Secure SQL with access control for database as a service model

Abstract

Rapid growth of internet and networking technology emerges "Software as a service model". In this model, application service providers (ASP) provides each functionality of software over internet. ASP provides access of software to users on internet. However, large data of a great number of users may raise problem of storage at ASP site. Database as a service model is more appropriate model for ASPs. This model allows all privileges of database to its users over internet. ASPs can store their large data on database provider. Database provider serves each functionality of database over network. However, this model raises problems of confidentiality of data. Confidential data of users are stored at untrusted database provider. Theft of sensitive data is possible at database provider site. An outside attacker can attack on database provider and snoops confidential data. Curious or malicious database administrator can also steal sensitive data. We studied present encryption schemes which provide confidentiality to database as a service model. First we studied scheme of Hakan, et al.[6], which provides security by storing encrypted form of whole tuple in database. However, this scheme results more computation at ASP site. Second scheme, CryptDB[7] does not have this problem. CryptDB provides security by encrypting data with different encryption methods. However, this scheme removes randomness of such cipher texts which do not need randomness removal. This issue results equality relation leakage and order relation leakage of cipher texts. We focused on solving these limitations and providing more secure scheme. We proposed solution to limitations of CryptDB. For that, ASP partitions attributes and encrypts each partition with different key. This solution makes sure by removing randomness from appropriate partition which contains such cipher texts (which need randomness removal). Cipher texts of other partition are secured with randomness. We elaborated all schemes with examples. We listed analysis of proposed solution to issue of CryptDB. We gave security proofs for our proposed solution. We also implemented a module of this scheme.