اسم الباحث :
Eman ALhakeem Dr .Fuad ALyrimi
Abstract – cloud computing include Database-as-a-Service that allow a massive amount of data to be stored on the cloud, with minimum investment, and lower maintenance cost. Due this the development and the growth data, data owner prefer to remotely outsource their data to cloud, which can avoid the local data management and decrease the local hardware cost. But some sensitive data, such as personal healthcare information and personal property information, must be encrypted firstly and then outsourced to the cloud. This can protect sensitive information. But encryption schemes, such as AES can be used against an untrusted cloud provider, or an adversary, those schemes add additional computation overheads. Also the outsource encrypted data to cloud can increase the difficulty of the data retrieval, because data owner or unauthorized users can’t search correctly the data they need, and also it is impractical to download all of the data to local side from the cloud, which will result in huge communication an computation overhead. Any solution or scheme that guarantees privacy must also guarantee the quick data retrieval. In this paper, survey on data privacy preservation schemes in cloud provides. Keywords: Privacy, Cloud, Data Security, Database, Data Storage. Cloud computing provides flexible storage resources over the Internet based on pay-per-use model. It enables users to scale their storage on- demand. However, cloud providers are not fully trusted by the users, and are vulnerable to users’ data privacy violation by the cloud provider[1]. To protect the data, the data can be encrypted and then outsource into the cloud [2], but this will result in a difficulty of data retrieval, and add additional computation overheads[1]. Recently, some novel search schemes are proposed to deal this problem, we summarized these schemes. Mehdi et al. proposed an efficient light-weight schema to stores scrambled data with minimal computation overheads in the database [1]. The author describes the Algorithm the insert procedure in the proposed schema that uses a user’s key and the input record to insert data into SecureDB. The author suggestion can be used the proposed method in CryptDB system to reduce AES encryption overheads. The experimental results show that the proposed schema provides efficient performance . Achieves privacy without employing encryption techniques. This schema Reduces the computation overheads. Keke et al. proposed a novel data encryption approach, named as Dynamic Data Encryption Strategy (D2ES) [3]. The proposed approach aims to selectively encrypt data using privacy classification methods under timing constraints. This approach is designed to maximize the privacy protection by using a selective encryption strategy. This approach Reduces response time . The privacy was less than the optimal solutions. Yongge Wang. designed a Belief Propagation (BP) - Xor codes [4]. Technique of (BP) decoding process is used with Low Density Pair Check (LDPC) and with Luby Transform (LT) codes [9], [10]. It is used for sharing secrets. privacy preserving data distribution schemes which permits computation over encrypted texts but difficult to prevent collusion attacks. The evaluated to the Performance is better, Because this scheme is based on XOR operation. This work has reduced computation overheads and Achieves privacy and reliability. Joseph et al. designed a fine grained two factor authentication access control system for the computing services based on web [5]. Attribute based access control scheme is designed by taking secret key and a device. This scheme supports a fine grained attribute based access control. Mediated cryptography was designed for the immediate revocation of public keys. A Security Mediator (SEM) model is designed based on this cryptography. But it gives a pressure that this SEM always stay to perform any transactions. Modified version of this model designed as security mediated certificate less cryptography. In this system, user has secret key, public key, identity, and signing algorithm. Secret key and SEM model are also needed. It solves the revocation problems. User is anonymous to this model. So it leads to a security issue. Key insulated cryptography is used to store long term keys in a secured device and short term signatures in unsecured device. All users are needed to update the key for every time and the device is requested to do this task . Performance analysis and security analysis are performed. It enables a security system model to provide privacy support for the data. It always requires the device to ensure the privacy. So it is not effective under different cloud services storage mechanism. Haifaa et al . proposed a multi-level licensing framework (M2LF) [6]. to accommodate the protection of sensitive data . This framework consists of three levels authorization, security and privacy and saves and verifies level. Data is secured using the anonymity process which is harder to decrypt. The evaluation of the framework provide protection guarantees, practical scalability and usability. Jingwei et al . proposed a privacy-preserving STorage and REtrieval (STRE) mechanism that not only ensures security and privacy but also provides reliability guarantees for the outsourced searchable encrypted data [7]. The STRE builds with inverted index, to enable efficient keyword search. The STRE enables the cloud users to distribute and search their encrypted data across multiple independent clouds managed by different cloud service providers (CSPs). The author evaluated the STRE mechanism on Amazon using a real world dataset and the experiment results, the largest overhead of this proposed mechanism compared with the classical approaches is communication time. This is because increasing the number of CSPs implies adding data redundancy. STRE guarantees Reliability. STRE largest communication time overhead and increase data redundancy. Mohammed et al. proposed a scheme for protecting the privacy and integrity of spatial data [8]. The proposed technique suggests a new index structure to support answering range query over encrypted data set. The proposed indexing scheme is based on the Z-curve. The proposed technique is to divide the multidimensional space into small buckets, each with small spatial objects that can be retrieved later without the need to know the coordinates of the data points. This scheme is Reduces data redundancy. Ming-quan et al. proposed an Elliptic Curve Cryptography (ECC) scheme to secure encryption [11]. The proposed scheme based homomorphic encryption scheme. the security of proposed method is based on