searchable security scheme for cloud nosqlcs.ucf.edu/~ahmadian/pubs/proposal presentation.pdf ·...

Searchable Security Scheme for Cloud NoSQL

Mohammad [email protected]

Advisor: Professor Dan C. MarinescuUniversity of Central Florida

September 16, 2017

Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 1 / 48

Research goal is to find an answer to:

Is it possible to delegate processing of a private data tothird-party without getting revealed?

Outline I

1 Introduction And MotivationCloud Relational DatabaseCloud Data Storage And Management ComponentsCloud NoSQLData Models For NoSQLCryptosystems For Outsourced Data Store

2 RELATED WORK

3 RESEARCH OBJECTIVES AND APPROACHResearch ObjectivesThreat ModelJSON And BSON

4 CURRENT WORK AND PRELIMINARY RESULTSSecureNoSQL

5 Research PlanWork In Progress And Tasks Time Table

Introduction And Motivation

Database as a Service (DBaaS)

Database as a Service (DBaaS) is a cloud-based approach to the storageand management of structured data. DBaaS delivers databasefunctionality similar to what is found in on-premise database managementsystems such as relational and non-relational database systems.

Cloud Relational Database

Searchable Security Scheme for RDBMS DatabasesCloud Data Storage And Management Components

Cloud NoSQL Databases

Data Models For NoSQL DatabasesSearchable Security Scheme For NoSQL Databases

Crypto-systems For Outsourced Data Store

Leakage Proof Data Processing In Public Cloud

Introduction- Cloud Relational Database

Cloud storage is cost-effective, but it poses significant security andprivacy risks.

The owner of the data has no longer control on where it is stored andhow it is protected against unauthorized access.

For instance, AWS offers an array of flexible and affordable datamanagement services including Simple Storage Service (S3), SimpleDB,RDS1, Elastic Compute Cloud (EC2) and DynamoDB.

1Amazon Relational Database ServiceMohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 5 / 48

Introduction- Cloud Data Storage And ManagementComponents

Amazon Simple Storage Service (AWS S3)AWS S3 uses a simple data model:

Objects: like files, contain data and metadata but, objects are notorganized in a hierarchy and every object exists at the same level.Buckets: a logical unit of storage used to store objects

Only authenticated user have access to Amazon S3.Access control does not provide protection for S3 data againstmalicious insider. Encryption can be applied for the stored data toprotect from the cloud internal.

Amazon Elastic Compute Cloud (EC2)EC2 uses the public key part of the key pair associated with the AWSaccount to secure login, so that only someone with the correspondingprivate key can access to the EC2 instance. In addition, by usingconcept of security group that are basically collections of rules thetraffic of EC2 instance is manageable.

Introduction-Cloud NoSQL

Cloud NoSQL:Cloud NoSQL is a fast and flexible database service for all applications thatneed consistent, single-digit millisecond latency at any scale. It is a fullymanaged cloud database and supports both document and key-value storemodels. Its flexible data model and reliable performance make it a great fitfor mobile, web, gaming, ad tech, IoT, and many other applications.

Introduction- Data Models For NoSQL

Data Models For NoSQL Databases:1 Key-value stores: A dictionary DS where a key uniquely identifies

the value.

2 Column-family stores: Data are stored in rows and each row has aunique key and set of columns.

Data Models For NoSQL Databases:1 Key-value stores: A dictionary DS where a key uniquely identifies

the value.

2 Column-family stores: Data are stored in rows and each row has aunique key and set of columns.

3 Document stores: Data are stored in internal structure (Document)to offer higher level of granularity. Each document has a unique keyto identify.

4 Graph Databases: This model is based on graph and can used torepresent complex structures and highly connected data.

3 Document stores: Data are stored in internal structure (Document)to offer higher level of granularity. Each document has a unique keyto identify.

4 Graph Databases: This model is based on graph and can used torepresent complex structures and highly connected data.

Introduction- Cryptosystems For Outsourced Data Store

Data in the cloud can be in one of three states:1 Store: Encryption of data before uploading to the Cloud.

2 Transit: Communication channels can be secured by using thestandard HTTP over Secure Socket Layer (SSL). In addition, theendpoint authentication feature of the SSL protocol makes it possibleto ensure clients are communicating with an authentic cloud server.

3 Process: Data owner should disclose decryption key to the server inorder to decrypt the data before performing any required operation.The problem is when the decryption key is compromised, the dataconfidentiality would be affected. Therefore, in the cloud computingmodel, new set of cryptosystems is required.

