2019 International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE)
Enhanced Model for Cloud Data Security based on
Searchable Encryption and Hybrid Fragmentation
Abdelrhman Sayed Awad Adil Yousif
Faculty of Computer Science Faculty of Arts & Science
University of Science and Technology Najran University
Khartoum, Sudan Sharourah, Saudi Arabia
abdelrhman.sayedawad@gmail.com ayalfaki@nu.edu.sa
Abstract—Cloud computing is a new technology that
transfer the computing process from personal computers into
cloud servers over the internet. Nevertheless, as the client
information data is stored in the cloud provider servers, the
confidentiality of the information become a new concern.
Different algorithms based on Encryption is presented
previously to provide cloud clients with confidentiality. The
main idea of encryption algorithms for cloud data is to permit
cloud clients queries to be handled using encrypted data
without decryption. This paper presents a new security
mechanism using hybrid method of encryption algorithms and
a distribution system to enhance cloud database
confidentiality. A vertical fragmentation technique is adopted
from alsirhani's model for distributing data over clouds.
However, to overcome a weakness in alsirhani's model where
compromises to a fragment can still make data meaningful.
Instead, the proposed model uses a hybrid fragmentation
technique to make data on fragments meaningless if
compromised. The proposed model distributes the cloud
database among the clouds using the provider views and level
of confidentiality that is delivered by the employed encryption
algorithms. To evaluate the proposed searchable encryption
and hybrid fragmentation model, the study developed a Java
application for simulating the hybrid cloud. The simulation
combines public and private clouds; as essential processes is
conducted inside the private cloud. The evaluation of the work
was conducted by comparing the proposed model with existing
solutions in query response and security characteristics.
Preliminary results showed that the proposed searchable
encryption and hybrid fragmentation model provides a secure
mechanism that enhances data confidentiality in terms of
faster response and additional security.
Keywords—Cloud computing, Isolation, Encryption,
Distributed systems, Hybrid fragmentation.
I. INTRODUCTION
As IT technologies grow daily, the demand for
computational process and storage spaces are rapidly
growing. Cloud computing has arisen a extensively
established model for high computational power [1-3].The
cloud provides its services via the internet, and the cloud
terminology is similarly utilized for the services provider that
own different types of cloud resources such as computational
power storage spaces etc. Infrastructure as a service(IaaS),
platform as a service (PaaS) and software as a service (SaaS)
are the different three models of cloud computing[4, 5] . In.
Infrastructure as a service(IaaS) cloud providers supply
clients with cloud infrastructure such as servers, hardware
and networks. In the second model platform as a service
978-1-7281-1006-6/19/$31.00 ©2019
Gada Kadoda
Faculty of Mathematical Sciences
University of Khartoum
Khartoum, Sudan
gadoda@gmail.com
(PaaS), the computing platform is provided to the cloud
tenants software. The third model is software as a service
(SaaS), that provides cloud software to cloud tenants[6]. The
software as a service (SaaS) model provides the software
applications through the internet and there is no need for the
tenants to install the applications on their own computers[7-
10].
On the other hand, security becomes the major problem
that discourage organizations to take advantage of the
benefits of cloud computing with implications on the wider
adoption of the technology. This is because the users’ data is
stored offsite which makes confirming the different security
levels of data more difficult. Isolation of user transaction and
data is also a challenge in cloud security, where the purpose
of isolation of users data in cloud computing is to enhance
the confidentiality and availability of data as well as the
accuracy of responses to users query[11].
Isolation has been considered as one of the crucial
problems in cloud computing and different approaches
attempted to solve problems like the separation of duty
concept and CryptDB[12]. Another example is Alsirhani's
model for data isolation in cloud that is based on encryption
and fragmentation techniques. This model contains public
and private clouds, where the public cloud consisting of a
master cloud and slave clouds, and the private cloud of users
and proxy server to do processes of the model such as
encryption, decryption, fragmentation, and query processing
[7, 12-15]. By using these techniques, the new model
improves isolation in the cloud because the distribution
technique uses hybrid fragmentation instead of vertical
fragmentation.
This paper contains five sections. Section two discuss the
related works. Section three presents the proposed searchable
encryption and hybrid fragmentation model. Section four
illustrates the evaluation results of the prosed model. The
conclusion is presented in section five.
II. RELATED WORK
Confidentiality work and isolation of outsourcing data
stored is divided into three fields. First fragmentation
schemes, second sensitivity of data, and third combining of
encryption algorithms. Henrich et al. (2002) in[13]proposed
a fragmentation technique based on column partitioning. A
unique identification number is utilized to provide several
types of queries. Database queries are processed in two steps.
Based on the fragment’s ID, the first query returns the
fragment to the client. After the cloud tenant gets the
fragment, it is decrypted to utilize the query once more to the
