CFP last date
22 April 2024
Reseach Article

Applicability of Homomorphic Encryption and CryptDB in Social and Business Applications: Securing Data Stored on the Third Party Servers while Processing through Applications

by Kurra Mallaiah, S. Ramachandram
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 100 - Number 1
Year of Publication: 2014
Authors: Kurra Mallaiah, S. Ramachandram
10.5120/17487-7999

Kurra Mallaiah, S. Ramachandram . Applicability of Homomorphic Encryption and CryptDB in Social and Business Applications: Securing Data Stored on the Third Party Servers while Processing through Applications. International Journal of Computer Applications. 100, 1 ( August 2014), 5-19. DOI=10.5120/17487-7999

@article{ 10.5120/17487-7999,
author = { Kurra Mallaiah, S. Ramachandram },
title = { Applicability of Homomorphic Encryption and CryptDB in Social and Business Applications: Securing Data Stored on the Third Party Servers while Processing through Applications },
journal = { International Journal of Computer Applications },
issue_date = { August 2014 },
volume = { 100 },
number = { 1 },
month = { August },
year = { 2014 },
issn = { 0975-8887 },
pages = { 5-19 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume100/number1/17487-7999/ },
doi = { 10.5120/17487-7999 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:28:47.151930+05:30
%A Kurra Mallaiah
%A S. Ramachandram
%T Applicability of Homomorphic Encryption and CryptDB in Social and Business Applications: Securing Data Stored on the Third Party Servers while Processing through Applications
%J International Journal of Computer Applications
%@ 0975-8887
%V 100
%N 1
%P 5-19
%D 2014
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Confidentiality in third party services like cloud computing has become a major concern. IT industry and government organizations are very serious about security factor in cloud computing, because its usage has reached all the way from a common man having a mobile phone to large scale business enterprises. In this paper, we present security threats in social and business applications accessing the data stored in cloud computing scenario. Also, we critically discuss homomorphic encryption and CryptDB schemes which are applicable to protect data from malicious third party service environments (cloud computing) and also from insiders for these applications. We also present empirical results of partial homomorpic encryption algorithms over one lakh 10-digit numbers, using Linux virtual machine on VirtualBox, VMPlayer and KVM. The result for four algorithms (namely Paillier, ElGamal, RSA and Benaloh) as performed on the above four different platforms are computed to show their respective overhead values as compared to plain data operations. In case of Paillier Algorithm the overhead is 17, 15, 22 and 12 times for addition operation and 278, 399,518 and 346 times for multiplication operation respectively. Similarly, in case of Elgamal algorithm 1. 72, 1. 6, 11. 7 and 8. 9 times for multiplication operation; in case of RSA algorithm 1. 79, 1. 5, 3. 48 and 1. 5 times for multiplication operation and in case of Benaloh algorithm is 5. 6, 5. 36, 5. 48 and 3. 5 times for addition operation respectively. These performances clearly indicate that these algorithms are quite feasible enough to be used in context of social and business applications by third party service providers

