Abstract
Due to the advantages of pay-on-demand, expand-on-demand and high availability, cloud databases (CloudDB) have been widely used in information systems. However, since a CloudDB is distributed on an untrusted cloud side, it is an important problem how to effectively protect massive private information in the CloudDB. Although traditional security strategies (such as identity authentication and access control) can prevent illegal users from accessing unauthorized data, they cannot prevent internal users at the cloud side from accessing and exposing personal privacy information. In this paper, we propose a client-based approach to protect personal privacy in a CloudDB. In the approach, privacy data before being stored into the cloud side, would be encrypted using a traditional encryption algorithm, so as to ensure the security of privacy data. To execute various kinds of query operations over the encrypted data efficiently, the encrypted data would be also augmented with additional feature index, so that as much of each query operation as possible can be processed on the cloud side without the need to decrypt the data. To this end, we explore how the feature index of privacy data is constructed, and how a query operation over privacy data is transformed into a new query operation over the index data so that it can be executed on the cloud side correctly. The effectiveness of the approach is demonstrated by theoretical analysis and experimental evaluation. The results show that the approach has good performance in terms of security, usability and efficiency, thus effective to protect personal privacy in the CloudDB.
Similar content being viewed by others
Notes
iResearch, a well-known consulting company in China - http://report.iresearch.cn/.
References
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-molina, H., Kenthapadi, K., Motwani, R., Srivastava, U., Thomas, D., Xu, Y.: Two can keep a secret: A distributed architecture for secure database services. In: Proc. of the CIDR (2005)
Ahituv, N., Lapid, Y., Neumann, S.: Processing encrypted data. Commun. ACM 30(9), 777–780 (1987)
Alfred, B., Melissa, Z.: Database Security. Delmar Cengage Learning (2011)
Arvind, A., Spyros, B., Ken, E., Manas, J., Raghav, K., Donald, K., Ravi, R., Prasang, U.: Secure database-as-a-service with cipherbase. In: Proc. of the SIGMOD (2013)
Ashwini, M.D., Mangesh, S.D., Devendra, N.K.: Fpga implementation of aes encryption and decryption. In: Proc. of the 2009 International Conference on Control, Automation, Communication and Energy Conservation (2009)
Bharath, S., Wei, J., Elisa, B.: Privacy-preserving complex query evaluation over semantically secure encrypted data. In: Proc. of the ESORICS (2014)
Bijit, H., Sharad, M., Gene, T.: A privacy-preserving index for range queries. In: Proc. of the VLDB (2007)
Boyang, W., Ming, L., Haitao, W., Hui, L.: Circular range search on encrypted spatial data. In: Proc. of the ICDCS (2015)
Chen, F., Liu, A.X.: Privacy and integrity preserving multi-dimensional range queries for cloud computing. In: Proc. of the IFIP (2014)
Chen, K., Weimin, Z.: Cloud computing: System instances and current research. J. Softw. 20(5), 1137–1148 (2010)
Feng, D., Zhang, M., Zhang, Y., Xu, Z.: Study on cloud computing security. J. Softw. 22(1), 71–83 (2011)
Ganapathy, V., Thomas, D., Feder, T., Garcia-Molina, H., Motwani, R.: Distributing data for secure database services. In: Proceedings of the 4th International Workshop on Privacy and Anonymity in the Information Society. ACM (2011)
Hacigümüṡ, H., Iyer, B., Li, C., Mehrotra, S.: Executing sql over encrypted data in the database-service-provider model. In: Proc. of the ACM SIGMOD (2002)
Hacigümüṡ, H., Iyer, B., Mehrotra, S.: Efficient execution of aggregation queries over encrypted relational databases. In: Proc. of the DASFAA (2004)
Hacigümüṡ, H., Iyer, B., Mehrotra, S.: Query optimization in encrypted database systems. In: Proc. of the DASFAA (2005)
Huang, L., Tian, M., Huang, H.: Preserving privacy in big data: A survey from the cryptographic perspective. J. Softw. 26(4), 777–780 (2015)
Josep, D.F.: A new privacy homomorphism and applications. Inf. Process. Lett. 60(5), 227–282 (1996)
Li, Y., Liu, G.: Encryption method for character data in the database. Comput. Eng. 33(6), 120–124 (2007)
Li, R., Liu, A.X., Wang, A.L.: Fast range query processing with strong privacy protection for cloud computing. Proc. VLDB Endow. 7(14), 1953–1964 (2014)
Lin, Z., Lai, Y., Lin, C., Xie, Y., Quan, Z.: Research on cloud databases. J. Softw. 23(5), 1148–1166 (2012)
Liu, A., Zheng, K., Li, L., Liu, G., Zhou, X.: Efficient secure similarity computation on encrypted trajectory data. In: Proc. of the ICDE (2015)
Luc, B., Philippe, P.: Chip-secured data access: Confidential data on untrusted servers. In: Proc. of the VLDB (2002)
Luca, F., Michele, C., Mirco, M.: Distributed, concurrent, and independent access to encrypted cloud databases. IEEE Trans. Parallel Distrib. Syst. 25(2), 437–450 (2014)
Shiyuan, W., Divyakant, A., Amr, E.A.: A comprehensive framework for secure query processing on relational data in the cloud. In: Proc. of the VLDB Workshop on Secure Data Management (2011)
Sumeet, B., Radu, S.: Trusteddb: A trusted hardware-based database with privacy and data confidentiality. IEEE Trans. Knowl. Data Eng. 26(3), 752–768 (2014)
Sun, X., Li, M., Wang, H.: A family of enhanced (ℓ, α)-diversity models for privacy preserving data publishing. Futur. Gener. Comput. Syst. 27, 348–356 (2011)
Tu, S., Kaashoek, M.F., Madden, S., Zeldovich, N.: Processing analytical queries over encrypted data. Proc. VLDB Endow. 6(5), 289–300 (2013)
Wai, K.W., Ben, K., David, W.L.C., Rongbin, L., Siu, M.Y.: Secure query processing with data interoperability in a cloud database environment. In: Proc. of the SIGMOD (2014)
Wang, Z., Wang, W., Shi, B.: Fast query over encrypted character data in database. Commun. Inf. Syst. 4(4), 289–300 (2004)
Wang, H., Cao, J., Zhang, Y.: A flexible payment scheme and its role-based access control. IEEE Trans. Knowl. Data Eng. 27, 332–348 (2005)
Wang, H., Zhang, Y., Cao, J.: Effective collaboration with information sharing in virtual universities. IEEE Trans. Knowl. Data Eng. 21, 840–853 (2009)
William, S.: Cryptography and Network Security: Principles and Practice, 6th edn. Pearson Education Limited (2013)
Wu, Z., Xu, G., Zong, Y., Yi, X., Chen, E., Zhang, Y.: Executing sql queries over encrypted character strings in the database-as-service model. Knowl.-Based Syst. 35, 332–348 (2012)
Xu, H., Guo, S., Chen, K.: Building confidential and efficient query services in the cloud with rasp data perturbation. IEEE Trans. Knowl. Data Eng. 26(2), 232–246 (2014)
Acknowledgements
We would like to thank anonymous reviewers for their valuable comments. The work is supported by the National Social Science Fund of China (No. 17CTQ011).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Wu, Z., Xu, G., Lu, C. et al. An effective approach for the protection of privacy text data in the CloudDB. World Wide Web 21, 915–938 (2018). https://doi.org/10.1007/s11280-017-0491-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11280-017-0491-8