returned fragment. As a final point, the query's outcome is
returned once the second is performed. Although this
technique could be fitting for small databases, it needs a big
quantity of overhead time and processing to return all
fragments. Using this method, there is a situation where the
entire database need to be returned to the cloud client area,
that raise concerns about encryption attacks and the benefits
of dealing with cloud. Other studies [16-18], have considered
the same approach but focus on the query optimization
technique as a means of trying to solve the limitation of
Henrich's [13] concerning performance.
Anciaux et al. (2007) in[19] proposed a new method to
provide data confidentiality when data is kept in the cloud.
Their approach divides the database into two types, private
database and public data database. The private database
contains the critical data retained in a secure manner, and
public database is the non-critical database that public can
view and access. In Anciaux's approach [9], critical
information is encrypted and kept on a smart USB key at the
cloud tenant area, and non-critical data are kept on a public
cloud unencrypted. The cloud tenant is not permitted access
the data without the smart USB key is connected into the
tenants' machine. The two sides are merged using a
distributed procedure when the smart USB key is connected
to tenant's machine. This method is considered to be a
practical for limited number of tenants, nonetheless it is not
reasonable for huge number of tenants as the challenging of
distribution process of the USB keys. Furthermore, this
method restricts the advantages of cloud technology as it
kept critical data at the client area, that reduces the scalability
of the cloud. Popa et al. (2012) in [20]developed CryptDB
approach that contains of a several of modules. These
modules are encryption techniques, proxy, and user's
applications. The idea of Popa et al. (2012) depend on the
point that there is no one encryption technique can handle all
kinds of queries. To tackle this issue, the researchers
explored encryption techniques that permit for queries to be
supplied for encrypted database. They established six
encryption techniques that can be utilized to handle the
essential query structure.
Alsirhani et al.(2017) in [21] presented a hybrid method
that utilize encryption methods with a fragmentation
procedure.Once more, the public clouds contain a master
cloud and some slave clouds. The encrypted data is kept in
the master cloud and the extended columns are kept in the
individual public clouds. The fragmentation method,
containing the master and slave clouds, is destined to attain
column-based fragmentation. In the primary step, the whole
database is encrypted using a very safe encryption technique
and kept in the master cloud and hiding the encryption key
from the master cloud provider.
AES-CBC is employed in this approach to encrypt the
database tables in the master cloud. The index column is
stored unencrypted as the clients are be able to query the
database tables using index column to fetch the desired
database table rows. The concept of this approach is keeping
the whole database table in the master cloud is to achieve
the maximum advantage from cloud by avoiding any type of
database kept in the user area. The proxy server is
considered the moderator that is used to generate variable
amount of database copies for the database fields that kept in
the slave cloud. The proxy server carries out different
procedures such as query parsing, fetching and obtaining the
query output in addition to the encryption and decryption
procedures. The proxy server is located within the private
cloud and has to connect with the external servers using a
very secure connection.
This schema limits the use of vertical fragmentation to
distribute the fragments on slave clouds because the schema
did not fully perform logical isolation of data on slave
clouds. Depending on this schema and by developing in
distributing technique that used, the enhanced schema was
built.
III. METHODOLOGY
The research followed mixed design methodology. First
by applying qualitative strategies to design the proposed
model (Fig. 1) in Java programming language. This was
achieved through literature review on searchable encryption
algorithms and fragmentation techniques that can enhance
data isolation in cloud to provide the hybrid fragmentation
technique for data distribution instead of vertical
fragmentation (as in Alsirhani’s model). The simulation of
Alsirhani’s was also developed in Java and quantitative
strategies were used to test the model (that is, calculate and
compare query responses in milliseconds). The evaluation of
the proposed model involved a qualitative component where
a desk-based comparison of security characteristics was
performed to compare with Alsirhani's and Popa's models.
Java language and Microsoft access database were
particularly used to build the model by applying different
patterns of hybrid fragmentation techniques to achieve
flexibility of data distribution. The choice of using Java
language to simulate the models was made because Sudan is
under political and economic sanctions, which prevents the
use of available efficient tools. However, it can be argued
that simulating all models leveled the comparison ground.
Fig. 1. Structure of Proposed Model.
The Java application created one class that contains the
methods to implement the proposed technique. The first
method “setData()”is utilized to key in data into the cloud
database that represent the master cloud, and the second
“getData()”is used to implement the hybrid fragmentation
technique after selecting “Submit” button. The final TABLE II. SCHEMES’/TECHNIQUES’ COMPARISON
Constructor method is used to build the application’s Characteristics