References
  1. http://www. homelandsecuritynewswire. com /databreaches-Compromise-nearly-8-million-medicalrecords: Data breaches compromise nearly 8 million medical records, published 1 June 2011
  2. http://en. m. wikipedia. org/wiki/PlayStation_Network_outage: Playstation Network outage.
  3. Carlos Aguilar Melchor and Philippe Gaborit, Javier Herranz, Additively Homomorphic Encryption with d-Operand Multiplications. CRYPTO 2010, pp. 138-154, 2010.
  4. Ivan Damgard, Mads Jurik: A Generalisation, a Simplification and Some Applications of Paillier's Probabilistic Public-Key System Public Key Cryptography 2001:119-136
  5. Raluca Ada Popa,Catherine M. S. Redfield,Nickolai Zeldovich,and Hari Balakrishnan," CryptDB: Protecting Confidentiality with Encrypted Query Processing", SOSP'11, October 23-26, 2011, Cascais, Portugal
  6. Yin Hu, A Dissertation on"Improving the Efficiency of Homomorphic Encryption Schemes", May 2013
  7. http://en. wikipedia. org/wiki/sidechannelattack
  8. R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120126,1978.
  9. T. Okamoto and S. Uchiyama. A New Public-Key Cryptosystem as Secure as Factoring. Eurocrypt 08, LNCS 1403,pp. 308-318,1998
  10. http://go. worldbank. org/M1JHE0Z280 (extracted on 18. 08. 2008)
  11. Brenner, M. , Wiebelitz, J. , von Voigt, G. , Smith, M. : Secret program execution in the cloud applying homomorphic encryption. In: Proceedings of the 5th IEEE International Conference on Digital Ecosystems and Technologies Conference (DEST),pp. 114-119. IEEE (2011)
  12. Breuer, P. T. , Bowen, J. P. :Typed assembler for a RISC crypto-processor. In:Barthe, G. ,Livshits,B. ,Scandariato,R. (eds. ) ESSoS 2012. LNCS,vol. 7159,pp. 22-29. Springer, Heidelberg (2012)
  13. Nektarios Georgios Tsoutsos and MichailManiatakos, "Investigating the Application of One Instruction Set Computing for Encrypted Data Computation",in proceeding of SPACE 2013 ,Lecture Notes in Computer ScienceVolume 8204, 2013, pp21-37
  14. Halevi,S. ,Shoup, V. :Design and implementation of a homomorphic-encryption library (2012)
  15. Brakerski, Z. , Gentry, C. , Vaikuntanathan, V. :(Leveled) fully homomorphic encryption without bootstrapping. In:Proceedings of the 3rd Innovations in Theoretical Computer Science Conference, pp. 309-325. ACM(2012)
  16. Ron Rivest, Leonard Adleman,and Michael L. Dertouzos. On data banks and privacyhomomorphisms. In Foundations of Secure Computation,pages 169-180,1978.
  17. Craig Gentry. Fully homomorphic encryption using ideal lattices. In STOC, pages169-178, 2009.
  18. T. El Gamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory, IT 31(4):469472, July 1985
  19. Marten van Dijk, Craig Gentry, ShaiHalevi, and Vinod Vaikuntanathan. Fully homomorphic encryption over the integers. In EUROCRYPT, pages 24-43, 2010.
  20. Nigel P. Smart and FrederikVercauteren. Fully homomorphic encryption with relatively small key and ciphertext sizes. In Public Key Cryptography-PKC'10, volume6056 of Lecture Notes in Computer Science, pages 420-443. Springer,2010.
  21. Craig Gentry and ShaiHalevi. Implementing gentry's fully-homomorphic encryption scheme. In EUROCRYPT, volume 6632 of Lecture Notes in Computer Science, pages129-148. Springer,2011.
  22. Jean-S ebastienCoron,AvradipMandal,David Naccache, and Mehdi Tibouchi. Fullyhomomorphic encryption over the integers with shorter public keys. In CRYPTO,pages 487-504,2011.
  23. ZvikaBrakerski and VinodVaikuntanathan. Fully homomorphic encryption from ring-LWE and security for key dependent messages. In CRYPTO, volume 6841, page 501, 2011.
  24. ZvikaBrakerski and VinodVaikuntanathan. Efficient fully homomorphic encryption from (standard) LWE. In FOCS,pages 97-106,2011. References are to full version: http://eprint. iacr. org/2011/344.
  25. Craig Gentry and ShaiHalevi. Fully homomorphic encryption without squashing using Depth-3 arithmetic circuits. In FOCS,pages 107-109,2011.
  26. ZvikaBrakerski, Craig Gentry, and VinodVaikuntanathan. Fully homomorphic encryption without bootstrapping. In Innovations in Theoretical Computer Science (ITCS'12), 2012. Available at http://eprint. iacr. org/2011/277.
  27. Jean-S ÌA?ebastienCoron, David Naccache, andMehdi Tibouchi. Public key compression and modulus switching for fully homomorphic encryption over the integers. In Advances in Cryptology-EUROCRYPT 2012, volume 7237 of Lecture Notes in Computer Science, pages 446- 464. Springer, 2012.
  28. Craig Gentry, ShaiHalevi, and Nigel P. Smart. Fully homomorphic encryption with polylog overhead. In EUROCRYPT, pages 465-482,2012.
