON is an open standard format used totransmit data objects consisting of key-value pairs using selfdescribing text (BSON is binary extension).
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 18 / 48
RESEARCH OBJECTIVES AND APPROACH
Research Objectives: The goal of this research is to design securityschemes that enable cloud users to securely receive the productivityand computational benefits of the cloud DBaaS withoutcompromising security and privacy.
Motivation: A 70% annual growth rate in DBaaS, and consideringthe cloud threat model an efficient security scheme is required forhigh volume data stored and processed in the cloud.
Threat Model: A threat model describes the threats against cloudDBaaS.
JSON And BSON: JSON is an open standard format used totransmit data objects consisting of key-value pairs using selfdescribing text (BSON is binary extension).
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 18 / 48
RESEARCH OBJECTIVES AND APPROACH
Research Objectives: The goal of this research is to design securityschemes that enable cloud users to securely receive the productivityand computational benefits of the cloud DBaaS withoutcompromising security and privacy.
Motivation: A 70% annual growth rate in DBaaS, and consideringthe cloud threat model an efficient security scheme is required forhigh volume data stored and processed in the cloud.
Threat Model: A threat model describes the threats against cloudDBaaS.
JSON And BSON: JSON is an open standard format used totransmit data objects consisting of key-value pairs using selfdescribing text (BSON is binary extension).
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 18 / 48
RESEARCH OBJECTIVES AND APPROACH
Research Objectives: The goal of this research is to design securityschemes that enable cloud users to securely receive the productivityand computational benefits of the cloud DBaaS withoutcompromising security and privacy.
Motivation: A 70% annual growth rate in DBaaS, and consideringthe cloud threat model an efficient security scheme is required forhigh volume data stored and processed in the cloud.
Threat Model: A threat model describes the threats against cloudDBaaS.
JSON And BSON: JSON is an open standard format used totransmit data objects consisting of key-value pairs using selfdescribing text (BSON is binary extension).
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 18 / 48
RESEARCH OBJECTIVES AND APPROACH-ThreatModel
Threat Model: We investigate cloud threat model from theadversarial prospective which is a holistic process based on end-to-endsecurity. The model identifies two classes of threats.
External attacker:An attacker from the outside of cloudenvironment might obtain unauthorized access to the data.
Cloud malicious insiders: Unauthorized access to data by the cloudinternals
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 19 / 48
RESEARCH OBJECTIVES AND APPROACH-ThreatModel
Threat Model: We investigate cloud threat model from theadversarial prospective which is a holistic process based on end-to-endsecurity. The model identifies two classes of threats.
External attacker:An attacker from the outside of cloudenvironment might obtain unauthorized access to the data.
Cloud malicious insiders: Unauthorized access to data by the cloudinternals
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 19 / 48
RESEARCH OBJECTIVES AND APPROACH-JSON AndBSON
JSON And BSON:Open standard format
Self describing format
BSON is a binary extension for JSON
BSON supports more data types
In this work we use JSON to create a new concept called security plan.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 20 / 48
RESEARCH OBJECTIVES AND APPROACH-JSON AndBSON
JSON And BSON:Open standard format
Self describing format
BSON is a binary extension for JSON
BSON supports more data types
In this work we use JSON to create a new concept called security plan.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 20 / 48
RESEARCH OBJECTIVES AND APPROACH-JSON AndBSON
JSON And BSON:Open standard format
Self describing format
BSON is a binary extension for JSON
BSON supports more data types
In this work we use JSON to create a new concept called security plan.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 20 / 48
RESEARCH OBJECTIVES AND APPROACH-JSON AndBSON
JSON And BSON:Open standard format
Self describing format
BSON is a binary extension for JSON
BSON supports more data types
In this work we use JSON to create a new concept called security plan.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 20 / 48
SecureNoSQL
We deign SecureNoSQL which is a system that provides practical andprovable confidentiality in presence of these attacks for applications backedby NoSQL databases. The key part of SecureNoSQL is evaluation a set ofoperations on the encrypted databases. Moreover, the designed novelalgorithms for information leakage prevention from data or query are addedto SecureNoSQL. We also introduced a novel descriptive language basedon the JSON notations which enables the users to generate a securityplan. The security plan is useful tools for data owners for regulatingsecurity parameters management without getting involved in the details.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 21 / 48
Architecture
Figure 1: High-level architecture of SecureNoSQL as a secure proxy between users applicationsand cloud NoSQL database server.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 22 / 48
