Criptografía en bases de datos en cloud computing.
Palabras clave:
Computación en la nube, criptografía, homomorfismo, seguridad, bases de datosResumen
Los responsables de informática de las empresas que están pensando migrar sus sistemas de cómputo a la nube tienen
sus reservas con respecto a la seguridad y la confiabilidad de los servicios basados en la nube, éstos aún no están plenamente
convencidos de que entregar datos sensibles de las empresas o de sus clientes sea buena idea, en este contexto el uso de los sistemas de
cifrado, y en especial los esquemas de cifrado homomórficos son de gran utilidad, ya que las operaciones realizadas en el proveedor
cloud se realizan con la información cifrada, brindando así un nivel de confiabilidad y seguridad a las bases de datos frente a posibles
ataques tanto internos como externos en el cloud computing. En el presente trabajo se propone un esquema para proteger los diferentes
atributos de la información (confidencialidad, integridad y autenticación) almacenada en una BD en el Cloud.
Referencias
Zhang Q., Cheng L., Boutaba R.: Cloud computing: State of the art and research challenges. Journal of Internet Services and applications 1, 7-18 (2010)
Sosinsky, B.: Cloud Computing Bible. Wiley Publishing, Indianapolis (2011)
Menezes, A. J., Van Oorschot, P. C., Vanstone S. A.: Handbook of Applied Cryptography. Series: Discrete Mathematics and Its Applications. CRC Press (1996)
Limbek, R., Sziklai, P.: Privacy homomorphisms. Scientific Association for Infocommunications, vol. 6 pp. 37-42 (2004)
Akinwande, M.: Advances in homomorphic cryptosystems. Journal of Universal Computer Science, vol. 15, pp. 506–522 (2009)
Rivest, R., Adleman, L. and Dertouzos, M.: On data banks and privacy homomorphisms. Foundations of Secure Computation. pp. 169 - 177, Academic Press (1978)
Elgamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory, vol. 31, pp. 469-472 (1985)
Paillier, P: Public-key cryptosystems based on composite degree residuosity classes. Advances in Cryptology EUROCRYPT’99, of LNCS, vol. 1592 pp. 223-238. Springer, Verlag (1999)
Damgard, I., Jurik, M.: A Length-Flexible Threshold Cryptosystem with Applications. In: Proceedings of the 8th Australasian Conference on Information Security and Privacy (ACISP 2003), LNCS 2727, Springer, New York, USA (2003)
Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the 41st annual symposium on Theory of computing, pp. 169–178. ACM press, New York (2009)
Burke, J., McDonald, J. Austin, T.: Architectural support for fast symmetric-key cryptography. In: Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, Cambridge, MA, USA, pp. 178-89. (2000)
Blake-Wilson, S.: Information security, mathematics, and public-key cryptography. Designs, Codes and Cryptography, vol. 19, pp. 77-99. (2000)
Freier, A., Karlton, P. and Kocher, P.: The SSL Protocol Version 3.0, Internet. (1996)
Dierks, T. and Allen, C.: The TLS Protocol - Version 1.0, Internet. (1997)
Hacigümüs, H., Hore, B., Iyer, B., Mehrotra, S.: Search on Encrypted Data. In :Secure Data Management in Decentralized Systems. vol. 33, pp 383-425. Springer US. (2007)
Song, D., Wagner, D., Perrig, A.: Practical Techniques for Search on Encrypted Data. In: Security and Privacy Proceedings. IEEE Symposium on, pp.44-55. (2000)
Chang, Y., Mitzenmacher, M.: Privacy preserving keyword searches on remote encrypted data. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) Applied Cryptography and Network Security. LNCS, vol. 3531, pp. 391-421. Springer, Heidelberg (2005)
Golle, P., Staddon, J., Waters, B.: Secure conjunctive keyword search over encrypted data. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) Applied Cryptography and Network Security. LNCS, vol. 3089, pp. 31-45. Springer, Heidelberg (2004)
Hacigümüs, H.: Privacy in Database-as-a-Service Model. Ph.D. Thesis, Department of Information and Computer Science, University of California, Irvine, 2003.