Cryptosystems-Deterministic (DET)

DET scheme always produces the same ciphertext for an identical pair of givenplaintext and key.2 DET leaks information about ciphertext of same plaintext.DET enables server to process pipeline aggregation stages such as group, count,

retrieving distinct values and equality match 3 on the fields within an embeddeddocument. The embedded document can maintain the link with the primarydocument through application of DET encryption. See Equation 1.

Deterministic Encryption

for j = 1 . . . n; Cj = Ek(Pj); Pj = Dk(Cj) (1)

2Block ciphers in Electronic Code Book (ECB) mode with a constant IV are DET.3Equality matches over common fields in an embedded document will select

documents in the collection containing fields with specified values.Mohammad Ahmadian (UCF) Secure NoSQL September 16, 2017 11 / 48

Cryptosystems-Random (RND)

RND scheme (probabilistic) encryption, the same message with the same keyyields different ciphertext.This randomness provides the highest level of security

and different encryption algorithms provide RND property. 4 RND type schemesare semantically secure against chosen plaintext attacks and hides all kind ofinformation about ciphertext. RND scheme does not allow any efficientcomputation on the ciphertext.5

Random Encryption

C1 = Ek(P1 ⊕ IV ), P1 = IV ⊕ Dk(C1)

for j = 2 . . . n; Cj = Ek(Pj ⊕ Cj−1), Pj = Cj−1 ⊕ Dk(Cj)(2)

4AES in Cipher Block Chaining (CBC) mode is used for RND. AES with a key size of128,192 or 256 bits and with a block size of 128 bits.

5Where: Ek is the Enc., Dk is the Dec., k is secret key P is plaintext and C isciphertext.

Cryptosystems-Order-Preserving Encryption (OPE)

OPE projects the order relation between plaintext data elements to theirciphertext values. OPE leaks the order of ciphertext, so it supports a lower degreeof security.

Order-Preserving Encryption

∀x , y |x , y ∈ Data Domain

x < y =⇒ OPEk(x) < OPEk(y)(3)

An efficient inequality comparisons on the encrypted data elements can beperformed by applying OPE which supports range queries, comparison, Min(),Max() on the ciphertext.

Cryptosystems-Additive Homomorphic Encryption(AHOM)

AHOM allows the server to conduct computations on ciphertext with the finalresult that get decrypted at the proxy. In spite of sustained research efforts of theFully Homomorphic Encryption (FHE), there is no efficient FHE, except forlimited operations. We applied Paillier [1] scheme that supports additiveoperations. It should be noted that m1,m2 are messages to be encrypted wherem1,m2 ∈ Zn. r1, r2 ∈ Z∗

n are randomly selected.

Additive Homomorphic Encryption

(Ek(m1, r1)× Ek(m2, r2)modn2

)= m1 + m2(mod n) (4)

In other words, the product of two ciphertexts decrypt to the sum of theircorresponding plaintexts.

RELATED WORK

The first SQL-aware query processing over encrypted database wasCryptDB [2]. CryptDB satisfies data confidentiality for the relationaldatabase. However, CryptDB cannot perform queries over dataencrypted with different keys. Other problem that CryptDB has isinformation leakage from encrypted data.A practical searchable security scheme known as Oblivious Cross Tags(OXT) is introduced by Cash et al. [3] which can search on encrypteddata sets in sub-linear time complexity by using different types ofindices, however it is not practical on NoSQL data sets which aredesigned to scale to millions of users doing updates simultaneously.Extended OXT introduced by Faber et al. adds a set of new featuressuch as multi-keyword, substring, wild-cards and substring searchingto the basic OXT approach. The main downsides of thisSecureNoSQL is a system which acts as a proxy to secure thecommunication between the NoSQL database server, and theapplications server. Advantages: Using original expressive querylanguage. Benefits from secondary indexes of database system.

RELATED WORK

RELATED WORK-Summary

Comparison with related work

Table 1: Information leakage management methods comparison

Method Description Context Advantage Downside Reference

Oblivious Cross-Tags (OXT)

Searchable sym-metric encryption

Searches for a setof keywords

Practical (1)Multiple inter-actions; (2)Pre-Processing

Cash et al. [4]

Extended-OXT Searchable sym-metric encryption

Searches for a setof keywords

Extends OXT to:(1)Substring;(2)Wildcards, Phrase& Substring

(1)Multipleinterac-tions;(2)Preprocessing

Faber et al. [5]

CryptDB Secure query pro-cessing

SQL awaredatabase

Efficient Leakage from en-crypted data

Popa et al. [2]

SecureNoSQL Leakage resilientquery processingover encrypteddatabase

NoSQL database Covers: (1)searchover encryptedNoSQL databases;(2)Leakage preven-tion

Requires extrahardware resourcesfor Proxy

Current work *

* The paper related to this work is currently under review.

