Security Analysis on One-to-Many OrderPreserving Encryption Based Cloud Datasearch
Abstract
For ranked search in encrypted cloud data, order preserving encryption (OPE) is an efficient tool to encrypt relevance scores of the inverted index. When using deterministic OPE, the ciphertexts will reveal the distribution of relevance scores. Therefore, Wang et al. proposed a probabilistic OPE, called One-to-Many OPE, for applications of searchable encryption, which can flatten the distribution of the plaintexts.In this paper, we proposed a differential attack on One-to-Many OPE by exploiting the differences of the ordered ciphertexts.The experimental results show that the cloud server can get a good estimate of the distribution of relevance scores by a differential attack. Furthermore, when having some background information on the outsourced documents, the cloud server can accurately infer the encrypted keywords by using the estimated distributions.
Existing System:
We have proposed, implemented and evaluated an initiative data prefetching approach on the storage servers for distributed file systems, which can be employed as a backend storage system in a cloud environment that may have certain resource-limited client machines.To be specific, the storage servers are capable of predicting future disk I/O access to guide fetching data in advance after analyzing the existing logs, and then they proactively push the prefetched data to relevant client file systems for satisfying future applications’ requests. For the purpose of effectively modeling disk I/O access patterns and accurately forwarding the prefetched data.
PROPOSED SYSTEM:
Furthermore, the cloud server may identify what the encrypted keywords are by using the estimated distributions and some background knowledge. On the other hand, some methods can be used to resist the proposed attack. One is to improve the One-to-Many OPE itself. For instance, we can divide plaintexts having the same value into several sets and divide the corresponding bucket into several sub-buckets. By mapping each plaintext set into one sub- bucket, some new change points will appear in the differential attack, which will cover up the original distribution of plaintexts. Another possible method is to add noise into the inverted index by adding some dummy documents IDs and keywords, and forging corresponding relevance scores. In our future work, we will elaborate these ideas to design secure methods of probabilistic OPE and schemes for search in encrypted data.
ADVANTAGE:
In ranked search of encrypted cloud data, probabilistic OPE is needed to preserve the order of relevance scores and conceal their distributions at the same time. One-to-Many OPE is a scheme designed for such a purpose.
However, in this paper, we demonstrate that the cloud server can estimate the distribution of relevance scores by change point analysis on the differences of ciphertexts of One-to-Many OPE
MODULE DESCRIPTION
MODULE
Home
Searching Module
Cryptography
Encryption and Decryption Module
File Sharing
MODULE DESCRIPTION
Home
Distributed file systems for mobile clouds. Moreover many studies about the storage systems for cloud environments that enable mobile client devices have been published. A new mobile distributed file system called mobile. DFS has been proposed and implemented in which aims to reduce computing in mobile devices by transferring computing requirements to servers. Hyrax, which is a infrastructure derived from Hadoop support cloud computing on mobile devices. But Hadoopis designed for general distributed computing, and the client machines are assumed to be traditional computers. In short, neither of related work targets at the clouds that have certain resource-limited client machines, for yielding attractive performance enhancements.
Searching Module
In practice, to realize effective data retrieval on large amount of documents, it is necessary to perform relevance ranking on the results. Ranked search can also gnificantly reduce network traffic by sending back only the most relevant data. Inranked search, the ranking function plays an important role in calculating the relevance between files and the given searching query. The most popular relevance score is defined based on the model of , where term frequency is the number of times a term (keyword) appears in a file and inverse document requency (IDF) is the ratio of the total number of files to the number of files containing the term. There are many variations of -based ranking functions, and in [16], the following one is adopted. ScoreHerein, w denotes the keyword and denotes the TF of term w in file denotes IDF whereis the number of files that contain term w and is the total number of documents in the collection; and is the number of indexed terms containing in filethe length
Cryptography Module
OPE is a symmetric cryptosystem, so it is also called order-preserving symmetric encryption (OPSE). The orderpreserving property means that if the plaintexts have such a relationship as then the corresponding ciphertexts and satisfy. Boldyreva et al. initiated the cryptographic study ofOPE schemes, and they defined the security of an OPE scheme using the ideal object. Note that any order-preserving function g from domain D Ng can be uniquely defined by a combinationof M out of N ordered items. The ideal object is just a function that is randomly selected from all rder-preserving functions, which is called a random order-preserving function (ROPF). bucket is determined by a binary search based on a random HGD sampler. In , the procedure of binary search is described as Algorithm 1, where is a random coin generator.
Encryption and Decryption Module
Filebench which allows generating.A large variety of workloads to assess the performance of storage systems. Besides, Filebench is quite flexible and enables to minutely specify a collection of applications, such as mail, web, file, and database servers .We chose Filebench as one of benchmarks, as it has been widely used to evaluate file systems by emulating a variety of several server-like applications. I Ozone, which is a micro-benchmark that evaluates the performance of a file system by employing a collectionoads with regular patterns, such as sequential, random, reverse order, and strided That is why we utilized it to measure read data throughput of the file systems with various prefetching schemes, when the workload have different access patterns.
File Sharing Module
Applications of privacypreserving keyword search, if a deterministis used to encrypt relevance scores, the ciphertexts will share exactly the same distribution as its plain counterpart, by which the server can specify the keywords. Therefore, Wang et al. modified the original OPE to a probabilistic one, called “One-to-Many OPE”. For a given plaintext “One-to-Many OPE” first employs Algorithm 1 to select a bucket for m, and then randomly chooses a value in the bucket as the Ciphertext. The randomly choosing procedure in the bucket is seeded by the unique file IDs together with the plaintext m, and thus the same relevance score in the Inverted Index will be encrypted as different ciphertexts. The encryption process of “One-to- Many OPE” is described in Algorithm. which is also illustrated in Picture.
ALGORITHM:
1. RSA Algorithm.
2. Binary searching Algorithm.
SYSTEM SPECIFICATION
Hardware Requirements:
•System: Pentium IV 2.4 GHz.
•Hard Disk : 40 GB.
•Floppy Drive: 1.44 Mb.
•Monitor : 14’ Colour Monitor.
•Mouse: Optical Mouse.
•Ram : 512 Mb.
Software Requirements:
•Operating system : Windows 7 Ultimate.
•Coding Language: ASP.Net with C#
•Front-End: Visual Studio 2010 Professional.
•Data Base: SQL Server 2008.