Some features of SecureNoSQL
1 Descriptive language based onJSON notations to create asecurity plan.
2 A multi-key, multi-levelmechanism.
3 The effective validationprocedure against security planin SecureNoSQL helps to avoidunnecessarily increase ofworkload and response time ofremote cloud server.
4 Support for a comprehensive,flexible protection. The solutionis open-ended, users can addnew customized cryptographicmodules simply by usingdesigned descriptive language.
5 A balanced system with asecurity level-proportionaloverhead. The overhead ofscheme is proportional to thedesired level of security.
6 SecureNoSQL addresses theinformation leakage from fully orpartially encrypted databases inthe cloud. a
aThe malicious insider could pool all databases andextract sensitive information from correlation withvarious hosted databases.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 23 / 48
Some features of SecureNoSQL
1 Descriptive language based onJSON notations to create asecurity plan.
2 A multi-key, multi-levelmechanism.
3 The effective validationprocedure against security planin SecureNoSQL helps to avoidunnecessarily increase ofworkload and response time ofremote cloud server.
4 Support for a comprehensive,flexible protection. The solutionis open-ended, users can addnew customized cryptographicmodules simply by usingdesigned descriptive language.
5 A balanced system with asecurity level-proportionaloverhead. The overhead ofscheme is proportional to thedesired level of security.
6 SecureNoSQL addresses theinformation leakage from fully orpartially encrypted databases inthe cloud. a
aThe malicious insider could pool all databases andextract sensitive information from correlation withvarious hosted databases.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 23 / 48
Some features of SecureNoSQL
1 Descriptive language based onJSON notations to create asecurity plan.
2 A multi-key, multi-levelmechanism.
3 The effective validationprocedure against security planin SecureNoSQL helps to avoidunnecessarily increase ofworkload and response time ofremote cloud server.
4 Support for a comprehensive,flexible protection. The solutionis open-ended, users can addnew customized cryptographicmodules simply by usingdesigned descriptive language.
5 A balanced system with asecurity level-proportionaloverhead. The overhead ofscheme is proportional to thedesired level of security.
6 SecureNoSQL addresses theinformation leakage from fully orpartially encrypted databases inthe cloud. a
aThe malicious insider could pool all databases andextract sensitive information from correlation withvarious hosted databases.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 23 / 48
Some features of SecureNoSQL
1 Descriptive language based onJSON notations to create asecurity plan.
2 A multi-key, multi-levelmechanism.
3 The effective validationprocedure against security planin SecureNoSQL helps to avoidunnecessarily increase ofworkload and response time ofremote cloud server.
4 Support for a comprehensive,flexible protection. The solutionis open-ended, users can addnew customized cryptographicmodules simply by usingdesigned descriptive language.
5 A balanced system with asecurity level-proportionaloverhead. The overhead ofscheme is proportional to thedesired level of security.
6 SecureNoSQL addresses theinformation leakage from fully orpartially encrypted databases inthe cloud. a
aThe malicious insider could pool all databases andextract sensitive information from correlation withvarious hosted databases.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 23 / 48
Some features of SecureNoSQL
1 Descriptive language based onJSON notations to create asecurity plan.
2 A multi-key, multi-levelmechanism.
3 The effective validationprocedure against security planin SecureNoSQL helps to avoidunnecessarily increase ofworkload and response time ofremote cloud server.
4 Support for a comprehensive,flexible protection. The solutionis open-ended, users can addnew customized cryptographicmodules simply by usingdesigned descriptive language.