Bouganim, L. and Pucheral, P.: Chip-Secured Data Access: Confidential Data on Untrusted Servers. In: Proceedings of the 28th Very Large Data Bases Conference, pp. 131-142. Morgan Kaufmann, Hong Kong, China (2002)
Hacigümüs, H., Iyer, B. and Mehrotra, S.: Encrypted Database Integrity in Database Service Provider Model. In: Database Service Provider Model. Certification and Security in E-Services pp. 165-174 (2002)
Hore, B., Mehrotra, S., Tsudik, G.: A Privacy-Preserving Index for Range Queries. In: Proceedings of the Thirtieth international conference on Very Large Data Bases, vol. 30 pp. 720-731 Toronto, Canada (2004)
Goldwasser, S., Micali, S.: Probabilistic Encryption & How To Play Mental Poker Keeping Secret All Partial. Computing pp. 365-377. (1982)
Boneh, D., Goh, E. J., Nissim, K.: Evaluating 2-DNF formulas on ciphertexts. In: Kilian, J. (ed.) Theory of Cryptography. LNCS, vol. 3378, pp. 325–341. Springer, Heidelberg (2005)
Gentry, C.: Toward basing fully homomorphic encryption on worst-case hardness. In: Rabin, T. Advances in Cryptology–CRYPTO 2010, LNCS, pp. 116–137. Springer, Heidelberg (2010)
Rappe, D. K.: Homomorphic Cryptosystems and their Applications. Thesis, Cryptology ePrint Archive, Report (2006)
Davida, G. I., Wells, D. L., Kam, J. B.: A database encryption system with subkeys. ACM Trans. Database Syst. vol. 6, pp.312-328 (1981)
He, J., Wang, M.: Cryptography and relational database management systems. In: Database Engineering & Applications, International Symposium on. pp. 273-284. IEEE press (2001)
Vingralek, R. Gnatdb: A small-footprint, secure database system. In: VLDB, pp. 884–893 Morgan Kaufmann, (2002)
Bouganim, L., Pucheral, P.: Chip-secured data access: Confidential data on untrusted servers. In: Proceedings of the 28th international conference on Very Large Data Bases, pp. 131–142. (2002)
Hacigümüs, H., Iyer, B. andMehrotra, S.: Providing Database as a Service. In: Data Engineering Proceedings. 18th International Conference on, pp. 29-38. (2002)
Harrington, A., Jensen, C. D.: Cryptographic Access Control in a Distributed File System. In: Proceedings of the eighth ACM symposium on Access control models and technologies. pp. 158-165 (2003)
Hacigümüş H, Iyer B, Mehrotra S.: Efficient execution of aggregation queries over encrypted relational databases. In: Lee, Y. Li, J., Whang, K., Lee, D. (eds.) Database Systems for Advanced Applications. LNCS, vol. 2973, pp.125-36. (2004)
Iyer, B., Mehrotra, S., Mykletun, E., Tsudik, G. and Wu, Y.: A framework for efficient storage security in RDMS. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) Advances in Database Technology - EDBT 2004. LNCS, vol. 2992, pp. 627-628. Springer, Heidelberg (2004)
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Srivastava, U., Thomas, D., Xu, Y.: Two Can Keep a Secret: A Distributed Architecture for Secure Database Services. In: Proc. of CIDR (2005)
Wang, Z., Dai, J., Wang, W., Shi, B.: Fast Query Over Encrypted Character Data in Database. In: Zhang, J., He, J.H., Fu, Y. (eds.) Computational and Information Science. LNCS, vol. 3314, pp. 1027-1033. Springer, Heidelberg (2005)
Chung, S. S., Ozsoyoglu, G.: Anti-Tamper Databases: Processing Aggregate Queries over Encrypted Databases. In: Data Engineering Workshops, 22nd International Conference on, pp. 98. (2006)
Wang, Z., Wang, W., Shi, B.: Storage and Query over Encrypted Character and Numerical Data in Database. Computer and Information Technology. The Fifth International Conference on, pp.77-81. (2005)
Mykletun, E. and Tsudik, G.: Aggregation Queries in the Database-As-a-Service Model. In: Damiani, E., Liu, P. (eds.) Data and Applications Security XX. LNCS, vol. 4127, pp. 89-103. Springer, Heidelberg (2006)
Evdokimov, S. and Günther, O.: Encryption Techniques for Secure Database Outsourcing. In: Biskup, J., López, J. (eds.) Computer Security – ESORICS 2007. LNCS, vol. 4734, pp. 327-342. (2007)
Sanka, S., Hota, C., Rajarajan, M.: Secure data access in cloud computing. In: Internet Multimedia Services Architecture and Application (IMSAA). IEEE 4th International Conference on, pp.1-6, 15-17 (2010)
Yan, S. Y. and Maple, C.: On-Line Database Encryption and Authentication. In: Tan, H.(ed.). Technology for Education and Learning.Advances in Intelligent and Soft Computing. vol. 136, pp. 363-370. Springer, Heidelberg (2012)
General Services Administration. Agency Office of the Director of National Intelligence “Security and Privacy Assurance Research" https://www.fbo.gov [Accessed: 17-Jul-2012].
Technology, “Programming Computation on Encrypted Data y abreviado PROCEED,” http://www.grants.gov [Accessed: 17-Jul-2012].
Cloutage - Open Security Foundation, http://cloutage.org/. [Accessed: 26-Mar-2012].
Hacigümüs, H., Iyer, B., Li, C. and Mehrotra, S.: Executing SQL over encrypted data in the database-service-provider model. In: Proceedings of the ACM SIGMOD international conference on Management of data. (2002)
Kamara, S., Lauter, K.: Cryptographic Cloud Storage. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J., Sako, K., Sebé, F. (eds.) Financial Cryptography and Data Security. LNCS, pp. 136-149. Springer-Verlag (2010)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Order preserving encryption for numeric data. In: Proceedings of the 2004 ACM SIGMOD international conference on Management of data, pp. 563–574. (2004)
Boldyreva, A., Chenette, N., Lee, Y, O'Neill, A.: Order-preserving symmetric Encryption. In Advances in Cryptology- Eurocrypt 2009 Proceedings, (2009)
Descargas
Publicado
Cómo citar
Número
Sección
Descargas
Licencia
La revista ofrece acceso abierto bajo una Licencia Creative Commons Attibution License
Esta obra está bajo una licencia Creative Commons Attribution (CC BY 4.0).