Professional Documents
Culture Documents
Abstract—Cloud computing is a new technology that (PaaS), the computing platform is provided to the cloud
transfer the computing process from personal computers into tenants software. The third model is software as a service
cloud servers over the internet. Nevertheless, as the client (SaaS), that provides cloud software to cloud tenants[6]. The
information data is stored in the cloud provider servers, the software as a service (SaaS) model provides the software
confidentiality of the information become a new concern. applications through the internet and there is no need for the
Different algorithms based on Encryption is presented tenants to install the applications on their own computers[7-
previously to provide cloud clients with confidentiality. The 10].
main idea of encryption algorithms for cloud data is to permit
cloud clients queries to be handled using encrypted data On the other hand, security becomes the major problem
without decryption. This paper presents a new security that discourage organizations to take advantage of the
mechanism using hybrid method of encryption algorithms and benefits of cloud computing with implications on the wider
a distribution system to enhance cloud database adoption of the technology. This is because the users’ data is
confidentiality. A vertical fragmentation technique is adopted stored offsite which makes confirming the different security
from alsirhani's model for distributing data over clouds. levels of data more difficult. Isolation of user transaction and
However, to overcome a weakness in alsirhani's model where data is also a challenge in cloud security, where the purpose
compromises to a fragment can still make data meaningful. of isolation of users data in cloud computing is to enhance
Instead, the proposed model uses a hybrid fragmentation the confidentiality and availability of data as well as the
technique to make data on fragments meaningless if
accuracy of responses to users query[11].
compromised. The proposed model distributes the cloud
database among the clouds using the provider views and level Isolation has been considered as one of the crucial
of confidentiality that is delivered by the employed encryption problems in cloud computing and different approaches
algorithms. To evaluate the proposed searchable encryption attempted to solve problems like the separation of duty
and hybrid fragmentation model, the study developed a Java concept and CryptDB[12]. Another example is Alsirhani's
application for simulating the hybrid cloud. The simulation model for data isolation in cloud that is based on encryption
combines public and private clouds; as essential processes is and fragmentation techniques. This model contains public
conducted inside the private cloud. The evaluation of the work
and private clouds, where the public cloud consisting of a
was conducted by comparing the proposed model with existing
master cloud and slave clouds, and the private cloud of users
solutions in query response and security characteristics.
Preliminary results showed that the proposed searchable and proxy server to do processes of the model such as
encryption and hybrid fragmentation model provides a secure encryption, decryption, fragmentation, and query processing
mechanism that enhances data confidentiality in terms of [7, 12-15]. By using these techniques, the new model
faster response and additional security. improves isolation in the cloud because the distribution
technique uses hybrid fragmentation instead of vertical
Keywords—Cloud computing, Isolation, Encryption, fragmentation.
Distributed systems, Hybrid fragmentation.
This paper contains five sections. Section two discuss the
related works. Section three presents the proposed searchable
encryption and hybrid fragmentation model. Section four
I. INTRODUCTION illustrates the evaluation results of the prosed model. The
As IT technologies grow daily, the demand for conclusion is presented in section five.
computational process and storage spaces are rapidly
growing. Cloud computing has arisen a extensively II. RELATED WORK
established model for high computational power [1-3].The Confidentiality work and isolation of outsourcing data
cloud provides its services via the internet, and the cloud stored is divided into three fields. First fragmentation
terminology is similarly utilized for the services provider that schemes, second sensitivity of data, and third combining of
own different types of cloud resources such as computational encryption algorithms. Henrich et al. (2002) in[13]proposed
power storage spaces etc. Infrastructure as a service(IaaS), a fragmentation technique based on column partitioning. A
platform as a service (PaaS) and software as a service (SaaS) unique identification number is utilized to provide several
are the different three models of cloud computing[4, 5] . In. types of queries. Database queries are processed in two steps.