Secure Distributed

Popa's Technique
interface. The Database consisted of four tables where the

Proposed Model

Technique
first table representing the master cloud, and other three
tables representing the slave clouds.
IV. RESULTS AND DISCUSSION

The evaluation of the models was based on two criteria. Confidentiality   

First, in terms of the response time to query in milliseconds Integrity   
between the proposed model and Alsirhani's model. Second,
Availability   
in terms of security goals the proposed scheme achieves
Simplicity   
from such as (CIA) triangle, complexity and meaningless of Meaningless of data   
data if decrypted by attacker. The evaluation also comprised Distribution of data   
critical analyses of the proposed scheme using hybrid
fragmentations properties and features.
Confidentiality and integrity was ensured using three
In six queries, Alsirhani's model provided faster response techniques: by applying encryption algorithms. In secure
rate than the proposed model because the proposed model distributed technique and proposed technique same
utilizes a more complex query processing in data distribution algorithms were applied to convenience data types, and
(hybrid) while Alsirhani's model only uses vertical integrity in Popa's technique because data was stored
fragmentation. However, the proposed model provides better centralized.
security than Alsirhani's because the data becomes
meaningless if data was hacked after distribution. Table I. Availability was achieved in proposed scheme and
and Fig 2 show the evaluation of the searchable encryption the secure distributed techniques by storing data in master
and hybrid fragmentation model compared to Alsirhani's and slave clouds while in Popa's technique data was stored in
model. Wherein Table II. reveal the results of the proposed centralized database. Simplicity of operation and process did
searchable encryption and hybrid fragmentation model and not characterize any of the three techniques. This is because
two previously discussed schemes. the techniques apply encryption and distribution of data as in
proposed and Popa's techniques that requires for
computational power.

TABLE I. MODELS’ COMPARISON

Meaningless of data if hacked by an attacker was
achieved by applying a hybrid fragmentation technique
because data was split into small fragments by User ID in
No. of Records Proposed Model Alsirhani'sModel proposed model. However, in other techniques, meaningless
Q1 17625 500 of data was not achieved. Distribution of data across clouds
Q2 17532 1156 was achieved by proposed model and secure distributed
Q3 17531 531 technique by implementing fragmentation techniques.
Q4 7922 375
Q5 2859 438 V. CONCLUSION
Q6 2859 359
The hybrid fragmentation technique provided distribution
of data across slave clouds firstly by implementing vertical
fragmentation followed by horizontal fragmentation on
fragments. The prototype of the proposed model was
implemented using Java, with the results showing that the
proposed model provides greater security. The work
involved evaluating the proposed scheme by comparing it
with two models in different scales such as CIA triangle,
complexity, meaningless of data, and the distribution of data
across slave clouds. This comparison demonstrated that the
proposed model outperformed other models in ensuring data
confidentiality. The proposed model distributes the cloud
database among the clouds using the provider views and
level of confidentiality that is delivered by the employed
encryption algorithms. The encryption mechanism and the
distribution of the proposed model are vital improvement of
the could database system that enhance the database
confidentiality. Possible future research that can follow from
this work can explore how the number of columns can be
decreased using a hybrid of encryption techniques into one
method that provide several types of queries. Another
Fig. 2. Models’ Comparison direction can explore whether the distribution of data over
cloud can be enhanced and integrity ensured by increasing
communication among different cloud databases using a
secure channel. The proposed model adds to research efforts
on enhancing cloud security that can encourage the adoption International Conference on Computer and Applications (ICCA),
of cloud technology in government and private sectors as 2017, pp. 43-49.
well as for individual use. The implications for resource-
limited settings, whether SMEs or developing countries, are
paramount.
REFERENCES

