INTRODUCTION

The amount of sensitive information held by organizations’ databases is increasing very quickly and these data have to be protected from unauthorized uses.

Overview

The management of large databases is quite expensive, as it needs not only storage capacity, but also skilled personnel. An emerging solution to this problem is represented by database outsourcing, that is, delegating database management to a third party. In such a solution, called database as a service (DAS), an organization’s database is stored at an external service provider that should provide mechanisms for clients to access the outsourced databases. The main advantage of the outsourcing solution is twofold. First, it provides significant cost savings and service benefits. Second, it promises higher availability and more effective disaster protection than in-house operations. The main problem is that sensitive data become stored on a site that is not under the data owner’s direct control. Therefore, data confidentiality and even integrity can be at risk.

In many contexts, confidentiality and integrity managed by meaning of encryption. By encrypting the data, the user can be sure that nobody, except him/her, can read the data. However, a trivial solution that asks the database to store only encrypted information does not work, because it leaves the external service unable to support selective access. Since confidentiality demands that data decryption must be possible only at the client side, techniques are needed to enable external servers to execute queries on encrypted data, otherwise all the relations involved in a query would have to be send to the client for query execution.

Problem Statement

The storage of keys separating from the storage of data is again a challenging objective. In case, any malicious attacker (insider or outsider) compromises a database server that hosts cryptographic keys and encrypted data, a breach of confidentiality of critical data becomes a high potential threat. Therefore, the keys should never be hosted along with sensitive data like it was explain in the DAS scenario. The user or user’s authorized trusted entities but not an administrator of third-party database service should manage the cryptographic keys. Therefore, the key management while using the third-party services has become a thrust research problem in industry and government. According to Verizon PCI Compliance Report (PCIR), about 42% organizations have trouble implementing a proper encryption key management strategy to keep information safe. Experts say, proper cryptographic key management is becoming more important than encryption itself. Therefore, encryption keys represent "the keys to the kingdom," if someone has access to the cryptographic key; he/she has access to the most sensitive data in the organization, also user data transferred to the cloud in plaintext which make it easy to be intercepted and attacked. In the other end the cloud owner can expose and view that data. Proper cryptographic key management is a requirement for compliance also a way to keep user data safe and encrypted, the moment when it transferred to the cloud.

Existing Systems

The key management solutions proposed for cloud-based databases in the DAS are storing the required encryption/decryption keys in the system. CryptDB inspires us, a proxy based system, which supports operations on encrypted data at the database server side using SQL aware encryption algorithms with all required encryption keys stored in proxy. Key management of CryptDB is based on chaining of password to the encryption key, which is used for encryption of data for that user also we make use of that in CareBud system with slice changes. Encryption key of each user is locked with password of that user and stored in the proxy. When user logs into the application with password, this password is used to unlock the encryption key stored in the proxy corresponding to that user.

The concept of key chaining to the password 5 ensure that data is accessed using only owner's encryption key and it is possible only to owner of that data when he/she logs into application using password. For shared data, CryptDB maintains a SPEAK-FOR relation.

Proposed solution

To overcome these stored key related issues and finding a solution for decreasing cryptographic operations, in this dissertation, we proposing a system with a solution for managing users’ crypto keys and control access to the resources in an application called CareBud. In this solutions, the required security mechanisms or policies are applied in the client-side to protect the sensitive data from malicious administrators or hackers before transmitting or storing it in any third-party cloud computing services. Also finding a solution for the data that extended after encryption which will consume a lot of storage units and processing time, which leads to a massive load on the organization network.

Project Objectives

1. To create a live solution and check the results on real life scenario.

2. To implement end to end secure solution that insure the integrity and privacy for the end users.

3. To encrypt user information on client-side application and transmit it to the cloud database in encrypted format.

4. To create crypto key when the user checks in which will be used for decrypting the received data from the cloud database, and that key will never be transmitted to the cloud.

5. To ensure that the encrypted data size remains the same as the plain data size, thus consume same database storage.

6. To provide secure access and sharing services for multi user’s data using key distribution in the client side and access control lists.

7. To allow doctors to access patient’s data and get notified if there are critical health reports, that reported using virtual smart watch.

8. To prevent users from decrypt other user data unless they have a relationship and authorization to see or interact with it.

9. To allow patients to add relatives so they can be informed about their daily health reports.