A Comparative Study for the Evaluation of

Methodologies in the Context of Cloud Security

Vincenzo De Angelis

Supervisor: Prof. Francesco Buccafurri

Co-Supervisor: Ing. Antonino Nocera

University of Reggio Calabria

October 18, 2017

Vincenzo De Angelis (UNIRC) October 18, 2017 1 / 18

Contents

1 Introduction to query integrity problem

2 State-of-the-art

3 A new technique for efficient insertion

4 Performance comparison

5 Conclusion

Vincenzo De Angelis (UNIRC) October 18, 2017 2 / 18

Cloud computing

Cloud Computing is a set of technologies that allow the users to store,

share and process their data or computer processing resources on servers
distributed over the Internet.
Vincenzo De Angelis (UNIRC) October 18, 2017 3 / 18
Query integrity problem

The result of query has to guarantee three proprieties:

Completeness: All tuples involved in the queries have to be returned.
Correctness: The tuples returned by Cloud have not to be corrupted.
Freshness: The newest version of tuples have to be returned.

Vincenzo De Angelis (UNIRC) October 18, 2017 4 / 18

Case scenario

The considered scenario involves three actors:

Data owner: that owns the data, submits queries and verifies query
integrity.
Sensors: that periodically, with high frequency, capture some
information (such as temperature or humidity) and store it into
database.
Cloud server: that receives queries by Data owner and returns the
result to this latter.

Vincenzo De Angelis (UNIRC) October 18, 2017 5 / 18

Case scenario

The considered scenario involves three actors:

Data owner: that owns the data, submits queries and verifies query
integrity.
Sensors: that periodically, with high frequency, capture some
information (such as temperature or humidity) and store it into
database.
Cloud server: that receives queries by Data owner and returns the
result to this latter.

Problem: Sensors may have limited computation power and battery saving
become a critical factor.

Vincenzo De Angelis (UNIRC) October 18, 2017 5 / 18

Graphical representation of scenario

Vincenzo De Angelis (UNIRC) October 18, 2017 6 / 18

Merkle Hash tree

Vincenzo De Angelis (UNIRC) October 18, 2017 7 / 18

Merkle Hash tree

Vincenzo De Angelis (UNIRC) October 18, 2017 7 / 18

Merkle Hash tree

Vincenzo De Angelis (UNIRC) October 18, 2017 7 / 18

State-of-the-art:Problem

Problem:The MT based techniques present good performance in verifying

query integrity but they require a update of the tree when a sensor inserts
a new tuple.

Vincenzo De Angelis (UNIRC) October 18, 2017 8 / 18

State-of-the-art:Problem

Problem:The MT based techniques present good performance in verifying

query integrity but they require a update of the tree when a sensor inserts
a new tuple.
Thus, It is necessary to find a new technique for range query integrity
which more efficient on insertion than the state-of-the art techniques and
that presents also good performance in verifying query integrity.

Vincenzo De Angelis (UNIRC) October 18, 2017 8 / 18

A new technique for efficient insertion
Idea:to organize the tuples of database in a chain and to split it in time
buckets.
We introduce dummy tuples called markers that define the head and the
tail of the buckets. They are pre added to the database and are known by
all actors involved in our scenario.
The link between two elements (tuples or markers) in the chain is built by
applying the HMAC function on the concatenation between two adjacent
elements.
To verify integrity, the database has to return a the buckets that include
the tuples and the markers involved in the query.

F. Buccafurri, G. Lax, S. Nicolazzo, and A. Nocera, Range Query Integrity

in Cloud Data Streams with Efficient Insertion, Proc. of the 15th
International Conference on Cryptology and Network Security (CANS
2016), November 14-16 2016, Springer, pp 719-724.
Vincenzo De Angelis (UNIRC) October 18, 2017 9 / 18
Example of chain

Vincenzo De Angelis (UNIRC) October 18, 2017 10 / 18

Example of chain

Vincenzo De Angelis (UNIRC) October 18, 2017 10 / 18

Example of chain

Vincenzo De Angelis (UNIRC) October 18, 2017 10 / 18

Insertion and Integrity verification protocols

Insertion protocol
The sensor inserts a new tuple at the tail of the chain, computes the
HMAC of the last inserted tuple (or the last marker) and stores it into the
database.

Integrity verification protocol

Starting from the first marker, the data owner verifies the chain link by
iteratively computing the MAC attribute of each element and comparing it
with the value returned by the cloud.

Since the sensors insert in tail, the insertion requires a little (constant)
number of operations and it does not require to update the entire chain.

Vincenzo De Angelis (UNIRC) October 18, 2017 11 / 18

Insertion and Integrity verification protocols

Insertion protocol
The sensor inserts a new tuple at the tail of the chain, computes the
HMAC of the last inserted tuple (or the last marker) and stores it into the
database.

Integrity verification protocol

Starting from the first marker, the data owner verifies the chain link by
iteratively computing the MAC attribute of each element and comparing it
with the value returned by the cloud.

Since the sensors insert in tail, the insertion requires a little (constant)
number of operations and it does not require to update the entire chain.
What about verification cost?

Vincenzo De Angelis (UNIRC) October 18, 2017 11 / 18

Performance comparison-Computational cost

Cost of MT based algorithm

k|x| b
CM.T = + −1
l |x|

Cost of CANS algorithm

2|x| + t b g + |x| + t k|x|z
CCANS = (2 + )(k + 2 ) + (2 + )
l |x|z l b

Vincenzo De Angelis (UNIRC) October 18, 2017 12 / 18

Performance comparison-Cost vs tuple size

106
10

6
Cost

z=3000
3

2
z=30000

1
0 20 40 60 80 100 120 140 160 180 200
|x|(Kybte)

CANS is more efficient than MT with little tuples!

Vincenzo De Angelis (UNIRC) October 18, 2017 13 / 18
Performance comparison-Cost vs number of buckets

108
2.5

k=50000

1.5
Cost

1
k=25000

0.5
k=10000

k=1000
0
0 1 2 3 4 5 6 7 8 9 10
z 104

Vincenzo De Angelis (UNIRC) October 18, 2017 14 / 18

Performance comparison-Optimal value of z

104
2.5

1.5
Zop

0.5

0
0 1 2 3 4 5 6 7 8 9 10
k 104

Optimal value of z
q
b 2|x|+2l+t
Zop = |x| 2 k(|x|+2l+2t)

Vincenzo De Angelis (UNIRC) October 18, 2017 15 / 18

Performance comparison-Spatial efficiency vs scale

0.99
z=131072

0.98

0.97

0.96

0.95

0.94

0.93
0 50 100 150 200 250 300 350 400
X min

Vincenzo De Angelis (UNIRC) October 18, 2017 16 / 18

Conclusion

CANS M.T.
Insertion Very Efficient Not Efficient
Verification Efficient Efficient
Spatial efficiency ≥ 90% ' 100%
Figure: Comparison between CANS and M.T. considering a scenario with little
tuples.

Vincenzo De Angelis (UNIRC) October 18, 2017 17 / 18

 A Comparative Study for the Evaluation of
Methodologies in the Context of Cloud Security

Vincenzo De Angelis

Supervisor: Prof. Francesco Buccafurri

Co-Supervisor: Ing. Antonino Nocera

University of Reggio Calabria

October 18, 2017

Vincenzo De Angelis (UNIRC) October 18, 2017 18 / 18