2016 2nd IEEE International Conference on Computer and Communications
Study on Database Encryption-Based Protection Mechanism under Cloud
Computing Environment
Shu Gong
Department of Computer Science, Guangdong
University Science and Technology,
Dongguan 523083, China
e-mail: 43451678@qq.com
Abstract-The combination of database and cloud environment
prompted changes in the information industry and information
service, while there exits any security issues. The database
protection mechanisms proposed in this paper are based on
attribute decomposition and encrypted cloud environment,
which not only the server to minimize the number of
encryption and decryption of the attribute field, but reduce the
amount of computation and effectively encrypt the data of
database as well.
Keywords-cloud environment, attribute decomposition,
candidate key, homomorphic encryption1
I. INTRODUCTION
Cloud computing is a representative of the new trend
which prompting information industry from providing
independent of hardware and software products to provide
socialization, intensive and professional information service
[I], the database and the cloud environment combination has
the following advantages:
Mass data storage and easy to be extended, to realize
database storage capacity to PB or EP level
Anti fault, when some machine failure, the whole
database system through the internal allocation
mechanism, still can ensure the user to use the normal
database service will not obviously affect the user to
use
High performance and fast response, which can
improve the performance and retrieval efficiency,
increase the network throughput, reduce the response
time
Save energy, database massive data storage in the data
center system and maintain uniform maintenance to
reduce energy consumption by an experienced
database administrator, but also in line with the current
state of China's national policy.
However, cloud computing development is faced with
many key issues, security issues bear the brunt [2] and with
the growing popularity of cloud computing, security issues
are gradually increased [2-3]. Under the cloud computing
model, different users share a set of service system, different
business systems share the same hardware resource, which
bring many information security problems such as illegal
users of business data to steal information, illegal access and
978-1-4673-9026-2116/$31.00 2016 IEEE
Xin Xin Huang
Department of Computer Science, Guangdong
University Science and Technology,
Dongguan 523083, China
e-mail: 43451678@qq.com
modification. A large number of important traditional
industry business data stored in relational database, such as
personal data of Mobile, Bank Corporation are stored in a
relational database. How to protect these sensitive data? So
how to realize the urgency of the encryption protection of the
database sensitive data on the cloud platform is urgent.
Therefore, in the cloud environment, data privacy
protection is a problem of the cloud storage service model
which can not be avoided, and the confidentiality of stored
data is guaranteed by data encryption. Jung et al proposed an
anonymous access control scheme.[4], the proposed scheme
implements anonymous cloud data access and fine-grained
access control. Sahai et al in 2005 [5], puts forward the
concept of encryption based on attribute (ABE) and
subsequently attracted more and more scholars to study of
the cipher system based on attribute. Literature [6] proposed
a hybrid privacy protection solutions, in which the privacy
information is encrypted based on the user attribute and
cloud service types.
In this paper, a database protection mechanism based on
attribute decomposition and encryption in cloud environment
is proposed. According to the relational schema dependency
set, the minimal encryption attribute set is obtained for the
attribute decomposition and expansion, and then the two
layer encryption is performed on each attribute field and a
whole attribute set.
II. DATA PROTECTION MODEL
A. Data Protection Constraint
The data tables in the database are represented by the
relational schema, that is, the data table can be represented
by the relational schema R(AI,A2,.'" An), AI, A2,.'" An
which is the attribute of the relational schema R . For the
database that is stored in plain text, a combination of single
or multiple attributes may result in data or privacy breaches.
So, to defme the data protection constraint on a relational
schema
Defmition 1:
(candidate key) let k be an attribute or attribute set of
the relation mode R , if meet k AI,
k An ' k as a candidate key for
relational schema R
In brief, the candidate key which the attribute or attribute
set that can be chosen as the primary key. When a
258
relationship has N attribute or attribute set can uniquely
identify, then it shows that the relationship has N candidate
key, which can be selected as the primary key. It generally
believed that the candidate key has play an important role in
the identification of records, therefore, any candidate key in
the fonn of the text may cause privacy or data leakage.
For example: Company employees tables outsourcing to
the cloud service provider, which responsible for the user's
query service and management and maintenance of the
database, the employees table model: emp (eno, ename, sex,
age, job, rank and salary, and hobby, disease)
In this relationship, the candidate key is: eno, in addition
to the dependence of the relationship pattern candidate key,
there are also the following constraints:
Case a: For the company, even if eno not explicitly
appear, and the relationship between job, rank, salary
will lead to the company's salary strategy infonnation
disclosure, to the company in the competition of
human resources in adverse, so Gob, rank,salary) is a
data protection constraint
Case b: For the employees, job, rank and salary,
Case d: If an attribute value rarely, such as: the value
of attribute disease is concentrated in the range of
several, through the data of disease distribution
analysis, can be obtained the conclusion that
employees of the company are mainly suffering from
HIV, cancer.
Case e:If meet the above situation 1 and some value of
the disease have large proportion, such as value of
cancer occur frequently, through analysis of the data
distribution can obtained the conclusion that
employees engaged in the work of this company higher
probability suffering from cancer.
Case f: When the attribute set have a complete
functional dependency, analysis the data values
distribution of these attributes may also lead to
infonnation leakage, for example the case mentioned
above, the salary function completely dependent Gob,
rank). So the company's salary infonnation can be
obtained by analyzing the distribution of attribute
values.
c.ase c.
b---- -+--===:: case a