publickey mechanism. The author performed experiments to ECC with RSA&Paillier encryption algorithm with different plaintexts sizes. The experimental results show that the proposed schema gives better performance compare to RSA&Paillier in terms of computation cost and communication consumption. This scheme is proved excellent encryption effect and high security and reduced computation and communication cost. Yulin et al. proposed a mechanism that combines data deduplication with dynamic data operations in the privacy-preserving public auditing for secure cloud storage [12]. This mechanism reduce storage space and upload bandwidth. The analysis of security and performance shows that the proposed mechanism is highly efficient and provably secure. Geeta et al. proposed a system to secure all kind of private data [13]. Three technique is used For user authentication Text , Graphical Password and captcha technique. The author used a Third Party Auditor(TPA) to partitions a file into two parts and also generates meta-data. used proxy to store them . The digital signature use SHA-1 algorithm for each partition. The author used AES Encryption /Decryption algorithm and algorithm (RSA) to created private and public keys. So, this is increase computation time. Mithun et al. proposed a “Good Enough” method for data anonymization [14]. The proposed technique based on the techniques used in HIPAA anonymization process and combined with hash function. The Data is earmarked before obfuscation using a hash function, whose secret key rests with the data owner. The Data is spread across multiple cloud providers, reducing the possibility of a privacy breach due to a data spill from any single provider. Ximeng et al. proposed a new efficient and privacy preserving outsourced calculation framework with multiple keys EPOM [15]. The proposed framework is designed to allow different data providers to securely outsource their data with their own public key, and for a cloud server to process the multi-key encryption data. The author proposed a new cryptographic primitive, Distributed Two Trapdoors Public-Key Cryptosystem (DT-PKC), to reduce both key management cost and private key exposure risk. Author also built toolkits to perform privacy preserving calculations to handle commonly used integer operations in a privacy preserving way. The proposed framework is closely related to the work in [16], where closely two servers are used to process the encrypted data under multiple keys. This proposed is reduce key management cost. The evaluations for this framework is sufficiently efficient for a real-world deployment. Imad et al. proposed a multi-authority scheme with semi-outsourced decryption (MABE-SOD) for efficient secure and privacy preserving data access control [17]. The author included a proxy-decryption server which will carry out most of the decryption process for the users. Each user has a set of attributes that describes his access privileges and a unique ID. This scheme achieved a encryption efficiency and the decrease of the decryption overhead. (MABE-SOD) show a slight increase in the encryption overhead. T.Subha et al. proposed a solution to protect the privacy of a user data from active adversaries [18]. The author provided a technique to sign the data using digital signature algorithm in association with certificates. This scheme established a secure authentication channel between trusted third party auditor(TTPA) and cloud server while sending and receiving challenges and responses by using a session key. The proposed scheme is proved to be secure against active adversary. Achieve an effective and privacy preserving cloud data sharing scheme with semi outsourced decryption. The scheme able to detect the changes in the stored data. This proposal is Increases communication cost. Xiangqiang et al. proposed a privacy-aware framework on hybrid clouds to guarantee data privacy by segregating the sensitive data from the rest, and processing the sensitive data on the private cloud only [19]. This framework using a big data application, and the experimental results show that the privacy-aware framework successfully enables data sensitivity protection while providing good performance. Jin et al. proposed a Key-Policy Attribute-Based Broadcast Encryption scheme (KP-ABBE) which uses double encryption process using both attribute-based encryption and broadcast encryption system [20]. Constant-size public parameters is achieved by imposing no limit on the size of attribute sets used for encryption and has a large attribute universe. Po-Wen et al. proposed a deniable CP-ABE scheme to build an audit-free cloud storage service [21]. Achieves user privacy in implementing the fake user secrets and convince them to use secrets by proposing a new cloud storage encryption scheme. Baojiang et al. proposed the novel concept of key-aggregate searchable encryption (KASE) and construct a concrete KASE scheme [22]. Addresses the issues in privacy-preserving data sharing which allocates the single key to the client while sharing huge number of documents. Later, the user submits a single trapdoor when all the documents inquired by the owner. The evaluation results for this work provide an effective solution to building practical data sharing system based on public cloud storage. KASE cannot be applied in the federated clouds directly. Cong et al. proposed a privacy-preserving public auditing system for data storage security in cloud computing uses homomorphic encryption scheme [23]. Elliptic Curve Cryptography (ECC) is used to encrypt the data and shared with the TPA. ECC provides efficient that leads to fast computation time, power reduction. ECC is used to save the storage and bandwidth. Shulan et al. redesigned an attribute-based data sharing scheme in cloud computing [24]. The improved key issuing protocol was presented to resolve the key escrow problem. It enhances data confidentiality and privacy in cloud system against the managers of KA (key authority) and CSP as well as malicious system outsiders, where KA and CSP are semi-trusted. Confidentiality in data and privacy is achieved. High efficiency and security of this scheme. Cloud computing gives many advantages like storage security, increase storage space and reduce storage cost. The data storage and retrieval increased day by day. So, the cloud needs to be secured to provide a reliable service delivery and to ensure the privacy of data. This paper mainly concentrates on privacy issues and also exposure about the different techniques used in existing cloud environments.
سنة النشر :
2017
ملخص البحث :
1- INTRODUCTION[1]
2- PRIVACY PRESERVATION SCHEMES
3- CONCLUSION