Drawbacks of CryptDb

A team of Microsoft researchers led by Seny Kamara claims to have beensuccessful at recovering a substantial amount of data from health recordsstored in CryptDB (PDF), a database technology that uses layers ofencryption to allow users to search through encrypted data withoutexposing its contents.

RESEARCH OBJECTIVES AND APPROACH

Research Objectives: The goal of this research is to design securityschemes that enable cloud users to securely receive the productivityand computational benefits of the cloud DBaaS withoutcompromising security and privacy.

Motivation: A 70% annual growth rate in DBaaS, and consideringthe cloud threat model an efficient security scheme is required forhigh volume data stored and processed in the cloud.

Threat Model: A threat model describes the threats against cloudDBaaS.

JSON And BSON: JSON is an open standard format used totransmit data objects consisting of key-value pairs using selfdescribing text (BSON is binary extension).

RESEARCH OBJECTIVES AND APPROACH-ThreatModel

Threat Model: We investigate cloud threat model from theadversarial prospective which is a holistic process based on end-to-endsecurity. The model identifies two classes of threats.

External attacker:An attacker from the outside of cloudenvironment might obtain unauthorized access to the data.

Cloud malicious insiders: Unauthorized access to data by the cloudinternals

RESEARCH OBJECTIVES AND APPROACH-ThreatModel

Threat Model: We investigate cloud threat model from theadversarial prospective which is a holistic process based on end-to-endsecurity. The model identifies two classes of threats.

External attacker:An attacker from the outside of cloudenvironment might obtain unauthorized access to the data.

Cloud malicious insiders: Unauthorized access to data by the cloudinternals

RESEARCH OBJECTIVES AND APPROACH-JSON AndBSON

JSON And BSON:Open standard format

Self describing format

BSON is a binary extension for JSON

BSON supports more data types

In this work we use JSON to create a new concept called security plan.

SecureNoSQL

We deign SecureNoSQL which is a system that provides practical andprovable confidentiality in presence of these attacks for applications backedby NoSQL databases. The key part of SecureNoSQL is evaluation a set ofoperations on the encrypted databases. Moreover, the designed novelalgorithms for information leakage prevention from data or query are addedto SecureNoSQL. We also introduced a novel descriptive language basedon the JSON notations which enables the users to generate a securityplan. The security plan is useful tools for data owners for regulatingsecurity parameters management without getting involved in the details.

Architecture

Figure 1: High-level architecture of SecureNoSQL as a secure proxy between users applicationsand cloud NoSQL database server.

Some features of SecureNoSQL

1 Descriptive language based onJSON notations to create asecurity plan.

2 A multi-key, multi-levelmechanism.

3 The effective validationprocedure against security planin SecureNoSQL helps to avoidunnecessarily increase ofworkload and response time ofremote cloud server.

4 Support for a comprehensive,flexible protection. The solutionis open-ended, users can addnew customized cryptographicmodules simply by usingdesigned descriptive language.

5 A balanced system with asecurity level-proportionaloverhead. The overhead ofscheme is proportional to thedesired level of security.

6 SecureNoSQL addresses theinformation leakage from fully orpartially encrypted databases inthe cloud. a

aThe malicious insider could pool all databases andextract sensitive information from correlation withvarious hosted databases.

Super Document

Super Document:

d1 =⟨〈k1, v1〉, 〈k2, v2〉, . . . , 〈ki , vi 〉

⟩d2 =

⟨〈k1, v1〉, 〈k2, v2〉, . . . , 〈kj , vj〉

⟩. . .

dn =⟨〈k1, v1〉, 〈k2, v2〉, . . . , 〈kl , vl〉

⟩Super Document D =

n⋃i=1

Match function : M(di , dj) determines whether any two givendocuments di , dj can be merged or not.6

6Two documents can be merged provided that they share the same attribute from anidentifying class or group of attributes from semi-identity class.

Security Plan

Security plan is a document contains a hierarchical collection of key-valuepairs that describes data elements, parameters of cryptosystems andmapping between these two. Every security plan document includes fourtop-level sections represented in key-value pairs.

Figure 2: The high level structure of the security plan.

Security Plan-Collection

Figure 3: Collection (metadata) encryption:(a) The chart outlines the structure of collectioncontaining the name of collection and name of all fields which are considered as meta-data thusshould be protected with proper cryptographic module. The pointer to a cryptomodule, theencryption key, and the initialization vector used for the encryption of the items. (b) Thedescription of a collection and security parameters in designed JSON based language.

Security Plan-Cryptographic Modules

Cryptographic modules introducesall cryptosystems and theirparameters such as key, key-size,initialization vector and output-size.