ease
disease are related to personal privacy, which cannot in
plaintext form with ename together appear in the eid b disease
outsourced database, so (ename, job, rank),(ename,
1011 mary 24 M salesman 2 4000 net play normal
salary) and (ename, disease )belong to the constraint of
data protection 1012 bob 27 F artisan 2 4500 net play cancer
Case c: Even if it is not clear eno, but the combination 1013 jim 35 F manager 2 6000 read normal
of sex, age, job, rank, hobby may also be the only one 1014 lily 31 M artisan 5000 net play cancer
to detennine the higher probability of an employee's 1015 hery 43 F manager 1 7000 net chat cancer
identity. For example, it can identify the identity of the 1016 jack 33 F salesman 1 4500 swim HIV
staff combined with the company's web site published
by the department staff profile and other public 1017 john 46 F anager 1 730i[) read Eancer)
information, resulting in data leakage. So (sex, age, job, case f case d .case e
rank, hobby) can also be considered as a data
protection constraint. Figure 1. The original table.
Defmition 2:
(Data protection constraint set) given a relational In view of the above three kinds of circumstances, it is
needed to extend these attributes to the data protection
schema R (A1 A2
.
, ,An), the set C = {cPc 2 , ...,c n } is a

constraint set.
data protection constraint set of relational schema R , Defmition 3:
when Vc i EC in)
(1 is a data protection constraint of (data protection constraint set extension) given a

relational schema R when

relational mode R(A1,A2,...,An). C = {Cpc 2 , ...,c n } is

VC"Cj EC(lin,ljn) there is a relation set of data protection constraint relation mode R, if
3A, E R distribution characteristics of case d and case e ,
ci cjand cj ci and easily lead to information leakage, and then extended
For the employees of the company infonnation
outsourcing database, the data protection constraint set of
{ Ai } to the relational schema R, the extension set
'
relational schema emp {(eno), (ename, job, rank), (name, {
c = c; , C , ,C,} is called data protection constraint
disease), (name, salary)}
extension set of C for relational schema R, if and only if
B. Data Protection Constraint set Extension '
Vc;,< E c (1 <= i,j <= t,i *' j), there is a
In order to prevent the information leakage for the illegal ! , , ,

users analysis the distribution of the data values stored in the
cloud environment in plain text fonnat,. In this paper, will
consider the following three kinds of data distribution lead to
information leakage:
relationshipc, c:L Cj /\ Cj c:L c,.
C. Minimum Encryption Attribute Decomposition
In order to prevent the illegal user to obtain relevant
information can be decomposed relationship mode into two

