Querying Over Encrypted Databases and Flexible Access Control Using Advanced Encryption Adjustment Policies


Almarwani, Maryam (2023) Querying Over Encrypted Databases and Flexible Access Control Using Advanced Encryption Adjustment Policies. PhD thesis, University of Liverpool.

[img] Text
201323930_PApril2023.pdf - Author Accepted Manuscript
Access to this file is embargoed until 1 August 2027.
Download (6MB)

Abstract

Security, especially data privacy, is a major barrier to using outsourced servers. Recent security breaches have shown that a stronger protection mechanism is required to keep data private from curious administrators. Prior efforts to address this security issue have been either unfeasibly slow or operationally limited. While most protection efforts are focused on relational databases, additional security measures are still lacking. However, the growing number of online users and the popularity of Web 2.0 have led to storage issues and limitations of traditional relational databases, which have led to a preference for non-relational databases. Non-relational databases lack security features, although there have been some basic attempts to address confidentiality. This thesis proposes the Secure Document DataBase (SDDB) framework, which uses a proxy to protect outsourced databases and ensure user authentication and authorisation. This thesis’s framework is based on the CryptDB concept and Ciphertext Policy Attributes-Based Encryption. This framework allows many users to access a single data owner’s encrypted data in an outsourced document database. This is to protect an outsourced database’s privacy from internal attacks (i.e., an honest-but-curious administrator) and external attacks (i.e., unauthorised users) and ensures access control at the database level. A framework secures data querying using multi-layer encryption and adjustment policies, resulting in three major novelties. First, under multi-layer encryption, a new secure data querying method, Ciphertext Policy Attributes Based Encryption (CP-ABE), has been used to validate database-level data access control. Second, under adjustment policies, Release-Aware In-Out Encryption Adjustment (RAEA) has been developed to provide a trade-off between security and performance during query execution. RAEA is a dynamic query execution technique for conjunctive queries that adjusts in two directions: inward and outward adjustments. Third, under adjustment policies, sorted criteria, and an update-aware adjustments policies are developed to address information disclosed and communication rounds during query execution. To achieve the thesis’s objective, we built a prototype on top of MongoDB that employs all adjustment policies in JSON format to analyse performance and security. The proposed policies were tested using datasets produced on either local or cloud-based database servers. The produced datasets were used to assess the scalability of the proposed policies by examining the runtime as data size increased and database server types. Security was measured by comparing the information revealed by the proposed policies with each other and with that of simple encryption adjustment from related work. Performance was majorly measured through runtime for i-iii terms: (i) decryption data for inward direction; (ii) re-encryption data for outward direction; and (iii) communication between proxy and database. Security and performance were evaluated by comparing the proposed policies with each other and to that of simple encryption adjustment through runtime for i-iii terms and the information revealed for security. The evaluations indicated that, when compared to simple adjustments, the proposed policies reduced execution time, reduced communication rounds, enhanced performance, and ensured maximum security in terms of data leakage. They are effective for scalability data and can be used with any relational or non-relational databases.

Item Type: Thesis (PhD)
Divisions: Faculty of Science and Engineering > School of Electrical Engineering, Electronics and Computer Science
Depositing User: Symplectic Admin
Date Deposited: 29 Aug 2023 15:11
Last Modified: 29 Aug 2023 15:11
DOI: 10.17638/03169804
Supervisors:
  • Lisitsa, Alexei
  • Konev, Boris
URI: https://livrepository.liverpool.ac.uk/id/eprint/3169804
Dimensions
Altmetric
CORE (COnnecting REpositories)