No Arabic abstract
We propose the client-side AES256 encryption for a cloud SQL DB. A column ciphertext is deterministic or probabilistic. We trust the cloud DBMS for security of its run-time values, e.g., through a moving target defense. The client may send AES key(s) with the query. These serve the on-the-fly decryption of selected ciphertext into plaintext for query evaluation. The DBMS clears the key(s) and the plaintext at the query end at latest. It may deliver ciphertext to decryption enabled clients or plaintext otherwise, e.g., to browsers/navigators. The scheme functionally offers to a cloud DBMS capabilities of a plaintext SQL DBMS. AES processing overhead appears negligible for a modern CPU, e.g., a popular Intel I5. The determin-istic encryption may have no storage overhead. The probabilistic one doubles the DB storage. The scheme seems the first generally practical for an outsourced encrypted SQL DB. An implementation sufficient to practice with appears easy. An existing cloud SQL DBMS with UDF support should do.
In this project we are presenting a grammar which unify the design and development of spatial databases. In order to make it, we combine nominal and spatial information, the former is represented by the relational model and latter by a modification of the same model. The modification lets to represent spatial data structures (as Quadtrees, Octrees, etc.) in a integrated way. This grammar is important because with it we can create tools to build systems that combine spatial-nominal characteristics such as Geographical Information Systems (GIS), Hypermedia Systems, Computed Aided Design Systems (CAD), and so on
Two-phase commit (2PC) has been widely used in distributed databases to ensure atomicity for distributed transactions. However, 2PC suffers from two limitations. First, 2PC incurs long latency as it requires two logging operations on the critical path. Second, when a coordinator fails, a participant may be blocked waiting for the coordinators decision, leading to indefinitely long latency and low throughput. We make a key observation that modern cloud databases feature a storage disaggregation architecture, which allows a transactions final decision to not rely on the central coordinator. We propose Cornus, a one-phase commit (1PC) protocol specifically designed for this architecture. Cornus can solve the two problems mentioned above by leveraging the fact that all compute nodes are able to access and modify the log data on any storage node. We present Cornus in detail, formally prove its correctness, develop certain optimization techniques, and evaluate against 2PC on YCSB and TPC-C workloads. The results show that Cornus can achieve 1.5x speedup in latency.
This work proposes a different procedure to encrypt images of 256 grey levels and colour, using the symmetric system Advanced Encryption Standard with a variable permutation in the first round, after the x-or operation. Variable permutation means using a different one for each input block of 128 bits. In this vein, an algorithm is constructed that defines a Bijective function between sets Nm = {n in N, 0 <= n < fac(m)} with n >= 2 and Pm = {pi, pi is a permutation of 0, 1, ..., m-1}. This algorithm calculates permutations on 128 positions with 127 known constants. The transcendental numbers are used to select the 127 constants in a pseudo-random way. The proposed encryption quality is evaluated by the following criteria: Correlation; horizontal, vertical and diagonal, Entropy and Discrete Fourier Transform. The latter uses the NIST standard 800-22. Also, a sensitivity analysis was performed in encrypted figures. Furthermore, an additional test is proposed which considers the distribution of 256 shades of the three colours; red, green and blue for colour images. On the other hand, it is important to mention that the images are encrypted without loss of information because many banking companies and some safety area countries do not allow the figures to go through a compression process with information loss. i.e., it is forbidden to use formats such as JPEG.
During the last few years, the explosion of Big Data has prompted cloud infrastructures to provide cloud-based database services as cost effective, efficient and scalable solutions to store and process large volume of data. Hence, NoSQL databases became more and more popular because of their inherent features of better performance and high scalability compared to other relational databases. However, with this deployment architecture where the information is stored in a public cloud, protection against the sensitive data is still being a major concern. Since the data owner does not have the full control over his sensitive data in a cloud-based database solution, many organizations are reluctant to move forward with Database-as-a-Service (DBaaS) solutions. Some of the recent work addressed this issue by introducing additional layers to provide encryption mechanisms to encrypt data, however, these approaches are more application specific and they need to be properly evaluated to ensure whether they can achieve high performance with the scalability when it comes to large volume of data in a cloud-based production environment. This paper proposes a practical system design and implementation to provide Security-as-a-Service for NoSQL databases (SEC-NoSQL) while supporting the execution of query over encrypted data with guaranteed level of system performance. Several different models of implementations are proposed, and their performance is evaluated using YCSB benchmark considering large number of clients processing simultaneously. Experimental results show that our design fits well on encrypted data while maintaining the high performance and scalability. Moreover, to deploy our solution as a cloud-based service, a practical guide establishing Service Level Agreement (SLA) is also included.
Individuals and organizations tend to migrate their data to clouds, especially in a DataBase as a Service (DBaaS) pattern. The major obstacle is the conflict between secrecy and utilization of the relational database to be outsourced. We address this obstacle with a Transparent DataBase (T-DB) system strictly following the unmodified DBaaS framework. A database owner outsources an encrypted database to a cloud platform, needing only to store the secret keys for encryption and an empty table header for the database; the database users can make almost all types of queries on the encrypted database as usual; and the cloud can process ciphertext queries as if the database were not encrypted. Experimentations in realistic cloud environments demonstrate that T-DB has perfect query answer precision and outstanding performance.