5 A balanced system with asecurity level-proportionaloverhead. The overhead ofscheme is proportional to thedesired level of security.
6 SecureNoSQL addresses theinformation leakage from fully orpartially encrypted databases inthe cloud. a
aThe malicious insider could pool all databases andextract sensitive information from correlation withvarious hosted databases.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 23 / 48
Some features of SecureNoSQL
1 Descriptive language based onJSON notations to create asecurity plan.
2 A multi-key, multi-levelmechanism.
3 The effective validationprocedure against security planin SecureNoSQL helps to avoidunnecessarily increase ofworkload and response time ofremote cloud server.
4 Support for a comprehensive,flexible protection. The solutionis open-ended, users can addnew customized cryptographicmodules simply by usingdesigned descriptive language.
5 A balanced system with asecurity level-proportionaloverhead. The overhead ofscheme is proportional to thedesired level of security.
6 SecureNoSQL addresses theinformation leakage from fully orpartially encrypted databases inthe cloud. a
aThe malicious insider could pool all databases andextract sensitive information from correlation withvarious hosted databases.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 23 / 48
Super Document
Super Document:
d1 =⟨〈k1, v1〉, 〈k2, v2〉, . . . , 〈ki , vi 〉
⟩d2 =
⟨〈k1, v1〉, 〈k2, v2〉, . . . , 〈kj , vj〉
⟩. . .
dn =⟨〈k1, v1〉, 〈k2, v2〉, . . . , 〈kl , vl〉
⟩Super Document D =
n⋃i=1
di
(5)
Match function : M(di , dj) determines whether any two givendocuments di , dj can be merged or not.6
6Two documents can be merged provided that they share the same attribute from anidentifying class or group of attributes from semi-identity class.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 24 / 48
Security Plan
Security plan is a document contains a hierarchical collection of key-valuepairs that describes data elements, parameters of cryptosystems andmapping between these two. Every security plan document includes fourtop-level sections represented in key-value pairs.
Figure 2: The high level structure of the security plan.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 25 / 48
Security Plan-Collection
Figure 3: Collection (metadata) encryption:(a) The chart outlines the structure of collectioncontaining the name of collection and name of all fields which are considered as meta-data thusshould be protected with proper cryptographic module. The pointer to a cryptomodule, theencryption key, and the initialization vector used for the encryption of the items. (b) Thedescription of a collection and security parameters in designed JSON based language.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 26 / 48
Security Plan-Cryptographic Modules
Cryptographic modules introducesall cryptosystems and theirparameters such as key, key-size,initialization vector and output-size.
Figure 4: Cryptographic Modules
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 27 / 48
Security Plan-Data Elements
Figure 5: Data elements containing attributes of data elements such as name, type and value forof collection and name. Then introduces security parameters for each data elements. (b) Thedata element section of a sample database which are represented in designed notation. A dataitem has 7 fields: id, name, salary, balance, ccn, ssn, and email. The id, name, email and salaryare required fields.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 28 / 48
Security Plan-Mapping Cryptographic Modules to TheData Field
Figure 6: Structure and description of Mapping cryptographic modules to the Data element: (a)Security plan with the fourth section expanded. This section establishes a correspondencebetween the data fields and the cryptographic modules used to encrypt and decrypt it. (b) Themapping section of the schema for a sample database with 7 fields. For example, the id and thename will be encrypted with OPE 128 bit and AES-DET, respectively.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 29 / 48
Security Plan-KVP And Document Data Models