259
parts by the attribute decomposition, and encrypted attribute record r is j , the block number of the field is t . The first i i
data values of any part, makes all the attributes of the data
protection constraint set are not simultaneously in the result field is represented as ri,) ,ri,) , the block is represented as
of not being encrypted. This not only simplified the
encryption operation, also reduce the time complexity.
ri,),S (1 <= s <= ti) so there is
Defmition 4: I,
(attribute decomposition) given a relationship mode L.. r ',j>,S (1 <= i <= m ,1 <= J' <= d) . The number
r,O,j> = '"'
R(AI,A2,...,An) and data protection constraint set s='
of data blocks is valued according to the size of the field. If
C = {c"c2,...,cn} , U is set the attributes of C , the field occupies a larger space, it is necessary to block
M=(MI ,M2) is the attribute set of relational schema storage t, >1.
The security level for user and the security level for each
R after decomposition (M, as an encrypted attribute, M 2
field in minimal attribute set of database relational tables is
as an non-encrypted attribute, and there the following independent of each other, the user's security level is only
relation: M, n M2 <l> /\ determined, the security level of the attribute fields in
relational tables each are not identical. When the user's
M, U M2 = R , (1 :::;, i:::;, n ) , ci M 2
\lei E C security level is higher than the security level of all the
According to the above cases, attributes decomposed into attribute fields in the table, the user can access the field data
M=(M"MJ correctly.
Assuming the minimal set of a relational table
M I ={eno,ename,job,sex} , M 2 =(age,rank,salary,disease),
is {r'k ,r2k ,...,rnk }, which 1 <=kpk2,...,kn <=d ,
The M 2 does not contain any of the data protection
, I , 2 , 11

the user's security level to access the record is I , there must

constraints of all attributes, so you can achieve the protection
of the data through encryption. Due to the need to encrypted be I <=k, (l <=i <= m )
the values of all attribute in attributes set M, after attribute Encryption process is divided into two steps as follows:
Step1: encryption for each member of the minimal set of
decomposition, encryption technology continues to progress
relational table,
today, reduce the encryption and decryption computation is
to reduce the encryption and decryption of attribute value
ki Ii
number, especially in the case of a large number of data in (1) Ki,k, = TITI P"v,s
the cloud environment, the number of attributes down to v=' s='
minimal factorization is our goal.
k, k,
Defmition 5:
(minimum encryption attribute decomposition) given a
1
bi,k"s= (Kl,k, ITIP"v,s)- modTI P"v,s
relational schema R(A"A2,...,An) and data protection v=1 v=1
constraint setC = {cPc2,...,cn} , U which is the attribute
set C , M=(M, ,MJ which is a minimal encryption ej,kj)s
attribute decomposition of R , that is, there is no other
v=1
attribute decomposition M'=(M, ',M2') meet
(1 <= s <= tj,1 <= 1 <= m)

I MI'I<I M2'I ';

(2) Ci,k, = Lei,k S,r"k S modK"k, (1 <=i <= m )

III. SCHEME DESIGN OF HOMOMORPHIC ENCRYPTION " "s='
ACCESS CONTROL POLICY BASED ON ATTRIBUTE

The scheme not only aims to encryption protection value Step2: then encryption for the whole minimal set of
of the minimum attribute set of table records, at the same attributes of this record.
time, access control for user division level, in other words, to m m k{ Ii
ensure that the high level users can access the low level data (l)K = TIKi,k, = TITITI PlY,S
and low level user can not access high level data. i=' i=' v=' s='
Assume that a relational table R(A"A2,...,An) has the
minimum attribute set of total m field, d security level (1-
d to identify a security level, the highest security level of 1,
marking the lowest security level of d). Assume that the
security level of the first i field in minimum attribute of a

