Claims:The scope of the invention is defined by the following claims:

Claim
1. A hybrid security scheme which is the combination of three sub schemes known as ML-HES, E-ECDH and HE-DD. With all these sub schemes, the hybrid scheme protects big data when it is at rest, when it is in transit and when it is being processed. The scheme supports different formats of big data such as structured, unstructured and semi-structured.
(a) ML-HES is the scheme that supports encoding and decoding. It provides better security than individual cryptographic primitives like AES as it has multiple layers of protection. Even in the presence of quantum computing machines, hacking this scheme is highly difficult.
(b) E-ECDH which is part of the current invention serves as asymmetric scheme for key sharing with high level of security. It has no provision for encryption and decryption. Instead it supports any encryption and decryption mechanisms to use the key sharing process.
(c) E-ECDH prevents attacks like man in the middle, replay and pre-computation. It is an extension to ECDH that is based on elliptic curves. Thus it is made lightweight.
2. As per claim 1, A prototype built with MapReduce programming paradigm provides required proof of the concept. The hybrid scheme has provision for higher level of security with data encoding, decoding, key sharing and dealing with relational data with support for data dynamics.
3. As per claim 1,The integrated hybrid scheme is realized with the three sub schemes. It is capable of protecting big data and has support for all kinds of data.
4. As per claim 1,The invention is suitable for cloud computing platforms where security is provided to all kinds of operations and thus the invention can be improved to make an out of the box solution. It also helps cyber security professionals, academia, scientists and researchers. , Description:Field of Invention
This invention relates to a novel and hybrid security scheme to protect big data in cloud computing. The invention is for ensuring big data security when the data is at rest, when the data is in transit and when the data is being analysed. It helps Cloud Service Providers (CSPs) to have comprehensive security to the data stored in their infrastructure as it can prevent internal and external attacks. The existing lightweight cryptography primitives such as Advanced Encryption Standard (AES) being used by CSPs may be broken with quantum computers. Therefore, there is need for a hybrid scheme that will withstand powerful attacks as well. The invention has three different schemes combined catering to the needs of different kinds of data such as structured, unstructured and semi-structured. The first security scheme is based on symmetric encryption which is meant for encryption and decryption. The second scheme is for secure key exchange and third scheme is for secure outsourcing of data to relational database where it allows changes to data directly on the encrypted and outsourced data. The first scheme is for both unstructured and semi-structured data while the third scheme is for structured data. The second scheme is only for lightweight and secure key agreement between two parties. The combination of all the three schemes result in a hybrid security scheme that protects big data. The scheme is the combination of the three parts namely ML-HES, E-ECDH and HE-DD.
The objectives of this invention
The objective of the present invention is to provide a hybrid security scheme that combines three other schemes known as ML-HES, E-ECDH and HE-DD. With the hybrid approach the invention provides complete security to big data that is in the form of structure, unstructured and semi-structured data.
Background of the Invention
Many security schemes came into existence for cloud data security. Especially for securing big data AES and RSA are widely used.(Lee et al, [2018], 27th Wireless and Optical Communication Conference (WOCC), p1-5) AES for cloud data security under the cloud named Heroku. Their security mechanism divides a file into number of blocks and encrypt it prior to sending to cloud. They found that AES was capable of securing data. (Tamilselvi.S. [2017]. International Journal of Advanced Networking and Applications. 8 (5), p124-127.) also used AES for data security in cloud. They found the utility of the AES for cloud based storage. (Delfin et al, [2018],International Research Journal of Engineering and Technology. 5 (10), p1189-1192.) proposed a system for outsourcing data with security using AES based solution. They described system with multiple modules implemented. The application of AES with the cloud storage was found to be effective and reliable. (Md Rifat Bin Emdad and Md Shahin Khan. [2019]. International Journal of Software & Hardware Research in Engineering. 7 (5), p49-53) also investigated AES and its modus operandi in order to have better security to cloud storage. They proposed a methodology for systematic application of security to the big data being outsourced to cloud. (Bhupendra Kumaret et al,[2016]. International Journal of Advanced Technology and Engineering Exploration. 3 (17), p43-49) used 128 bit AES for cloud storage. They found that AES was faster than other security schemes.
To overcome the above problem hybrid security scheme that combines three other schemes known as ML-HES, E-ECDH and HE-DD. With the hybrid approach the invention provides complete security to big data that is in the form of structure, unstructured and semi-structured data.
