Two layered protection for sensitive data in cloud

Abstract

Security and privacy are the biggest obstacles in Database as a service (DBaaS) of Cloud Computing. In DbaaS, cloud service providers provide services for storing customers data. As the data are managed by an un-trusted server, the service is not fully trustworthy. The data at the third party data center can be made secure by encrypting the database. But querying the encrypted database is not easy. The result can be obtained from the encrypted database either by decrypting the database for every query or the query itself is encrypted and encrypted query is executed over encrypted database. Another problem associated with most of the database encryption algorithms is that they do not support range query. The proposed framework performs database encryption, query encryption and also supports range query over encrypted databases. This framework is focused on securing database as well as storing sensitive information without any leaks. A double layered encryption is used for sensitive data and a single layer encryption is used for non-sensitive data. Order Preserving Encryption (OPE) is used for single layer encryption. OPE maintains the order in encrypted database and so range query can be performed over encrypted database using encrypted query. OPE has a drawback of revealing information and so for sensitive data, a double layered encryption using Format Preserving Encryption (FPE) followed by OPE symmetric key encryption algorithm is proposed. Symmetric key is used for both OPE and FPE but key is divided into two parts for double encryption.