Study of the problem of ensuring security in the storage and processing of confidential data

We introduce an overview of modern approaches to cloud confidential data processing. A significant part of data warehouse and data processing systems is based on cloud services. Users and organizations consider such services as a service provider. This approach allows users to take benefit from all of these technologies: they do not need to purchase, install and maintain expensive equipment, they can access the data and the calculation results from any device. Such data processing on cloud services carries certain risks because one of the participants of the protocol for securing access to cloud data storage may be an adversary. This leads to the threat of confidential information leakage. The above approaches are intended for databases in which information is stored in the encrypted form and they allow to work in the familiar paradigm of SQL queries. Despite the advantages such approach has some limitations. It is necessary to choose an encryption method and to maintain a balance between the reliability of encryption and the set of requests required by users. In the case if users are not limited by the framework of SQL queries, we propose another way of implementation of cloud computing over confidential data using free software. It is based on lambda architecture combined with certain restrictions on allowed deductively safe database queries.

1. Huang C-T, Huan L, Qin Z, Yuan H, Zhou L, Varadharajan V, Jay Kuo C.-C. Survey on securing data storage in the cloud. APSIPA Transactions on Signal and Information Processing, vol. 3, 2014, article e7.

2. X.800: Security architecture for Open Systems Interconnection for CCITT applications. URL: https://www.itu.int/rec/T-REC-X.800-199103-I/en, accessed 25.12.2020.

3. Egorov M., Wilkison M. ZeroDB white paper. arXiv:1602.07168, 2016, 11 p.

4. Popa A., Redfield C., Zeldovich N., and Balakrishnan H. CryptDB: Protecting Confidentiality with Encrypted Query Processing. In Proc. of the Twenty-Third ACM Symposium on Operating Systems Principles, 2011, pp 85-100.

5. Felipe M.R., Mi Aung K.M., Ye X. and Yonggang W. StealthyCRM: A Secure Cloud CRM System Application that Supports Fully Homomorphic Database Encryption. International Conference on Cloud Computing Research and Innovation (ICCCRI), 2015, pp. 97-105.

6. Halevi S. HElib. URL: https://github.com/shaih/HElib, accessed 25.12.2020.

7. P. Paillier. Public-key cryptosystems based on composite degree residuosity classes. Lecture Notes in Computer Science, vol. 1592, 1999, pp. 223-238.

8. Song D. X., Wagner D., and Perrig A. Practical techniques for searches on encrypted data. In Proc. of the 21st IEEE Symposium on Security and Privacy, 2000, pp. 44-55.

9. Tu S., Kaashoek M. F.,Madden S., Zeldovich N. Processing Analytical Queries over Encrypted Data, Proceedings of the VLDB Endowment, vol. 6, no. 5, 2013, pp. 289-300.

10. Papadimitriou A., Bhagwan R., Chandran N., Ramjee R., Singh H., Modi A. Big Data Analytics over Encrypted Datasets with Seabed. In Proc. of the 12th USENIX conference on Operating Systems Design and Implementation, 2016, pp. 587–602

11. Poddar R., Boelter T., Popa A. Arx: An Encrypted Database using Semantically Secure Encryption. Proceedings of the VLDB Endowment, vol. 12, no. 11, 2019, pp. 1664-1678.

12. Варновский Н.П., Мартишин С.А., Храпченко М.В., Шокуров А.В. Методы пороговой криптографии для защиты облачных вычислений, Труды ИСП РАН, том 26, вып. 2, 2014 г., с. 269-274 / Varnovskij N.P., Martishin S.А., Khrapchenko M.V., Shokurov А.V. A Threshold Cryptosystem in Secure Cloud Computations. Trudy ISP RAN/Proc. ISP RAS, vol. 26, issue 2, 2014, pp. 269-274 (in Russian). DOI: 10.15514/ISPRAS-2014-26(2)-12.

13. Варновский Н.П., Мартишин С.А., Храпченко М.В., Шокуров А.В. Пороговые системы гомоморфного шифрования и защита информации в облачных вычислениях. Программирование, том 41, no. 4, 2015 г., стр. 47-51 / Secure cloud computing based on threshold homomorphic encryption. Varnovskiy N.P., Martishin S.A., Khrapchenko M.V., Shokurov A.V. Programming and Computer Software, vol. 41, no. 4, 2015, pp. 215-218.

14. Варновский Н.П., Захаров В.А., Шокуров А.В. К вопросу о существовании доказуемо стойких систем облачных вычислений. Вестник Московского университета. Сер. 15. Вычислительная математика и кибернетика, no. 2, 2016 г., стр. 32-45. / Varnovsky N.P., Zakharov V.A., Shokurov A.V. On the existence of provably secure cloud computing systems. Moscow University Computational Mathematics and Cybernetics, vol. 40, no. 2, 2016, pp. 83-88

15. Варновский Н.П., Захаров В.А., Шокуров А.В. О дедуктивной безопасности запросов к базам конфиденциальных данных в системе облачных вычислений. Вестник Московского университета. Серия 15: Вычислительная математика и кибернетика, no. 1, 2017 г., стр. 38-44 / Varnovsky N.P., Zakharov V.A., Shokurov A.V. On the deductive security of queries to confidential databases in cloud computing systems. Moscow University Computational Mathematics and Cybernetics, vol. 41, no. 1, 2017, pp. 38-43.

16. Мартишин С.А., Храпченко М.В. Организация облачных вычислений над конфиденциальными данными на СПО. Труды 15-й конференции «Свободное программное обеспечение в высшей школе», 2020 г.,. стр. 171-174 / Martishin S.A., Khrapchenko M.V. Organization of cloud computing over confidential data on open source software. In Proc/ of the 15th Conference on Free Software in Higher Education, 2020, pp. 171-174 (in Russian).