Infrastructure as a service(IaaS) cloud providers supply Based on the fragment’s ID, the first query returns the
clients with cloud infrastructure such as servers, hardware fragment to the client. After the cloud tenant gets the
and networks. In the second model platform as a service fragment, it is decrypted to utilize the query once more to the
978-1-7281-1006-6/19/$31.00 ©2019
returned fragment. As a final point, the query's outcome is query output in addition to the encryption and decryption
returned once the second is performed. Although this procedures. The proxy server is located within the private
technique could be fitting for small databases, it needs a big cloud and has to connect with the external servers using a
quantity of overhead time and processing to return all very secure connection.
fragments. Using this method, there is a situation where the
entire database need to be returned to the cloud client area,
that raise concerns about encryption attacks and the benefits This schema limits the use of vertical fragmentation to
of dealing with cloud. Other studies [16-18], have considered distribute the fragments on slave clouds because the schema
the same approach but focus on the query optimization did not fully perform logical isolation of data on slave
technique as a means of trying to solve the limitation of clouds. Depending on this schema and by developing in
Henrich's [13] concerning performance. distributing technique that used, the enhanced schema was
Anciaux et al. (2007) in[19] proposed a new method to built.
provide data confidentiality when data is kept in the cloud. III. METHODOLOGY
Their approach divides the database into two types, private
database and public data database. The private database The research followed mixed design methodology. First
contains the critical data retained in a secure manner, and by applying qualitative strategies to design the proposed
public database is the non-critical database that public can model (Fig. 1) in Java programming language. This was
view and access. In Anciaux's approach [9], critical achieved through literature review on searchable encryption
information is encrypted and kept on a smart USB key at the algorithms and fragmentation techniques that can enhance
cloud tenant area, and non-critical data are kept on a public data isolation in cloud to provide the hybrid fragmentation
cloud unencrypted. The cloud tenant is not permitted access technique for data distribution instead of vertical
the data without the smart USB key is connected into the fragmentation (as in Alsirhani’s model). The simulation of
tenants' machine. The two sides are merged using a Alsirhani’s was also developed in Java and quantitative
distributed procedure when the smart USB key is connected strategies were used to test the model (that is, calculate and
to tenant's machine. This method is considered to be a compare query responses in milliseconds). The evaluation of
practical for limited number of tenants, nonetheless it is not the proposed model involved a qualitative component where
reasonable for huge number of tenants as the challenging of a desk-based comparison of security characteristics was
distribution process of the USB keys. Furthermore, this performed to compare with Alsirhani's and Popa's models.
method restricts the advantages of cloud technology as it Java language and Microsoft access database were
kept critical data at the client area, that reduces the scalability particularly used to build the model by applying different
of the cloud. Popa et al. (2012) in [20]developed CryptDB patterns of hybrid fragmentation techniques to achieve
approach that contains of a several of modules. These flexibility of data distribution. The choice of using Java
modules are encryption techniques, proxy, and user's language to simulate the models was made because Sudan is
applications. The idea of Popa et al. (2012) depend on the under political and economic sanctions, which prevents the
point that there is no one encryption technique can handle all use of available efficient tools. However, it can be argued
kinds of queries. To tackle this issue, the researchers that simulating all models leveled the comparison ground.
explored encryption techniques that permit for queries to be
supplied for encrypted database. They established six
encryption techniques that can be utilized to handle the
essential query structure.
Alsirhani et al.(2017) in [21] presented a hybrid method
that utilize encryption methods with a fragmentation
procedure.Once more, the public clouds contain a master
cloud and some slave clouds. The encrypted data is kept in
the master cloud and the extended columns are kept in the
individual public clouds. The fragmentation method,
containing the master and slave clouds, is destined to attain
column-based fragmentation. In the primary step, the whole
database is encrypted using a very safe encryption technique
and kept in the master cloud and hiding the encryption key
from the master cloud provider.
AES-CBC is employed in this approach to encrypt the
database tables in the master cloud. The index column is
stored unencrypted as the clients are be able to query the
database tables using index column to fetch the desired
database table rows. The concept of this approach is keeping
the whole database table in the master cloud is to achieve Fig. 1. Structure of Proposed Model.
the maximum advantage from cloud by avoiding any type of
database kept in the user area. The proxy server is
considered the moderator that is used to generate variable The Java application created one class that contains the
amount of database copies for the database fields that kept in methods to implement the proposed technique. The first
the slave cloud. The proxy server carries out different method “setData()”is utilized to key in data into the cloud
procedures such as query parsing, fetching and obtaining the database that represent the master cloud, and the second
“getData()”is used to implement the hybrid fragmentation
technique after selecting “Submit” button. The final TABLE II. SCHEMES’/TECHNIQUES’ COMPARISON
Constructor method is used to build the application’s Characteristics
Secure Distributed
Popa's Technique
interface. The Database consisted of four tables where the
Proposed Model
Technique
first table representing the master cloud, and other three
tables representing the slave clouds.
IV. RESULTS AND DISCUSSION