Figure 4: Cryptographic Modules

Security Plan-Data Elements

Figure 5: Data elements containing attributes of data elements such as name, type and value forof collection and name. Then introduces security parameters for each data elements. (b) Thedata element section of a sample database which are represented in designed notation. A dataitem has 7 fields: id, name, salary, balance, ccn, ssn, and email. The id, name, email and salaryare required fields.

Security Plan-Mapping Cryptographic Modules to TheData Field

Figure 6: Structure and description of Mapping cryptographic modules to the Data element: (a)Security plan with the fourth section expanded. This section establishes a correspondencebetween the data fields and the cryptographic modules used to encrypt and decrypt it. (b) Themapping section of the schema for a sample database with 7 fields. For example, the id and thename will be encrypted with OPE 128 bit and AES-DET, respectively.

Security Plan-KVP And Document Data Models

Figure 7: SecureNoSQL applied to: (a) The key-value data model; Key1, . . . ,Keyn are allencrypted using the cryptographic module z while the corresponding values, Value1, . . . ,Valuenare encrypted with cryptographic modules 1, 2, . . . , n, respectively. (b) The document store datamodel; the meta-data such as collection name encrypted as well as attributes with assignedcryptographic modules.

Security Plan-Query and data validation

Figure 8: The validation process of input data against security plan in the client side.

An Example

Figure 9: Security plan designed for sample input: (a) Data element section of sample securityplan. (b) Output of JSON Data validation for sample database.

Query Encryption

Figure 10: The query db.customers.find({salary:{$gt:5000}, balance:{$lt:2000}}) received froman application. (a) The parsing tree of the query (b) The cryptographic modules applied to thedata elements according to schema definition

Example Queries

Table 2: Sample queries and their corresponding encrypted version

Query Encrypted query

1 db.customers.find({ssn:936136916})db[”k/IevnbanDMQHNkb9cRgUg==”].find({”5pgAxn6BF08WtM7zyu

YaKg==”:74172405478441908041711118833862143778})

db.customers.find({balance:{$gte:

5084610},balance:{$lte:9911843}})

db[”k/IevnbanDMQHNkb9cRgUg==”].find({”3iXpo2l8xZpW7J7TezFde

A==”:{$gte:402982988013604629517872370128473753},”3iXpo21

8xZpW7J7TezFdeA==”{$lte:7855963556987175927802686333694542

db.customers.aggregate([{$group:{ id

:null,minBalance:{$min:”$balance”}}}])db[”k/IevnbanDMQHNkb9cRgUg==”].aggregate([{$group:{ id:

null,EncMinBalance:{$min:”$3iXpo2l8xZpW7J7TezFdeA==”}}}])

db.customers.aggregate([{$group:{ id:

null,maxBalance:{$max:”$balance”}}}])db[”k/IevnbanDMQHNkb9cRgUg==”].aggregate([{$group:{ id:null

,EncmaxBalance:{$max:”$3iXpo2l8xZpW7J7TezFdeA==” }}}])

db.customers.find({$or:[{Salary:{$gt:

516046}},{balance:{$lt:285462}}]})

db[”k/IevnbanDMQHNkb9cRgUg==”].find({ $or: [ { ”9mnGu8Q2V

DstE+T9jFw2wQ==”: { $gt: 40994186216785746613193244129885849

}},{”3iXpo2l8xZpW7J7TezFdeA==”:{$lt:226574304531446346797

91167652174833}}]})

Overhead Data

Table 3: Overhead of encryption upon security level

Database Plain OPE64 OPE128 OPE256 OPE512

Size(MB) 170 430 508 662 1000

Table 4: Overhead of RND and DET encryption

Database Plain RND DET

Size(MB) 170 170 170

Table 5: Overhead of AHOM encryption

Database Plain AHOM

Size(MB) 170 10880

Measurements And Experimental Results

Figure 11: Query processing time in milliseconds (ms) for the unencrypted database and for theencrypted databases when the 32-bit keys are encrypted as 64, 128, 256 and 512-bit integers.

Measurements And Experimental Results

Response time: shortest for comparison and longest for aggregatedqueries.The query processing time: for a given type of query increases, but onlyslightly, less than 5% when the key length increases from 64, to 128, 256,and 512 bit.As expected, the OPE encryption time increases significantly with the sizeof the encryption space; it increases almost tenfold when the size of theencrypted output increases from 64-bit to 1024-bit and it is about 10 msfor 256-bit.The decryption time is considerably smaller, it increases only slightly from0.11 ms to 0.17 when the size of the encrypted key increases from 64-bitto 1024 bit.