[1] H. Anggeriana, S. Kom, and M. Kom, "Cloud Computing," Jurnal

Teknik Informatika, vol. 1, 2011.
[2] T. Velte, A. Velte, and R. Elsenpeter, Cloud computing, a practical
approach: McGraw-Hill, Inc., 2009.
[3] P. Mell and T. Grance, "The NIST definition of cloud computing,"
National Institute of Standards and Technology, vol. 53, p. 50, 2009.
[4] A. Yousif, M. Farouk, and M. B. Bashir, "A Cloud Based Framework
for Platform as a Service," in Cloud Computing (ICCC), 2015
International Conference on, 2015, pp. 1-5.
[5] E. Hossny, S. Khattab, F. Omara, and H. Hassan, "A Case Study for
Deploying Applications on Heterogeneous PaaS Platforms," in Cloud
Computing and Big Data (CloudCom-Asia), 2013 International
Conference on, 2013, pp. 246-253.
[6] M. O. Imam, A. Yousif, and M. B. Bashir, "A Proposed Software as a
Service (SaaS) Toolkit for Cloud Multi-Tenancy," Computer
Engineering and Applications Journal, vol. 5, 2016.
[7] M. M. Alani, Elements of cloud computing security: A survey of key
practicalities: Springer, 2016.
[8] A. team. (2011). Open Source Metadata-Based Java ORM Framework
for Cloud SaaS Applications. Available:
http://www.athenasource.org/java/
[9] S. Paliwal, "Cloud application services (SaaS)–Multi-Tenant Data
Architecture," Infosys technologies limited, URL: http://www. cmg.
org/wp-content/uploads/2012/11/m_94_4. pdf,[accessed on: 10 Sep
2014], 2012.
[10] S. A. Elmubarak, A. Yousif, and M. B. Bashir, "Performance based
Ranking Model for Cloud SaaS Services," 2017.
[11] R. Bhuyar and A. Gawande, "Distributed Database: Fragmentation
and Allocation," Journal of Data Mining and Knowledge Discovery,
vol. 3, p. 58, 2012.
[12] S. A. Adam, A. Yousif, and M. B. Bashir, "Multilevel Authentication
Scheme for Cloud Computing," International Journal of Grid and
Distributed Computing, vol. 9, pp. 205-212, 2016.
[13] C. Henrich, M. Huber, C. Kempka, J. Mueller-Quade, and R.
Reussner, "Technical report: Secure cloud computing through a
separation of duties," Institut für Kryptographie und Sicherheit (KIT),
2010.
[14] M. Elsayed and M. Zulkernine, "Offering security diagnosis as a
service for cloud SaaS applications," Journal of information security
and applications, vol. 44, pp. 32-48, 2019.
[15] T. Mather, S. Kumaraswamy, and S. Latif, Cloud security and
privacy: an enterprise perspective on risks and compliance: " O'Reilly
Media, Inc.", 2009.
[16] B. Hore, S. Mehrotra, M. Canim, and M. Kantarcioglu, "Secure
multidimensional range queries over outsourced data," The VLDB
Journal, vol. 21, pp. 333-358, 2012.
[17] H. Hacıgümüş, B. Iyer, and S. Mehrotra, "Query optimization in
encrypted database systems," in International Conference on Database
Systems for Advanced Applications, 2005, pp. 43-55.
[18] B. Hore, S. Mehrotra, and G. Tsudik, "A privacy-preserving index for
range queries," in Proceedings of the Thirtieth international
conference on Very large data bases-Volume 30, 2004, pp. 720-731.
[19] N. Anciaux, M. Benzine, L. Bouganim, P. Pucheral, and D. Shasha,
"GhostDB: querying visible and hidden data without leaks," in
Proceedings of the 2007 ACM SIGMOD international conference on
Management of data, 2007, pp. 677-688.
[20] R. A. Popa, C. Redfield, N. Zeldovich, and H. Balakrishnan,
"CryptDB: protecting confidentiality with encrypted query
processing," in Proceedings of the Twenty-Third ACM Symposium
on Operating Systems Principles, 2011, pp. 85-100.
[21] A. Alsirhani, P. Bodorik, and S. Sampalli, "Improving database
security in cloud computing by fragmentation of data," in 2017