260
 11/ [3] R.Rivest, L.Adleman and MDertousos, On Data Backs and Brivacy
Homomorphisms[C]. In Foundations of Secure Computation,
(2)C L ej,kjCj,kj mod K(l <= 1 <= m) 1978,21(2),169-I80
i=1
[4] T. Jung, x.Y. Li, Z. Wan, et ai. Privacy preserving cloud data
access with muitiauthorities [C]. INFOCOM, 2013 Proceedings
The process of decryption and encryption is precisely by IEEE, 2013: 2625-2633.
contraries. It is divided into two steps: [5] A. Sahai, B. Waters. Fuzzy identity-based encryption [M].
First, decryption for the entire minimal set of records Advances in Cryptology EUROCRYPT 2005. Springer Berlin
Heidelberg, 2005: 457-473.
attributes of this record, and then decryption for each
member of the minimal set of relational table. The [6] Y. Ji, J.Tan, H. Liu, et ai. A privacy protection method based on CP
ABE and KP-ABE for cloud computing [J]. Journal of Software,
decryption process is done by a user with a security level of 2014, 9(6): 1367-1375.
I (l<=ki). [7] Kruitz R L,Vines R D,Cloud security:a comprehensive guide to
secure cloud computing[M], Indianapolis,IN,Wiley
Publishing,20 10,358
IV. CONCLUSIONS
[8] [EB/OL ].http://www.searchcIoudcomputing.com.cn/shwcontent_644
According to the characteristics of the cloud environment I 8.h-tm,20 I2
database, this paper combines the attribute decomposition [9] Wang Qian,Zhu Zhi-xiang,Shi Chen-Yu,et aI.Encryption and
and homomorphic encryption of the storage , which can decryption engine system applying to database security and
guarantee that, any privacy implications data is not in the detection[J].Computer Technology and Development,2014,24(1):143-
form of plain text which in the database stored under the 146

cloud environment, at the same time using the minimal
attribute decomposition, which not only consider to reduce
the privacy issues which the data distribution lead to, but
also can minimized the number of encrypt and decrypt
attribute fields, and reducing the amount of computation for
encryption and decryption, and then use the two layer
homomorphic encryption such as the field value of the
minimum attribute set homomorphic encryption and the
whole attribute set homomorphic encryption .Through the
above method which Can effectively prevent unauthorized
users and attackers to do unauthorized access for database
under the cloud environment, so as to protecting the privacy
data.
Acknowledgment
Scientific research project of Guangdong University of
Science & Technology, number: GKY-2015KYYB-20
REFERENCES
[I] Zhu Qin,Yu Shou-jian,Le Jia-jin, Research on Security Mechanisms
of Outsourced Databasep].Computer Science,2007,34(2):152-156(in
Chinse)
[2] Toosi A N,Calheiros R N,Rajkumar B,lnterconnected cloud
computing environments;challenges,taxonomy,and surveyU],ACM
Computing Surveys,2014,47(1),1-47
[10] Carlo Curino,Evan RC,Jones,Raluca Ada Popa,Nirmesh
Malviya.Relational Cloud:A Database-as-a-Service for the
Cloud[R].CIDR2011,201I.
[11] Boneh D,Boyen X.Efficient selective Identity-Based encryption
without random oracIes[J]. J.Cryptology,2011,24(4),659-693
[I2] Boldyreva A,Chenette N,Lee Y,et aI.Order-preserving symmetric
encryption [C]//Proc of the 28th Annual International Conference on
the Theory and Applications of Cryptographic
Techniques(EUROCRYPT).2009:224-24I.
[13] X. Liu, H. Zhu, J. Ma, et ai. Key-policy weighted attribute based
encryption for fine-grained access control [C]. Communications
Workshops (ICC), 2014 IEEE International Conference on, IEEE,
2014: 694-699.
[14] R. Zhang, P. S. Chen. A dynamic cryptographic access control
scheme in cloud storage services [J]. Journal of Information
Processing and Management, 2013, 4(1): 104-111.
[15] Z. Lv, M. Zhang, D. Feng. Cryptographic access control scheme
for cloud storage [J]. Jisuanji Kexue yu Tansuo, 201I, 5(9): 835-844.
[I6] Pengxu Tan, Yue Chen, Chaoling Li et ai. Stream Regeneration with
Regnerating Codes for the Fault-Tolerant of Cloud StoragefA].
Porceedings of the 2th International Conference on Business
Computing and Global Informatization[C]. Shanghai, China, 2012:
735-738.
[I7] M. Nabeel, N. Shang, E. Bertino. Privacy preserving policy
based content sharing in public clouds Pl. Knowledge and Data
Engineering, IEEE Transactions on, 2013, 25(11): 2602-2614.

261