Figure 7: SecureNoSQL applied to: (a) The key-value data model; Key1, . . . ,Keyn are allencrypted using the cryptographic module z while the corresponding values, Value1, . . . ,Valuenare encrypted with cryptographic modules 1, 2, . . . , n, respectively. (b) The document store datamodel; the meta-data such as collection name encrypted as well as attributes with assignedcryptographic modules.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 30 / 48
Security Plan-Query and data validation
Figure 8: The validation process of input data against security plan in the client side.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 31 / 48
An Example
Figure 9: Security plan designed for sample input: (a) Data element section of sample securityplan. (b) Output of JSON Data validation for sample database.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 32 / 48
Query Encryption
Figure 10: The query db.customers.find({salary:{$gt:5000}, balance:{$lt:2000}}) received froman application. (a) The parsing tree of the query (b) The cryptographic modules applied to thedata elements according to schema definition
.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 33 / 48
Example Queries
Table 2: Sample queries and their corresponding encrypted version
Query Encrypted query
1 db.customers.find({ssn:936136916})db[”k/IevnbanDMQHNkb9cRgUg==”].find({”5pgAxn6BF08WtM7zyu
YaKg==”:74172405478441908041711118833862143778})
2
db.customers.find({balance:{$gte:
5084610},balance:{$lte:9911843}})
db[”k/IevnbanDMQHNkb9cRgUg==”].find({”3iXpo2l8xZpW7J7TezFde
A==”:{$gte:402982988013604629517872370128473753},”3iXpo21
8xZpW7J7TezFdeA==”{$lte:7855963556987175927802686333694542
31}})
3
db.customers.aggregate([{$group:{ id
:null,minBalance:{$min:”$balance”}}}])db[”k/IevnbanDMQHNkb9cRgUg==”].aggregate([{$group:{ id:
null,EncMinBalance:{$min:”$3iXpo2l8xZpW7J7TezFdeA==”}}}])
4
db.customers.aggregate([{$group:{ id:
null,maxBalance:{$max:”$balance”}}}])db[”k/IevnbanDMQHNkb9cRgUg==”].aggregate([{$group:{ id:null
,EncmaxBalance:{$max:”$3iXpo2l8xZpW7J7TezFdeA==” }}}])
5
db.customers.find({$or:[{Salary:{$gt:
516046}},{balance:{$lt:285462}}]})
db[”k/IevnbanDMQHNkb9cRgUg==”].find({ $or: [ { ”9mnGu8Q2V
DstE+T9jFw2wQ==”: { $gt: 40994186216785746613193244129885849
}},{”3iXpo2l8xZpW7J7TezFdeA==”:{$lt:226574304531446346797
91167652174833}}]})
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 34 / 48
Overhead Data
Table 3: Overhead of encryption upon security level
Database Plain OPE64 OPE128 OPE256 OPE512
Size(MB) 170 430 508 662 1000
Table 4: Overhead of RND and DET encryption
Database Plain RND DET
Size(MB) 170 170 170
Table 5: Overhead of AHOM encryption
Database Plain AHOM
Size(MB) 170 10880
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 35 / 48
Measurements And Experimental Results
Figure 11: Query processing time in milliseconds (ms) for the unencrypted database and for theencrypted databases when the 32-bit keys are encrypted as 64, 128, 256 and 512-bit integers.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 36 / 48
Measurements And Experimental Results
Response time: shortest for comparison and longest for aggregatedqueries.The query processing time: for a given type of query increases, but onlyslightly, less than 5% when the key length increases from 64, to 128, 256,and 512 bit.As expected, the OPE encryption time increases significantly with the sizeof the encryption space; it increases almost tenfold when the size of theencrypted output increases from 64-bit to 1024-bit and it is about 10 msfor 256-bit.The decryption time is considerably smaller, it increases only slightly from0.11 ms to 0.17 when the size of the encrypted key increases from 64-bitto 1024 bit.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 37 / 48
Research Plan
Research Plan (Past-Current-Future)
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 38 / 48
Work in Progress And Tasks Time Table
2013 2014 2015 2016
1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12
Study
Published papers
Paper 1
Paper 2
Submitted papers
Paper 3
Paper 4
Paper 5
Ready to submit
Paper 6
Revision of papers
Revising the Papers
Figure 12: Estimate work plan and timeline
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 39 / 48
Work in Progress
Table 6: List of publications
Paper Paper Authorship Journal or StatusNo Title Conference
