Security Analysis on One-to-Many Order Preserving Encryption
advertisement
Security Analysis on One-to-Many Order Preserving Encryption Based Cloud Data search Abstract For ranked search in encrypted cloud data, order preserving encryption (OPE) is an efficient tool to encrypt relevance scores of the inverted index. When using deterministic OPE, the ciphertexts will reveal the distribution of relevance scores. Therefore, Wang et al. proposed a probabilistic OPE, called One-to-Many OPE, for applications of searchable encryption, which can flatten the distribution of the plaintexts.In this paper, we proposed a differential attack on One-to-Many OPE by exploiting the differences of the ordered ciphertexts.The experimental results show that the cloud server can get a good estimate of the distribution of relevance scores by a differential attack. Furthermore, when having some background information on the outsourced documents, the cloud server can accurately infer the encrypted keywords by using the estimated distributions. Existing System: We have proposed, implemented and evaluated an initiative data prefetching approach on the storage servers for distributed file systems, which can be employed as a backend storage system in a cloud environment that may have certain resource-limited client machines.To be specific, the storage servers are capable of predicting future disk I/O access to guide fetching data in advance after analyzing the existing logs, and then they proactively push the prefetched data to relevant client file systems for satisfying future applications’ requests. For the purpose of effectively modeling disk I/O access patterns and accurately forwarding the prefetched data. PROPOSED SYSTEM: Furthermore, the cloud server may identify what the encrypted keywords are by using the estimated distributions and some background knowledge. On the other hand, some methods can be used to resist the proposed attack. One is to improve the One-to-Many OPE itself. For instance, we can divide plaintexts having the same value into several sets and divide the corresponding bucket into several subbuckets. By mapping each plaintext set into one sub- bucket, some new change points will appear in the differential attack, which will cover up the original distribution of plaintexts. Another possible method is to add noise into the inverted index by adding some dummy documents IDs and keywords, and forging corresponding relevance scores. In our future work, we will elaborate these ideas to design secure methods of probabilistic OPE and schemes for search in encrypted data. ADVANTAGE: In ranked search of encrypted cloud data, probabilistic OPE is needed to preserve the order of relevance scores and conceal their distributions at the same time. Oneto-Many OPE is a scheme designed for such a purpose. However, in this paper, we demonstrate that the cloud server can estimate the distribution of relevance scores by change point analysis on the differences of ciphertexts of One-to-Many OPE MODULE DESCRIPTION MODULE Home Searching Module Cryptography Encryption and Decryption Module File Sharing MODULE DESCRIPTION Home Distributed file systems for mobile clouds. Moreover many studies about the storage systems for cloud environments that enable mobile client devices have been published. A new mobile distributed file system called mobile. DFS has been proposed and implemented in which aims to reduce computing in mobile devices by transferring computing requirements to servers. Hyrax, which is a infrastructure derived from Hadoop support cloud computing on mobile devices. But Hadoopis designed for general distributed computing, and the client machines are assumed to be traditional computers. In short, neither of related work targets at the clouds that have certain resource-limited client machines, for yielding attractive performance enhancements. Searching Module In practice, to realize effective data retrieval on large amount of documents, it is necessary to perform relevance ranking on the results. Ranked search can also gnificantly reduce network traffic by sending back only the most relevant data. In ranked search, the ranking function plays an important role in calculating the relevance between files and the given searching query. The most popular relevance score is defined based on the model of , where term frequency is the number of times a term (keyword) appears in a file and inverse document requency (IDF) is the ratio of the total number of files to the number of files containing the term. There are many variations of -based ranking functions, and in [16], the following one is adopted. Score Herein, w denotes the keyword and denotes the TF of term w in file denotes IDF where is the number of files that contain term w and is the total number of documents in the collection; and is the number of indexed terms containing in file the length Cryptography Module OPE is a symmetric cryptosystem, so it is also called order-preserving symmetric encryption (OPSE). The order preserving property means that if the plaintexts have such a relationship as then the corresponding ciphertexts and satisfy. Boldyreva et al. initiated the cryptographic study of OPE schemes, and they defined the security of an OPE scheme using the ideal object. Note that any order-preserving function g from domain D Ng can be uniquely defined by a combination of M out of N ordered items. The ideal object is just a function that is randomly selected from all rder-preserving functions, which is called a random order-preserving function (ROPF). bucket is determined by a binary search based on a random HGD sampler. In , the procedure of binary search is described as Algorithm 1, where is a random coin generator. Encryption and Decryption Module Filebench which allows generating.A large variety of workloads to assess the performance of storage systems. Besides, Filebench is quite flexible and enables to minutely specify a collection of applications, such as mail, web, file, and database servers .We chose Filebench as one of benchmarks, as it has been widely used to evaluate file systems by emulating a variety of several server-like applications. I Ozone, which is a microbenchmark that evaluates the performance of a file system by employing a collection oads with regular patterns, such as sequential, random, reverse order, and strided That is why we utilized it to measure read data throughput of the file systems with various prefetching schemes, when the workload have different access patterns. File Sharing Module Applications of privacy preserving keyword search, if a deterministis used to encrypt relevance scores, the ciphertexts will share exactly the same distribution as its plain counterpart, by which the server can specify the keywords. Therefore, Wang et al. modified the original OPE to a probabilistic one, called “One-to-Many OPE”. For a given plaintext “One-to-Many OPE” first employs Algorithm 1 to select a bucket for m, and then randomly chooses a value in the bucket as the Ciphertext. The randomly choosing procedure in the bucket is seeded by the unique file IDs together with the plaintext m, and thus the same relevance score in the Inverted Index will be encrypted as different ciphertexts. The encryption process of “One-to- Many OPE” is described in Algorithm. which is also illustrated in Picture. ALGORITHM: 1. RSA Algorithm. 2. Binary searching Algorithm. OPE ALGORITHM: Order preserving Encryption: Binary searching algorithm. SYSTEM SPECIFICATION Hardware Requirements: • System : Pentium IV 2.4 GHz. • Hard Disk : 40 GB. • Floppy Drive : 1.44 Mb. • Monitor : 14’ Colour Monitor. • Mouse : Optical Mouse. • Ram : 512 Mb. Software Requirements: • Operating system : Windows 7 Ultimate. • Coding Language : ASP.Net with C# • Front-End : Visual Studio 2010 Professional. • Data Base : SQL Server 2008.