Description of Prior Art
The present invention is a hybrid security scheme for protecting big data that is outsourced to public cloud. The solution is associated with cloud computing infrastructure where Infrastructure as a Serviceis described in one of the united states patent (US7657898B2) (IaaS) layer is essential. The invention is meant for preventing all kinds of cyber-attacks. It can handle both internal and external attacks. It leverages the state of the art in providing security to big data when the data is stored in cloud infrastructure, when data is in transit and when data is used by the distributed programming frameworks for analysis or when data is being modified. Moreover, the current invention caters to the needs of big data characteristics. For instance, it supports all kinds of data such as structured, unstructured and semi-structured. The invention has three different schemes that take care of comprehensive security. ML-HES provides highly secure encoding and decoding services that can withstand attacks even in the emergence of quantum computers. The rationale behind this is that ML-HES has multiple levels of transformations and provision for data integrity and availability (reconstructs data even some part is lost). E-ECDH on the other hand provides secure key exchange while ML-HES is used for encoding and decoding. It makes the security scheme lightweight. HE-DD is described in one of the united states patent (US10057057B2) is another scheme that supports encryption of relational data in such a way that the data can be subjected to changes directly without decryption. It makes the system more flexible and useful for users of relational data. The combination of the three schemes form a hybrid scheme that leverages the state of the art.
Summary of the invention
A hybrid security scheme known as ML-HES is built to deal with different characteristics of big data. The scheme has wherewithal to cope with security concerns even in the emergence of quantum computing machines. Different layers present in the encoding process makes the scheme better than simple encryption and decryption mechanisms. The scheme is purely for security to big data. The underlying cryptography is symmetric in nature. However, key exchange is taken care of by E-ECDH. Thus the combination becomes a hybrid that involves both symmetric and asymmetric approaches. E-ECDH is a lightweight scheme that enables secure key exchange. The security thus provided to big data is strong enough to achieve both lightweight key exchange and robust encoding with multiple layers of security. In addition to this, the proposed system also supports dealing with relational data that is managed in pubic cloud. Such data is encrypted with the proposed algorithm known as HE-DD prior to outsourcing data to cloud. However, this algorithm supports data dynamics (data modifications) on the encrypted and outsourced data directly.
Detailed description of the invention
The security mechanisms are built in systematic manner to realize a hybrid security scheme that leverages big data security. Voluminous nature of big data and its variety characteristic with structured, semi-structured and unstructured data (textual only) are analyzed and security is provided. Before describing the final security scheme, the parts involved in the whole scheme are explained here. The hybrid approach includes both symmetric and asymmetric approaches. The former is used for data security while latter is meant for lightweight and secure key exchange. In addition to this, a separate algorithm is defied for dealing relational data where encrypted data is dynamically updated. Towards this end, an algorithm known as Multi-Layered Hybrid Encryption Standard (ML-HES) is defined. It provides multiple layers of security which provides greater level of security than an encryption algorithm alone like Advanced Encryption Standard (AES). The ML-HES is made up of AES for encryption and decryption, Information Dispersal Algorithm (IDA) for having slices of encrypted data which provides data integrity. In case of loss of data also, some of the slices can be used to reconstruct data. Hashing is yet another layer of the ML-HES scheme that helps in hashing of IDA slices that will help data integrity verification.
Now ML-HES is the encoding standard with symmetric cryptography underlying in it. Since big data comes from different sources including IoT devices, it is essential to have a lightweight and secure key sharing scheme (instead of heavyweight RSA). Enhanced Elliptic Curve Diffie Hellman (E-ECDH) is the scheme that is built based the known lightweight key sharing scheme known as ECDH. This scheme is purely for key exchange while ML-HES is for data security. Different kinds of big data can be protected when data is at rest and when data is in transit. The hybrid scheme described above achieves higher level of security in terms of data protection and also secure key management. The hybrid scheme deals with both unstructured and semi-structured data. Another security algorithm known as Homomorphic Encryption based Data Dynamics (HE-DD) is proposed to deal with structured or relational data. This kind of data is modified using DML operations. However, the HE-DD provides a feature to efficiently make changes on the encrypted data directly. There is no need for explicit decryption prior to encrypting data.
4 Claims &5 Figures
Brief Description of the Drawing
The present invention provides high level of security that is lightweight and flexible to protect big data outsourced to cloud. The invention has different schemes as illustrated below.
Figure 1: Illustrates encoding procedure of ML-HES
Figure 2: Illustrates decoding procedure of ML-HES
Figure 3: Illustrates HE-DD scheme
Figure 4: Illustrates the hybrid scheme with integration of the ML-HES, E-ECDH and HE-DD
Figure 5: Stakeholders benefited from the current invention
Detailed Description of Drawings
Referring to Figure 1, the ML-HES scheme is graphically illustrated. The scheme has provision to have encoding process with multiple data transformations. It is made up of AES, information dispersal mechanism and hashing.
Referring to Figure 2, it has provision for decoding as part of ML-HES scheme. It has integrity verification feature. Afterwards, it performs reverse process to hashing, then information dispersal approach is followed in order to get the slices. Then encrypted data is generated.
Referring to Figure 3, it illustrates the HE-DD mechanism. It has key generation process, encryption and decryption procedures. However, the encryption is made in such way that the encrypted data can be modified directly without the need for decryption
Referring to Figure 4, it illustrates the integration of the three schemes such as ML-HES, E-ECDH and HE-DD. In fact, the integration provides the complete picture of the hybrid scheme which is the current invention used to provide high level of security to big data outsourced to cloud.
Referring to Figure 5, the current invention provides high level of security to big data which is lightweight and flexible. There are many stakeholders who are benefited by the current invention.