Paper 1Security of Applications Involving Multiple M.Ahmadian, A.Paya IEEE 28th InternationalOrganizations-OPE in Hybrid Cloud Environments [6] D.Marinescu Parallel & Distributed Processing Published (2014)
Paper 2A security scheme for geographic information M.Ahmadiandatabases in location based systems [7] J.Kho., D.Marinescu IEEE SoutheastCon Published (2015)
Paper 3SecureNoSQL: An approach to secure search on M.Ahmadian, F.Plochan International Journal ofencrypted NoSQL databases in public cloud [8] Z.Roessler, D.Marinescu Information Management (IJIM) Published (2017)
Paper 4An Analysis of Information Leakage due to Insider M.Ahmadian Journal of Information Securityand some Outsider Attackers in Computer Clouds D.Marinescu and Applications Under review
Paper 5Secure Query Processing in Cloud NoSQL [9] M.Ahmadian IEEE International Conference
on Consumer Electronics Published (2017)
Paper 6On information leakage in cloud database M.Ahmadian Transaction of sustainable computationservices D.Marinescu Under review
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 40 / 48
Future Work
The current research will be continued by the following suggestions:
Multiple proxies in order to deal with a huge number of clients,
Developing an efficient, fully homomorphic encryption for unlimitedoperations over the encrypted data,
Encryption key management mechanism development for periodicallyassigning new key for cryptosystems in order to obtain higher levels ofsecurity.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 41 / 48
Information Leakage Prevention
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 42 / 48
Introduction-Information Leakage
Information Leakage
Information leakage can be defined as using combination of data,meta-data and query that are classified at lower level L1 to extractinformation that are at higher level L2.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 43 / 48
Introduction-Information Leakage
Information Leakage
This work is under progress ...
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 44 / 48
References I
P. Paillier, “Public-key cryptosystems based on composite degreeresiduosity classes,” in Advances in cryptologyEUROCRYPT99.Springer, 1999, pp. 223–238.
R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan,“Cryptdb: Protecting confidentiality with encrypted queryprocessing,” Proc. of the Twenty-Third ACM Symposium onOperating Systems Principles, pp. 85–100, 2011.
D. Cash, J. Jaeger, S. Jarecki, C. Jutla, H. Krawczyk, M.-C. Rosu,and M. Steiner, “Dynamic searchable encryption in very-largedatabases: Data structures and implementation,” Network andDistributed System Security Symposium (NDSS14), 2014.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 45 / 48
References II
D. Cash, S. Jarecki, C. Jutla, H. Krawczyk, M.-C. Rosu, andM. Steiner, “Highly-scalable searchable symmetric encryption withsupport for boolean queries,” in Advances in Cryptology–CRYPTO2013. Springer, 2013, pp. 353–373.
S. Faber, S. Jarecki, H. Krawczyk, Q. Nguyen, M. Rosu, andM. Steiner, “Rich queries on encrypted data: Beyond exact matches,”in European Symposium on Research in Computer Security.Springer, 2015, pp. 123–145.
M. Ahmadian, A. Paya, and D. Marinescu, “Security of applicationsinvolving multiple organizations and order preserving encryption inhybrid cloud environments,” IEEE International conf. on ParallelDistributed Processing Symposium Workshops (IPDPSW), pp.894–903, May 2014.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 46 / 48
References III
M. Ahmadian, J. Khodabandehloo, and D. Marinescu, “A securityscheme for geographic information databases in location basedsystems,” IEEE SoutheastCon, pp. 1–7, April 2015.
M. Ahmadian, F. Plochan, Z. Roessler, and D. C. Marinescu,“SecureNoSQL: An approach for secure search of encrypted nosqldatabases in the public cloud,” International Journal of InformationManagement, vol. 37, no. 2, pp. 63 – 74, 2017. [Online]. Available:http://www.sciencedirect.com/science/article/pii/S0268401216302262
M. Ahmadian, “Secure query processing in cloud nosql,” in ConsumerElectronics (ICCE), 2017 IEEE International Conference on. IEEE,2017, pp. 90–93.
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 47 / 48
The End
Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 48 / 48
top related