Candidate
Abdel Maguid Tawakol
Title
Using Shamir Secret Sharing Scheme and Symmetric Key Encryption to Achieve Data Privacy in Databases
Supervisor
Gordon Agnew
Abstract
The Internet has become an essential tool for communication and information access, and with growing demand, new challenges and usage continue to surface. A complimentary tool that came to exist in recent years is Cloud Computing - an economical solution that serves as an alternative to owning and running computing facilities. While cloud computing has many advantages, there are a number of issues that hamper the adoption of cloud computing. Some of the major concerns, can be classified into one of the following groups: traditional security, availability, and third-party data control. The first set of concerns, revolve around security threats that can expose clients’ private data. The second set of concerns, revolve around the compromise of the operation of the applications in the cloud. Finally, the last set of concerns involve the legal implications of data and applications being held by a third party. Different solutions exist to deal with traditional security, availability, and third-party data control, separately, but one way to handle traditional security, and third-party data control, is through data encryption. The client has to take responsibility for ensuring that the data is setup in such a way, that even if the cloud service provider is compromised, or has a malicious intent, it is not able to get anything from the customer’s data. Of course, encrypting the data introduces limitations, with varying tradeoffs for different systems. In this work, we use Shamir’s Secret Sharing Scheme and a symmetric key cryptographic system (AES) to encrypt data at a field level, such that it can be stored in the cloud without compromising data privacy. Using Shamir’s Secret Sharing Scheme to encrypt numeric field values, gives us the ability to perform efficient addition, subtraction, and multiplication on the encrypted numeric field values. We explore two different ways of using Shamir Secret Sharing Scheme and AES, and discuss the advantages and disadvantages of each. We then propose, and complete, a software implementation for the proposed system. The implementation is used in order to compare execution time, memory usage, and bandwidth usage, to the plaintext and MySQL encrypted versions of the database. Analyzing the benchmarks, we can see how the performance varies for different query types when run on tables with different number of records and field types – giving the reader an idea about the cost and tradeoffs of the system.