Research Plan

Research Plan (Past-Current-Future)

Work in Progress And Tasks Time Table

2013 2014 2015 2016

1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12

Published papers

Paper 1

Paper 2

Submitted papers

Paper 3

Paper 4

Paper 5

Ready to submit

Paper 6

Revision of papers

Revising the Papers

Figure 12: Estimate work plan and timeline

Work in Progress

Table 6: List of publications

Paper Paper Authorship Journal or StatusNo Title Conference

Paper 1Security of Applications Involving Multiple M.Ahmadian, A.Paya IEEE 28th InternationalOrganizations-OPE in Hybrid Cloud Environments [6] D.Marinescu Parallel & Distributed Processing Published (2014)

Paper 2A security scheme for geographic information M.Ahmadiandatabases in location based systems [7] J.Kho., D.Marinescu IEEE SoutheastCon Published (2015)

Paper 3SecureNoSQL: An approach to secure search on M.Ahmadian, F.Plochan International Journal ofencrypted NoSQL databases in public cloud [8] Z.Roessler, D.Marinescu Information Management (IJIM) Published (2017)

Paper 4An Analysis of Information Leakage due to Insider M.Ahmadian Journal of Information Securityand some Outsider Attackers in Computer Clouds D.Marinescu and Applications Under review

Paper 5Secure Query Processing in Cloud NoSQL [9] M.Ahmadian IEEE International Conference

on Consumer Electronics Published (2017)

Paper 6On information leakage in cloud database M.Ahmadian Transaction of sustainable computationservices D.Marinescu Under review

Future Work

The current research will be continued by the following suggestions:

Multiple proxies in order to deal with a huge number of clients,

Developing an efficient, fully homomorphic encryption for unlimitedoperations over the encrypted data,

Encryption key management mechanism development for periodicallyassigning new key for cryptosystems in order to obtain higher levels ofsecurity.

Information Leakage Prevention

Introduction-Information Leakage

Information Leakage

Information leakage can be defined as using combination of data,meta-data and query that are classified at lower level L1 to extractinformation that are at higher level L2.

Introduction-Information Leakage

Information Leakage

This work is under progress ...

References I

P. Paillier, “Public-key cryptosystems based on composite degreeresiduosity classes,” in Advances in cryptologyEUROCRYPT99.Springer, 1999, pp. 223–238.

R. A. Popa, C. M. S. Redfield, N. Zeldovich, and H. Balakrishnan,“Cryptdb: Protecting confidentiality with encrypted queryprocessing,” Proc. of the Twenty-Third ACM Symposium onOperating Systems Principles, pp. 85–100, 2011.

D. Cash, J. Jaeger, S. Jarecki, C. Jutla, H. Krawczyk, M.-C. Rosu,and M. Steiner, “Dynamic searchable encryption in very-largedatabases: Data structures and implementation,” Network andDistributed System Security Symposium (NDSS14), 2014.

References II

D. Cash, S. Jarecki, C. Jutla, H. Krawczyk, M.-C. Rosu, andM. Steiner, “Highly-scalable searchable symmetric encryption withsupport for boolean queries,” in Advances in Cryptology–CRYPTO2013. Springer, 2013, pp. 353–373.

S. Faber, S. Jarecki, H. Krawczyk, Q. Nguyen, M. Rosu, andM. Steiner, “Rich queries on encrypted data: Beyond exact matches,”in European Symposium on Research in Computer Security.Springer, 2015, pp. 123–145.

M. Ahmadian, A. Paya, and D. Marinescu, “Security of applicationsinvolving multiple organizations and order preserving encryption inhybrid cloud environments,” IEEE International conf. on ParallelDistributed Processing Symposium Workshops (IPDPSW), pp.894–903, May 2014.

References III

M. Ahmadian, J. Khodabandehloo, and D. Marinescu, “A securityscheme for geographic information databases in location basedsystems,” IEEE SoutheastCon, pp. 1–7, April 2015.

M. Ahmadian, F. Plochan, Z. Roessler, and D. C. Marinescu,“SecureNoSQL: An approach for secure search of encrypted nosqldatabases in the public cloud,” International Journal of InformationManagement, vol. 37, no. 2, pp. 63 – 74, 2017. [Online]. Available:http://www.sciencedirect.com/science/article/pii/S0268401216302262

M. Ahmadian, “Secure query processing in cloud nosql,” in ConsumerElectronics (ICCE), 2017 IEEE International Conference on. IEEE,2017, pp. 90–93.

The End

searchable security scheme for cloud nosqlcs.ucf.edu/~ahmadian/pubs/proposal presentation.pdf ·...

Documents