  29. Craig Gentry, ShaiHalevi, and Nigel P. Smart. Homomorphic evaluation of the aes circuit. In CRYPTO, pages 850-867,2012.
  30. Adriana L opez-Alt, EranTromer, and VinodVaikuntanathan. On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In STOC, pages 1219-1234, 2012.
  31. ZvikaBrakerski. Fully homomorphic encryption without modulus switching from classical gapsvp. In CRYPTO, pages 868-886, 2012.
  32. LinkedIn passwords leaked by hackers:http://www. bbc. co. uk/news/technology-18338956
  33. Matt Bishop and DavidWagner,"Inside Risks",November 2007/Vol. 50,No. 11 COMMUNICATIONS OF THE ACM
  34. http://en. wikipedia. org/wiki Information_privacy,retrieved 28 Feb 2009.
  35. http//en. wikipedia. org/wiki/Personally_identifiable_information,retrieved 28 Feb 2009.
  36. Google,Inc. User data requests-Google transparency report,Sept. 2013. (http: // www. google. com /transparencyreport/userdatarequests/ retrieved 28 Feb 2009. )
  37. "Report of the Defense Science Board Task Force on High Performance Microchip Supply," Defense Science Board, US DoD, Feb. 2005; http://www. acq. osd. mil/dsb/reports/2005-02-HPMS_Report_Final. pdf
  38. J. Lieberman, National Security Aspects of the Global Migration of the U. S. Semiconductor Industry, white paper, Airland Subcommittee, US Senate Armed Services Committee,June Applicability of Homomorphic Encryption and CryptDB in Social and Business Applications 15 2003;Referenceshttp:// lieberman. senate. gov / documents/whitepapers/semiconductor. pdf
  39. S. Adee, "the Hunt for the Kill Switch,"IEEE Spectrum,vol. 45,no. 5,2008,pp. 34-39.
  40. Innovation at RiskIntellectual Property Challenges and Opportunities,white paper, Semiconductor Equipment and Materials International, June 2008.
  41. C. Gentry,"A fully homomorphic encryption scheme," PhD thesis, Stanford University, 2009.
  42. Josh Benaloh,Dense Probabilistic Encryption,SAC 94, pages 120-128, 1994.
  43. S. Goldwasser, S. Micali, Probabilistic Encryption,J. Comp. Sys. Sci. ,28,pp. 270-299,1984.
  44. https://hcrypt. com/scarab-library/
  45. "Parents: Cyber Bullying Led to Teen's Suicide: Megan Meier's Parents Now Want Measures to Protect Children Online". ABC News 29 November 2007.
  46. Halderman,J. A. and Schoen,S. D. and Heninger, N. and Clarkson,W. and Paul,W. and Calandrino, J. A. and Feldman, A. J. and Appelbaum,J. and Felten,E. W. LestWe Remember: Cold Boot Attacks on Encryption Keys Proc. 2008 USENIX Security Symposium
  47. AcÄ´siÂÿcmez,O. and Ko. c,C. and Seifert, J. P. Predictingsecret keys via branch prediction Topics in Cryptology- CT-RSA 2007, Springer,2007
  48. Craig Gentry and ShaiHalevi,Implementing Gentry's fully-homomorphic encryption scheme,Advances in Cryptology-EUROCRYPT 2011,pp. 129-148,2011
  49. D. Naccache, J. Stern. A New Public Key Cryptosystem Based on Higher Residues. Proceedings of the 5th ACM CCS, pages 59-66, 1998.
  50. "Social Network Users Statistics," http://www. socialnomics. net/2011/08/16/socialnetwork usersstatistics.
  51. http://www. mobilecloudcomputingforum. com
  52. P. Paillier. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In Advances in Cryptology - Eurocrypt'99, LNCS vol. 1592, Springer, 1997, pages 223-238.
  53. Taesoo Kim1, Marcus Peinado2, Gloria Mainar- Ruiz3:1. MIT CSAIL, 2. Microsoft Research,3. Microsoft Research,STEALTHMEM: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud.
  54. P. Paillier, Trapdooring discrete logarithms on elliptic curves over rings, ASIACRYPT 2000, LNCS 1976,pp. 573-584. 2000.
  55. A. Kawachi, K. Tanaka,K. Xagawa. Multi-bit cryptosystems based on lattice problems. PKC '07, pp. 315-329.
  56. http://www. verizonenterprise. com/DBIR
  57. SalehAlshomrani and ShahzadQamar,"Cloud Based E-Government:Benefits and Challenges", INTERNATIONAL JOURNAL OF MULTIDISCIPLINARY SCIENCES AND ENGINEERING, VOL. 4,NO. 6, JULY 2013.
  58. About Zero Day Exploits (http:// netsecurity. about. com/od/newsandeditorial1/a/aazeroday. htm) Netsecurity. about. com. 2010-11-11. Retrieved 2012-01- 08.
  59. J. Tudor Web application vulnerability statistics, June 2013. http://www. contextis. com/files/Web_Application_Vulnerability_Statistics_-_June_2013. pdf.
  60. D. Borelli. The name Edward Snowden should be sending shivers up CEO spines. Forbes, Sept. 2
  61. A. Chen. GCreep: Google engineer stalked teens,spied on chats. Gawker,Sept. 2010. http:gawker. com/5637234/
Index Terms

Computer Science
Information Sciences

Keywords

Homomorphic encryption CryptDB Cloud Computing security Social and Business applications